Cloud Engineer - Azure

About Samtek

At Samtek, we're redefining cloud innovation as an engineer-owned and operated, SBA-certified minority-owned small business founded in 2018. Our mission is simple: empower federal agencies and large enterprises with cutting-edge DevSecOps and cloud transformation solutions that drive security, scalability, and speed. From cloud-native application development and platform engineering to robust security implementations, data center migrations, and seamless operations, we deliver modern IT services backed by over 50 years of collective expertise.

We're a diverse, collaborative team that's passionate about pushing the boundaries of technology. Our culture thrives on curiosity, inclusivity, and real impact—whether it's optimizing cloud environments for mission-critical operations or fostering innovation in a supportive, hybrid work setting. Join us to work on high-stakes projects that matter, grow alongside top talent, and be part of a company that's not just building the future of cloud computing, but shaping it.

Samtek: Where engineers lead, and excellence follows.

Samtek Inc is seeking a skilled Azure Cloud Engineer to join a high-impact team delivering secure, compliant, and scalable Azure solutions for the Centers for Medicare & Medicaid Services (CMS). This is a hands-on engineering role focused on building, automating, and operating Azure Government (GCC High) environments while supporting large-scale migrations and cloud-native modernization of mission-critical healthcare systems.

• Implement and manage Azure Landing Zones using Enterprise-Scale architecture, Bicep, Terraform, and Azure Policy 
• Deploy and configure Azure governance frameworks (Management Groups, Azure Policy, Blueprints, Resource Graph, tagging, cost management) 
• Build and maintain infrastructure-as-code (IaC) repositories using Bicep, Terraform Enterprise/Cloud, ARM templates, and Azure CLI/PowerShell 
• Execute cloud migration waves (rehost, refactor, replatform) with Azure Migrate, Azure Site Recovery (ASR), Database Migration Service (DMS), and Data Box 
• Configure Zero-Trust networking and security controls including Azure Firewall, Private Link, Private Endpoints, VNet peering, ExpressRoute, NSGs, and Azure DDoS Protection 
• Implement and manage identity solutions using Azure Entra ID (formerly AAD), Conditional Access, Privileged Identity Management (PIM), and RBAC 
• Integrate and operate DevSecOps pipelines with Azure DevOps, GitHub Actions, Azure Pipelines, and security tools (Microsoft Defender for Cloud, Sentinel, Prisma Cloud) 
• Automate compliance evidence collection and monitoring using Microsoft Defender for Cloud, Azure Policy, and Sentinel playbooks for FedRAMP High and CMS ARS requirements 
• Support containerized workloads on Azure Kubernetes Service (AKS), Azure Container Apps, and Azure Red Hat OpenShift 
• Troubleshoot production issues, perform root cause analysis, and optimize performance/cost in GCC High environments 
• Contribute to Architecture Review Board (ARB) packages, System Security Plans (SSP), diagrams, and ATO documentation 
• Collaborate daily with cloud architects, security engineers, developers, and CMS stakeholders

• 4+ years of hands-on experience building and operating production workloads in Azure (commercial and/or Government) 
• 2+ years working in Azure Government Community Cloud High (GCC High) 
• Strong proficiency in Infrastructure as Code: Bicep (required), Terraform (strong plus), ARM
• Experience deploying and managing Azure Enterprise-Scale Landing Zones 
• Solid understanding of Azure networking (VNet, Private Link, Firewall, ExpressRoute, VPN
• Hands-on experience with Azure DevOps (Repos, Pipelines, Boards) and GitHub Actions 
• Familiarity with Microsoft Defender for Cloud, Azure Policy, Sentinel, and Log Analytics 
• Scripting and automation skills: PowerShell (required), Python or Bash (plus) 
• U.S. citizenship and ability to obtain and maintain CMS Public Trust clearance

• Active Microsoft certifications: 
• • Azure Administrator Associate (AZ-104) 
  • Azure Solutions Architect Expert (AZ-305) or DevOps Engineer Expert (AZ-400) 
  • Azure Security Engineer Associate (AZ-500) 
• Experience with CMS MARS-E, CMS ARS, FedRAMP High, or NIST 800-53 control implementation 
• Prior work on CMS contracts (SPARC, ESIM, EPMO, XLC) 
• Knowledge of Azure Health Data Services, FHIR APIs, Synapse Analytics, or Databricks 
• Experience with AKS, Azure Arc, or Azure Stack HCI 
• Active Public Trust clearance or higher

• Must have resided in the U.S. for at least 3 of the last 5 years 
• Must be eligible for CMS Public Trust clearance 
• No visa sponsorship available