Navitus Health Solutions, LLC

Engineer, Cloud - Archimedes

Location US-MO-Earth City
ID 2025-4867
Category
Archimedes
Position Type
Full-Time
Remote
No

Company

Archimedes

About Us

Archimedes - Transforming the Specialty Drug Benefit - Archimedes is the industry leader in specialty drug management solutions. Founded with the goal of transforming the PBM industry to provide the necessary ingredients for the sustainability of the prescription drug benefit – alignment, value and transparency – Archimedes achieves superior results for clients by eliminating tightly held PBM conflicts of interest including drug spread, rebate retention and pharmacy ownership and delivering the most rigorous clinical management at the lowest net cost. .______________________________________________________________________________________________________________________________________________________________________________________________________. Current associates must use SSO login option at https://employees-navitus.icims.com/ to be considered for internal opportunities.

Pay Range

USD $0.00 - USD $0.00 /Yr.

Work Schedule Description (e.g. M-F 8am to 5pm)

Core Business Hours

Overview

The Engineer, Cloud specializes in architecting and automating secure, scalable Azure environments. This role focuses on designing infrastructure-as-code solutions and is responsible for deploying core Azure services, managing hybrid workloads, and implementing infrastructure-as-code using Terraform, Bicep, and ARM templates. Ensures network security, cost optimization, and high availability across IaaS and PaaS resources. The Engineer ensures high availability, performance, and security across IaaS and PaaS services, including Azure App Services, AKS, SQL, and networking components. Supports observability, incident response, and compliance with regulatory standards through advanced monitoring, security tooling, and ITSM practices.


In addition, the Engineer, Cloud supports observability through telemetry, monitoring, and alerting strategies using Azure-native tools. The Engineer plays a key role in incident response, disaster recovery, and continuous compliance with industry and regulatory standards (e.g., HIPAA, SOC 2, ISO 27001). This position requires cross-functional collaboration with DevOps, Security, Software Engineering, and Compliance teams to drive operational excellence, automation maturity, and audit readiness.

Responsibilities

How do I make an impact on my team?

  • Architect and deploy solutions using core Azure services, including Azure App Services, AKS, Azure SQL, Storage Accounts, Application Gateway, Azure Front Door, and Load Balancers.
  • Design and deploy scalable, secure solutions using core Azure services including App Services, AKS, Azure SQL, Storage Accounts, Application Gateway, Azure Front Door, Load Balancers, and related PaaS/IaaS components.
  • Automate infrastructure provisioning with reusable, version-controlled modules using Terraform, Bicep, and ARM templates, with standardized reusable modules and GitOps practices using Azure DevOps Pipelines.
  • Design scalable Virtual Network (VNet) architectures, including VNet peering, Private Endpoints, Service Endpoints, User Defined Routes (UDRs), Network Security Groups (NSGs), Azure Firewall, and ExpressRoute/VPN Gateway integrations.
  • Manage hybrid workloads, supporting both Azure-native and lift-and-shift workloads across IaaS and PaaS resources.
  • Develop and maintain infrastructure automation scripts using Azure CLI, PowerShell, and Python.
  • Implement and enforce tagging policies, naming standards, resource locks, and subscription-level policies using Azure Policy and Management Groups.
  • Configure and monitor autoscaling, high availability, zone redundancy, and backup/restore for critical services across production and non-production environments.
  • Develop automation tooling using Azure CLI, PowerShell, and Python to streamline provisioning, governance, and operational workflows.
  • Implement governance frameworks using Azure Policy, Management Groups, resource locks, tagging policies, and naming conventions for enterprise-scale environments.
  • Configure high availability and performance features, including autoscaling, zone redundancy, backup and disaster recovery across all critical environments.
  • Lead cost management efforts through Azure Cost Management, budget tracking, right-sizing recommendations, Reserved Instances, and cost anomaly detection.
  • Serve as Tier 2 escalation for complex infrastructure incidents and requests, working closely with operations and support teams.
  • Adopt ITSM best practices, contributing to incident, problem, and change management workflows using Jira Service Management or equivalent tools.
  • Drive cost optimization using Azure Cost Management, budgets, recommendations, and Reserved Instance planning.
  • Act as a Tier 2 escalation point for cloud infrastructure and platform-related incidents and service requests.
  • Manage cloud identity and access using Microsoft Entra ID (formerly Azure Active Directory), including configuration of user roles, enterprise applications, and secure authentication policies.
  • Implement secure external identity integrations using Entra B2B (guest access) and Entra B2C (customer identity), including custom policies, user flows, and application federation.
  • Administer Microsoft Intune for mobile device management (MDM) and mobile application management (MAM), enforcing compliance policies, conditional access, and device posture assessments.
  • Leverage ITSM best practices to support incident, change, and problem management processes.
  • Collaborate with IT and DevOps teams via Jira Service Management and ticketing systems to track work, escalate issues, and drive resolution.
  • Assist in root cause analysis, change approvals, and cross-functional resolution of infrastructure-related production issues.
  • Maintain knowledge base documentation, FAQs, and standard operating procedures for service desk support alignment.
  • Set up and tune observability tools including Azure Monitor, Log Analytics, Application Insights, Network Watcher, and Connection Monitor.
  • Develop Kusto Query Language (KQL) dashboards for operational visibility and alerting.
  • Support incident response and RCA using Activity Logs, Diagnostics Settings, and Change Analysis.
  • Implement secure identity and access management using Azure Active Directory, RBAC, Privileged Identity Management (PIM), Conditional Access, and Managed Identities.
  • Secure secrets and certificates using Azure Key Vault with access policies and key rotation.
  • Support SSO and OAuth2/OpenID Connect configurations for internal and external applications registered in Entra ID, managing permissions, scopes, and consent frameworks.
  • Configure Microsoft Defender for Cloud, Azure Security Center, Just-in-Time VM Access, and Sentinel integrations for threat detection and response.
  • Apply best practices aligned to the Azure Security Benchmark and Well-Architected Framework.
  • Ensure infrastructure compliance for regulatory standards such as HIPAA, SOC 2, and ISO 27001, and maintain an audit-readiness posture.
  • Participate in, adhere to and support compliance and diversity, equity, and inclusion program objectives.
  • Other duties as assigned.

Qualifications

What our team expects from you?

  • Education: Bachelor’s degree or equivalent work experience required.
  • Certification/Licenses: Microsoft certifications such as Azure Solutions Architect Expert, Azure Administrator Associate, or Azure Security Engineer Associate preferred.
  • Experience:
    • 5+ years of experience in cloud infrastructure, systems engineering, or SRE roles focused on Azure required.
    • Deep experience with Azure resource design, automation, and deployment strategies using Terraform, Bicep, and/or ARM required.
    • Proficient in scripting with PowerShell, Azure CLI, or Python for automation and diagnostics.
    • Strong understanding of Azure networking, firewalls, DNS, load balancing, and hybrid connectivity solutions required.
    • Hands-on experience with Azure-native observability tools and ability to craft KQL-based dashboards and alerts required.
    • Solid grasp of RBAC, identity federation, Key Vault, and platform security controls required.
    • Familiarity with governance structures including Management Groups, Blueprints, and Policy Definitions required.
    • Experience supporting AKS, Azure Functions, or containerized workloads in production preferred.
    • Familiarity with DevSecOps pipelines using Azure DevOps, integrating security, compliance, and testing stages preferred.
    • Experience with Zero Trust architecture, Microsoft Entra, and Conditional Access Policies preferred.
    • Skills & Technologies
      • Compute & Platform: Azure VMs, App Services, AKS, Azure Functions, Virtual Desktop
      • Infrastructure as Code: Terraform, Bicep, ARM, Azure CLI, PowerShell
      • Networking: VNets, NSGs, UDRs, Azure Firewall, VPN Gateway, ExpressRoute, App Gateway, Front Door, Private Link
      • Monitoring & Logging: Azure Monitor, Application Insights, Log Analytics, KQL, Network Watcher
      • Security & Identity: Azure AD, RBAC, Key Vault, Defender for Cloud, PIM, Conditional Access
      • Automation & CI/CD: Azure DevOps Pipelines, GitHub Actions, scripting (PowerShell, Python), Runbooks
      • Governance & Cost: Azure Policy, Management Groups, Cost Management, Azure Blueprints
      • Version Control: Git (Azure Repos, GitHub)

What can you expect from Archimedes? 

  • Top of the industry benefits for Health, Dental, and Vision insurance 
  • 20 days paid time off 
  • 4 weeks paid parental leave 
  • 9 paid holidays 
  • 401K company match of up to 5% - No vesting requirement 
  • Adoption Assistance Program 
  • Flexible Spending Account 
  • Educational Assistance Plan and Professional Membership assistance 
  • Referral Bonus Program – up to $750! 

Location : Address

502 Earth City Expy STE 300

Location : City

Earth City

Location : State/Province

MO

Location : Postal Code

63045

Location : Country

US

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.