OneStream is looking for a Cloud DevOps Engineer to lead the design, implementation, and security operations of Azure cloud solutions for our SaaS company. You will focus on advanced networking, FedRAMP compliance, and Infrastructure-as-Code automation.
What You'll Do
- Lead the design, continuous monitoring, implementation, and security operations of Azure cloud solutions, ensuring they meet best practices and comply with FedRAMP High and IL4 requirements.
- Lead team in developing modular Infrastructure-as-Code utilizing Terraform, PowerShell, ARM, Bicep, and YAML.
- Lead projects of moderate complexity to completion, sustaining a high level of reliability for key automated systems.
- Stay up to date with the latest Azure and FedRAMP regulatory changes and industry trends, advising teams on potential impacts.
- Update technical documentation, workflows, and knowledge base articles.
- Provide feedback in pull requests and peer coding reviews.
- Participate in an on-call rotation to support production systems and assist in debugging production problems.
- Mentor others in several technical areas.
- Apply practical use of FedRAMP/SOC controls to assist Compliance and Security teams.
What We're Looking For
- BS/BA in computer science, engineering, or a technology-related field, or equivalent work experience.
- 8+ years of cloud infrastructure experience.
- 2+ years with compliance programs and security control sets such as NIST SP 800-53, FedRAMP High, and IL4, as applied to cloud SaaS, PaaS, and IaaS environments.
- Expert knowledge of Azure networking: VNets/vWAN, subnets, UDRs, routing, peering; ExpressRoute, VPN Gateway, Private Link/Endpoint; Azure Firewall, NSG/ASG, WAF, Application Gateway.
- Hands-on experience implementing network design and firewall configurations for connecting to government networks (BCAP) using Azure Firewall and/or Palo Alto.
- Hands-on experience implementing IPv6 routing and strict egress filtering strategies.
- Ability to translate DISA STIGs and NIST controls into enforceable network guardrails and evidence artifacts.
- Advanced Infrastructure-as-Code experience with Terraform, CloudFormation, Bicep, or ARM templates on Azure, AWS, or GCP.
- Deep knowledge of Configuration Management utilities like Ansible, PowerShell DSC, Chef, and Puppet.
- Advanced understanding of cloud concepts including elasticity, security, and identity management.
- Familiarity with Agile Development methodologies using Jira or Azure DevOps Boards.
- Strong understanding of Azure Kubernetes Services (AKS) with container-based deployment skills or other platforms such as OpenShift, GKS, or EKS.
- Proficient knowledge in Software Development Lifecycles.
- 8+ years of hands-on experience automating processes with PowerShell, Bash, CLI, REST APIs, Python, or ARM Templates; using source control tools like Git, BitBucket, or GitHub; working with Microsoft Azure, AWS, or GCP; and managing Microsoft Windows Server, IIS, Microsoft SQL Server, and Active Directory.
Nice to Have
- Experience working for a cloud service provider (CSP), managed service provider (MSP), or SaaS provider.
- 8+ years of relevant Azure experience deploying and managing with Infrastructure-as-Code concepts.
- Experience with Microsoft Windows Server 2016-2022, IIS, Microsoft SQL Server, and Azure Active Directory.
- Experience with Debian, Ubuntu, or other Linux operating systems.
- Certifications such as Microsoft Certified: Azure Administrator Associate, Azure Solutions Architect Expert, CCNP, CCIE, CISSP, Azure DevOps Engineer Expert, Certified Kubernetes Administrator, ITIL Foundation, Microsoft Certified Professional, or CompTIA Security+/Network+.
Technical Stack
- Infrastructure-as-Code: Terraform, PowerShell, ARM, Bicep, YAML
- Cloud Platforms: Azure, AWS, GCP
- Configuration Management: Ansible, Chef, Puppet
- Source Control & Tools: Git, BitBucket, GitHub, Jira, Azure DevOps Boards
- Containers & Orchestration: AKS, OpenShift, GKS, EKS
- Scripting & APIs: Python, Bash, CLI, REST APIs
- Operating Systems & Databases: Windows Server, IIS, SQL Server, Active Directory, Linux
Team & Environment
You will work well in a small team and be willing to share responsibilities with other team members as needed.
Benefits & Compensation
- Compensation range: $140,000 - $160,000 (applies to US candidates only)
- Vision, Medical, Dental, and Life insurance
- 401K and Retirement Plan
- Vacation Time and Paid Holidays
- Professional Development opportunities
- Short & Long Term Disability coverage
Work Mode
This is a remote position open to candidates located in the USA.
OneStream is an Equal Opportunity Employer.
