Job Summary 

Samtek Inc is seeking a skilled Azure Cloud Engineer to join a high-impact team delivering secure, compliant, and scalable Azure solutions for the Centers for Medicare & Medicaid Services (CMS). This is a hands-on engineering role focused on building, automating, and operating Azure Government (GCC High) environments while supporting large-scale migrations and cloud-native modernization of mission-critical healthcare systems.

Key Responsibilities 

• Implement and manage Azure Landing Zones using Enterprise-Scale architecture, Bicep, Terraform, and Azure Policy 
• Deploy and configure Azure governance frameworks (Management Groups, Azure Policy, Blueprints, Resource Graph, tagging, cost management) 
• Build and maintain infrastructure-as-code (IaC) repositories using Bicep, Terraform Enterprise/Cloud, ARM templates, and Azure CLI/PowerShell 
• Execute cloud migration waves (rehost, refactor, replatform) with Azure Migrate, Azure Site Recovery (ASR), Database Migration Service (DMS), and Data Box 
• Configure Zero-Trust networking and security controls including Azure Firewall, Private Link, Private Endpoints, VNet peering, ExpressRoute, NSGs, and Azure DDoS Protection 
• Implement and manage identity solutions using Azure Entra ID (formerly AAD), Conditional Access, Privileged Identity Management (PIM), and RBAC 
• Integrate and operate DevSecOps pipelines with Azure DevOps, GitHub Actions, Azure Pipelines, and security tools (Microsoft Defender for Cloud, Sentinel, Prisma Cloud) 
• Automate compliance evidence collection and monitoring using Microsoft Defender for Cloud, Azure Policy, and Sentinel playbooks for FedRAMP High and CMS ARS requirements 
• Support containerized workloads on Azure Kubernetes Service (AKS), Azure Container Apps, and Azure Red Hat OpenShift 
• Troubleshoot production issues, perform root cause analysis, and optimize performance/cost in GCC High environments 
• Contribute to Architecture Review Board (ARB) packages, System Security Plans (SSP), diagrams, and ATO documentation 
• Collaborate daily with cloud architects, security engineers, developers, and CMS stakeholders

Required Skills & Experience 

• 4+ years of hands-on experience building and operating production workloads in Azure (commercial and/or Government) 
• 2+ years working in Azure Government Community Cloud High (GCC High) 
• Strong proficiency in Infrastructure as Code: Bicep (required), Terraform (strong plus), ARM
• Experience deploying and managing Azure Enterprise-Scale Landing Zones 
• Solid understanding of Azure networking (VNet, Private Link, Firewall, ExpressRoute, VPN
• Hands-on experience with Azure DevOps (Repos, Pipelines, Boards) and GitHub Actions 
• Familiarity with Microsoft Defender for Cloud, Azure Policy, Sentinel, and Log Analytics 
• Scripting and automation skills: PowerShell (required), Python or Bash (plus) 
• U.S. citizenship and ability to obtain and maintain CMS Public Trust clearance

Preferred Qualifications 

• Active Microsoft certifications: 
• • Azure Administrator Associate (AZ-104) 
  • Azure Solutions Architect Expert (AZ-305) or DevOps Engineer Expert (AZ-400) 
  • Azure Security Engineer Associate (AZ-500) 
• Experience with CMS MARS-E, CMS ARS, FedRAMP High, or NIST 800-53 control implementation 
• Prior work on CMS contracts (SPARC, ESIM, EPMO, XLC) 
• Knowledge of Azure Health Data Services, FHIR APIs, Synapse Analytics, or Databricks 
• Experience with AKS, Azure Arc, or Azure Stack HCI 
• Active Public Trust clearance or higher

Other Requirements 

• Must have resided in the U.S. for at least 3 of the last 5 years 
• Must be eligible for CMS Public Trust clearance 
• No visa sponsorship available