Sr Systems Engineer - Azure

Axos Bank

Target Range:

$120,000.00 /Yr. - $150,000.00 /Yr.

Actual starting pay will vary based on factors including, but not limited to, geographic location, experience, skills, specialty, and education.

Eligible for an Annual Discretionary Cash Bonus Target: 10%

Eligible for an Annual Discretionary Restricted Stock Units Bonus Target: 10%

These discretionary target bonuses may be awarded semi-annually based upon your achievement of performance goals and targets.

About This Job

Axos Bank is seeking an experienced and technically deep Sr. Microsoft Azure Engineer to join the Microsoft Operations team in San Diego. This is a senior individual contributor role with full ownership of the Azure cloud platform and a primary partnership role alongside our Sr. Engineer and Technology Architect covering the broader Microsoft environment.
This is not a ticket-closing role. You will own the Azure platform, infrastructure, identity governance, security posture, cost management, and operational automation for a federally regulated financial institution. You will serve as technical peer and backup to our Sr. Architect, coordinate with sub-team leads covering identity, endpoint, and messaging domains, and play a direct role in positioning the team to support the bank's growing AI and data lake initiatives.
The right candidate is a well-rounded senior engineer who has operated in a regulated environment, brings genuine depth in both Azure infrastructure and Microsoft identity, and treats operational discipline, ticketing, documentation, change management, as a professional standard rather than an administrative requirement

Responsibilities:

Azure Infrastructure

• Design, deploy, and maintain Azure subscription architecture including management groups, resource groups, and naming and tagging governance across all subscriptions
• Own and administer Azure Virtual Network topology including hub-spoke design, VNets, subnets, NSGs, route tables, and VNet peering aligned to bank security requirements
• Manage IaaS and PaaS resource lifecycle — provisioning, scaling, monitoring, and decommission — with full change management documentation in ServiceNow
• Maintain the documented baseline state of the Azure environment; identify and remediate configuration drift from established standards on a defined cycle
• Serve as the primary technical owner for Azure-dependent infrastructure projects including AXOS Private Cloud and data lake infrastructure initiatives

Identity and Access Management

• Administer and maintain Entra ID (Azure Active Directory) tenancy health — user lifecycle, group management, application registrations, and service principal governance
• Design, implement, and maintain Conditional Access policies, named locations, sign-in risk policies, and MFA enforcement in alignment with bank security policy and FFIEC guidance
• Manage Privileged Identity Management (PIM) including role activation policy, access reviews for privileged accounts, and just-in-time access configuration
• Monitor and maintain Azure AD Connect synchronization health; resolve sync conflicts; coordinate with the Sr. Architect on hybrid identity topology changes
• Coordinate with the Intune/GPO/Entra sub-team on endpoint compliance integration with Conditional Access and device-based authentication requirements
• Conduct and document semi-annual Azure RBAC assignment reviews and deliver findings to the Audit and Compliance Engineer

Security and Compliance Posture

• Own Defender for Cloud operational posture — monitor, prioritize, and drive hands-on remediation of high and critical recommendations, not dashboard observation alone
• Manage Azure Policy assignments for baseline compliance enforcement; author and test policy definitions as bank requirements evolve
• Design and maintain RBAC assignments across Azure resources in alignment with least-privilege principles; document all role assignments with business justification
• Produce quarterly Azure security posture reports for the Audit and Compliance Engineer; provide documentation sufficient to satisfy KPMG audit requests related to Azure infrastructure and identity
• Participate as the Azure technical SME in KPMG audit preparation and response
• Maintain working knowledge of FFIEC IT examination guidance and align Azure governance practices accordingly

Cost Management and Governance

• Own Azure Cost Management analysis, reporting, budget alert configuration, and anomaly detection across all Azure subscriptions
• Enforce tagging policy compliance; identify and remediate untagged or incorrectly tagged resources on a defined cycle
• Provide monthly cost forecasting and variance analysis to the Sr. IT Manager — communicate material spend changes before they appear in billing, not after
• Identify and recommend cost optimization opportunities including right-sizing, reserved instance analysis, and elimination of unused resources

Automation and Operational Excellence

• Develop and maintain Azure Automation runbooks and PowerShell/Python scripts for operational task automation; prioritize progressive elimination of manual repetitive processes
• Configure and maintain Azure Monitor alerts, Log Analytics workspaces, and operational dashboards for infrastructure health and performance visibility
• Author and maintain runbook documentation for all operational procedures within the Azure domain — sufficient for another senior engineer to execute independently
• Participate in quarterly cross-team cross-training; contribute at least one procedural training session per cycle

Architectural Partnership

• Serve as primary backup to the Sr. Engineer and Technology Architect for Azure decisions, architecture reviews, and cross-domain escalation during periods of unavailability
• Partner with the Sr. Engineer and Technology Architect on changes to hybrid identity topology, Entra tenant configuration, and Azure AD Connect sync rules — this is a genuine peer relationship with shared architectural ownership, not a sign-off chain
• Contribute to architectural discussions, design reviews, and platform standards development as a senior technical voice on the Microsoft Operations team
• Participate in the weekly leads synchronization meeting and contribute Azure platform status, blockers, and capacity to the standing agenda

ServiceNow and Change Management

• You believe that undocumented work did not happen. Every change, request, incident, and proactive task gets a ServiceNow ticket before execution — full stop
• Complete ServiceNow change requests for all Standard, Normal, and Emergency changes including full description, rollback plan, and approval routing per change management policy
• Maintain change records with sufficient technical detail to serve as KPMG audit evidence
• Author ServiceNow knowledge base articles for any procedure that required meaningful effort to develop, debug, or resolve — the team does not re-solve the same problem twice

Requirements:

• Bachelor's degree in Computer Science, Information Technology, Information Systems, or a directly related field; OR equivalent combination of education and verifiable professional experience

• 7+ years of hands-on, production-environment experience administering and engineering Microsoft Azure infrastructure and Microsoft identity technologies
• 5+ years administering Active Directory Domain Services in a multi-domain enterprise environment — Group Policy, OU structure, trust relationships, and schema-level understanding
• 4+ years with Entra ID (Azure Active Directory) including Conditional Access policy authoring, PIM configuration, and Azure AD Connect sync administration in a hybrid identity environment
• 3+ years of experience in a federally regulated industry — banking, financial services, healthcare, or government — with direct exposure to audit processes, change management requirements, and compliance documentation
• Demonstrated experience designing and maintaining Azure Virtual Network topology — hub-spoke architecture, NSG management, and on-premises connectivity
• Demonstrated experience with Defender for Cloud and Azure Policy including hands-on security recommendation remediation — not limited to monitoring
• Demonstrated experience with Azure Cost Management including budget configuration, cost anomaly detection, and spend forecasting across multiple subscriptions
• Proficiency in PowerShell scripting for Azure and Active Directory automation — scripts that are maintainable and executable by other engineers

Required Certification

• Microsoft Certified: Azure Administrator Associate (AZ-104)

Axos Employee Benefits May Include:

About Axos

Born digital-first, Axos delivers financial tools and services that allow individuals, small businesses, and companies to access and manage their money how, when, and where they want. We’re a diverse team of dynamic, insightful, and independent innovators who are excited to provide technology-driven solutions that offer unbeatable value to our customers.

Axos Financial is our holding company and is publicly traded on the New York Stock Exchange under the symbol "AX" (NYSE: AX).

Learn more about working at Axos

Pre-Employment Background Check and Drug Test:

All offers are contingent upon the candidate successfully passing a credit check, criminal background check, and pre-employment drug screening, which includes screening for marijuana. Axos Bank is a federally regulated banking institution. At the federal level, marijuana is an illegal schedule 1 drug; therefore, we will not employ any person who tests positive for marijuana, regardless of state legalization.

Equal Employment Opportunity:

Axos is an Equal Opportunity employer. We are committed to providing equal employment opportunities to all employees and applicants without regard to race, religious creed, color, sex (including pregnancy, breast feeding and related medical conditions), gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship status, military and veteran status, marital status, age, protected medical condition, genetic information, physical disability, mental disability, or any other protected status in accordance with all applicable federal, state, and local laws.

Job Functions and Work Environment:

While performing the duties of this position, the employee is required to sit for extended periods of time. Manual dexterity and coordination are required while operating standard office equipment such as computer keyboard and mouse, calculator, telephone, copiers, etc.

The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.

E-Verify and Right to Work Notices

Axos participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States. The E-Verify program is an internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services.

IER Right to Work Poster (English/Spanish)

E-Verify Participation Poster (English/Spanish)