Sr. Cloud Platform Engineer

Job Description
Amazing Career Moments Happen Here
The best work happens when smart people move fast, together. At Applied, we've spent 40+ years building technology that solves real problems for insurance professionals, and we're not slowing down. We're pushing what's possible in Insurtech and doing it inside a culture built on trust, inclusion, and growth.
The Role at a Glance
Role: Senior Cloud Platform Engineer
Team: Corporate IT
Location: Remote
Opportunity for Impact
We're looking for a Senior Cloud Platform Engineer to join our Corporate IT and make a real difference for the people who depend on our products every day. This role owns our cloud platform across Azure (primary) and Google Cloud Platform (GCP), with strong preferred experience in AWS. You will design, build, and operate cloud-native infrastructure at enterprise scale - including landing zone automation, Kubernetes platforms, secrets management, hybrid networking, and application delivery pipelines. If you thrive in a fast-paced, collaborative environment and are passionate about driving business outcomes through cloud excellence and AI-augmented engineering, we want to hear from you
What You'll Do
Cloud Infrastructure & Architecture

• Design, build, and maintain scalable, secure, and highly available environments across Azure (primary) and GCP, with working knowledge of AWS
• Own landing zone design and automation for both Azure and GCP - including organization hierarchy, resource naming standards, IAM governance, and policy enforcement
• Design and operate production-grade Kubernetes environments (AKS and GKE) including multi-tenant cluster strategies, workload identity, pod security standards, autoscaling, resiliency, cost optimization, and Helm-based application deployment
• Build and operate the GCP Project Factory for standardized, automated provisioning of GCP projects, IAM bindings, service accounts, and GitLab integration
• Define and enforce cloud resource naming conventions, project labeling standards, and organizational tagging policies aligned with FinOps and cost allocation requirements

Infrastructure as Code & Automation

• Develop and maintain Terraform modules for Azure and GCP resource provisioning (AWS IaC a plus), ensuring reusable, version-controlled infrastructure
• Build and manage CI/CD pipelines (GitLab CI, Azure DevOps, Cloud Build, or equivalent) for automated infrastructure and application deployment, including container build, Artifact Registry publishing, and Cloud Run / GKE delivery patterns
• Own and evolve the Ansible AWX automation platform (currently running on AKS) - develop and maintain playbooks and roles to automate system configuration, application setup, and operational workflows
• Administer and evolve the CloudBolt Cloud Management Platform (CMP) for multi-cloud resource provisioning, governance, cost visibility, and self-service workflows
• Develop automation scripts using Python, Bash, or PowerShell to streamline operational tasks
• Leverage AI tools including Claude to accelerate Infrastructure as Code development, runbook creation, and documentation - and help the broader team adopt these workflows effectively

Operations & Reliability

• Implement and manage monitoring, alerting, and observability solutions using Google Cloud Monitoring, Azure Monitor, Cloud Logging, SigNoz, and DataDog
• Develop and maintain runbooks and playbooks to guide incident response; perform root cause analysis (RCA) and document findings
• Respond to escalated infrastructure service desk tickets and resolve complex cloud-related issues

Security & Compliance

• Design, operate, and secure enterprise-grade secrets management using HashiCorp Vault across cloud and hybrid environments, including Vault role management and CI/CD pipeline integration
• Implement and enforce cloud security controls across Azure (Managed Identity, Private Endpoints, NSG) and GCP (VPC Service Controls, Workload Identity, Binary Authorization, Secret Manager), including workforce and workload identity federation with external IdPs
• Partner with the Information Security organization to identify, prioritize, and remediate cloud security vulnerabilities

Hybrid Connectivity

• Design and maintain hybrid network connectivity between Azure and GCP, including VPN tunnels, FMC/FTD integration, and cross-cloud routing
• Design and implement hub-spoke network topologies with multi-region CIDR schemas supporting phased regional expansion
• Assist network design including VPC architecture, Shared VPC, Cloud Interconnect, Cloud NAT, and firewall policy management across both platforms

Disaster Recovery & Business Continuity

• Define and implement disaster recovery strategies for cloud-hosted workloads across Azure and GCP
• Conduct periodic DR drills and document recovery time/point objectives (RTO/RPO)
• Collaboration & Documentation
• Create and maintain thorough infrastructure documentation, architecture diagrams, and operational guides - owning the cloud knowledge base for the team
• Collaborate cross-functionally with application teams, security, DevOps, and leadership to align infrastructure with business goals
• Mentor engineers and promote cloud best practices across the team

What We're Looking For
If this role sounds like the right next move, we'd love to hear from you. You might bring:

• High School diploma required; BA/BS degree in Computer Science, Information Technology, or related field preferred
• 7+ years of experience as a senior engineer in a mid-to-large-scale enterprise environment
• 4+ years of hands-on, production-grade experience with Azure at enterprise scale (required)
• 3+ years of hands-on, production-grade experience with Google Cloud Platform (required)
• AWS experience strongly preferred; candidates with deep Azure + GCP and meaningful AWS exposure will be prioritized

Cloud Platforms
Platforms are listed in priority order:

• Azure (Primary): AKS, Azure Networking (vHub, NSG, App Gateway, Private Endpoints, VPN), Landing Zone automation, Azure DevOps/GitLab CI, Terraform IaC, SPN/Managed Identity, Azure Storage
• Google Cloud Platform (Secondary): GKE, Cloud Run, Cloud SQL, BigQuery, VPC, IAM, Artifact Registry, Cloud Monitoring, Vertex AI
• AWS (Strongly Preferred): Core services familiarity (EC2, EKS, VPC, IAM, S3); ability to operate or support AWS workloads alongside Azure/GCP

Technical Skills - Required

• Terraform: Production IaC modules for Azure and GCP (AWS IaC a plus)
• CI/CD: GitLab CI, Azure DevOps, Cloud Build, or Jenkins
• Kubernetes: AKS and/or GKE at production scale - multi-tenant clusters, Helm, workload identity, pod security
• HashiCorp Vault: Enterprise secrets management, Vault role administration, CI/CD pipeline integration
• Ansible / AWX: Playbook development and AWX automation platform operation
• Scripting & Automation: Python and/or Bash for infrastructure automation
• Networking: VPC design, BGP, DNS, load balancing, hub-spoke topologies, and hybrid connectivity
• IAM & Security: Org policies, Managed Identity, Workload Identity Federation, VPC Service Controls, workforce identity federation with external IdPs
• Monitoring & Observability: Google Cloud Monitoring, Azure Monitor, Cloud Logging, DataDog, and/or SigNoz

Bonus points if you also have:

• AWS certifications or hands-on project experience
• Azure certifications (AZ-104, AZ-305) or GCP Professional Certifications (Cloud Architect, Cloud DevOps Engineer)
• Linux system administration
• Kubernetes advanced operations (Autopilot, multi-cluster, service mesh)
• CloudBolt CMP: cloud management platforms for multi-cloud governance, FinOps reporting, and self-service provisioning
• Tines or similar workflow automation platforms
• BigQuery and data platform support experience
• Experience with API-driven automation (Google APIs, Microsoft Graph, Jira, Okta)
• Data center migration experience

Talent shows up in a lot of different ways, and we mean that. We welcome candidates from all backgrounds and experience levels, including military members and their spouses and those without a traditional degree or tech background. If this role speaks to you, apply.
Why You'll Like Working Here
Our people-first culture means you're seen, supported, and set up to grow. We work across flexible models because we trust our teams to deliver, not just show up. You'll collaborate with people who care about the work and each other, and you'll have leaders who are invested in where you're headed.
How We'll Support You
We invest in the whole person, not just the role. Our benefits and resources are built to support your health, your time, and your life outside of work:

• Medical, Dental, and Vision Coverage

• Holiday and Vacation Time

• Health & Wellness Days

• A Bonus Day for Your Birthday

Compensation Transparency
Our targeted starting base salary in the United States for this position ranges from 100K -160K USD. We take a thoughtful, consistent approach to compensation and consider a variety of factors, including depth and breadth of experience, skills and role scope. Depending on the role, team members may also be eligible for additional compensation plans (bonus and commission).
Your Security Matters:
Our candidates' personal information and online safety are top of mind. Applied communicates with candidates only via a secure @appliedsystems.com email address or through our official careers portal. Recruiters will never request payments or ask for financial account or sensitive personal information like Social Security numbers.
AI Utilization
We leverage AI tools to streamline parts of our recruitment workflow (such as resume parsing and interview scheduling). However, candidate screening, interviews, and final decisions are always conducted by real humans.
EEO Statement
Applied Systems is proud to be an Equal Employment Opportunity Employer. Diversity and Inclusion is a business imperative and is a part of building our brand and reputation. At Applied, we don't discriminate, and we are committed to recruit, develop, retain, and promote regardless of race, religion, color, national origin, sexual orientation, gender identity, disability, age, veteran status, and other protected status as required by applicable law.
#LI-Remote
#LI-US