IT020 Azure Engineer

We have an opening on the NASA’s Space and Earth Science Data Analysis (SESDA) contract for an Azure Engineer supporting NASA Science Mission Directorate Cloud (SMDC) in the Computational and Information Sciences and Technology Office (CISTO) at the NASA Goddard Space Flight Center (GSFC) in Greenbelt, MD. The position is fully remote although occasional in-person meetings and conference attendances would be required. The Azure Engineer is responsible for designing, implementing, and managing Azure environments for NASA SMD Science Cloud stakeholders, with a focus on multi-cloud Entra ID integration and Azure best practices. This role will involve working as part of the cross-functional Science Cloud Infrastructure team to ensure that Science Cloud customers can leverage Azure in a secure, compliant, scalable, and cost-effective manner for their science workloads. Responsibilities: Design and implement Entra ID integration with Azure resources. Configure user access, roles, and permissions to ensure secure and compliant access to multi-cloud services. Configure and maintain Entra ID integration with AWS IAM Identity Center and equivalents in other Cloud Service Providers for SSO & SCIM functionality. Design and implement a multi-tenant, multi-subscription Azure environment based on best practices and Science Cloud stakeholder requirements. Create landing zones and governance policies to enforce and monitor standards and compliance. Manage subscription lifecycle, including creation, modification, and deletion. Configure cost management and resource tagging strategies to support FinOps goals across multiple subscriptions. Deploy and manage Azure resources using Infrastructure as Code (IaC) tools. Automate resource provisioning, configuration, and management. Implement backup and disaster recovery capabilities. Implement and maintain Azure observability to monitor resource usage, security posture, performance, and to identify optimization opportunities. Implement security best practices to protect Azure resources from threats utilizing a shared responsibility approach. Ensure compliance with the Science Cloud’s security plan, including vulnerability scanning, intrusion/anomaly detection, and FISMA compliance. Manage security policies, access controls, and auditing. Analyze Azure usage and identify cost-saving opportunities. Collaborate with FinOps team to optimize cloud costs, using strategies like reserved instances, auto-scaling, and workload rightsizing. Diagnose and resolve technical issues related to Azure resources and services. Provide technical support to end-users and application teams. Create and maintain detailed documentation on Azure architectures, policies, and operational processes. Provide guidance and training to internal teams on best practices for Azure infrastructure and Entra ID management. Stay up to date with the latest Azure services, features, and updates, and recommend new solutions to improve the cloud environment. At least 5 years’ experience in cloud architecture and Dev/Ops on Azure, and/or possibly other cloud environments. Production experience with tools such as Terraform, Crossplane, Kubernetes. CI/CD and GitOps experience. Desired: certifications in AZURE and ideally AWS. Ability to work independently and as part of a team. Requirement:

US Citizenship and ability to pass background checks for elevated privileges in government IT environments.

#J-18808-Ljbffr