Heartland Business Systems

Senior Cloud Infrastructure Engineer

Heartland Business Systems

full-time

Posted on:

Origin:  • 🇺🇸 United States • Wisconsin

Visit company website
AI Apply
Manual Apply

Job Level

Senior

Tech Stack

AnsibleAzureChefCloudCyber SecurityDNSFirewallsJavaScriptLinuxPythonTerraformVMware

About the role

  • Work as a member of the HBS Cloud Architecture Team (CAT) as a leader and contributor that provides consultative and proactive project support to Heartland Business Systems’ (HBS) account base.
  • Collaborate and be a leader across multiple internal teams to ensure successful delivery and timely execution of the scope of work.
  • Research new products for selection, enhance configuration standards and best practices, and educate team members on these products and services to enhance the sales process.
  • Provide senior-level support, maintenance, and administration for customer environments and review for other potential concerns or enhancement opportunities.
  • Assist with the development and implementation of the Azure cloud security architecture for protecting PHI/PII/PCI data deployed into various cloud, hybrid, HBS Cloud, and on-premises systems.
  • Implement and manage security architectures for cloud/hybrid systems.
  • Assess, develop, implement, optimize, and document a comprehensive set of security technologies and processes, data protection, cryptography, key management, identity, and access management (IAM) within SaaS, IaaS, PaaS, and other cloud environments.
  • Work in and always model a positive team atmosphere between regional and virtual practices while maintaining a professional and respectful demeanor.
  • Provide input to the development of career plans and education goals for engineers, including mentoring college Interns or recent college graduates.
  • Create and maintain detailed documentation of past projects to potentially provide time estimates and project scopes for new related projects.
  • Obtain and maintain current vendor/industry specific certifications and stay current on new products and solutions by utilizing networks of resources.
  • Minimum of 1,450 hours (billable + presales) per fiscal year prorated based on start date. These charge hour requirements will be balanced against professional development and on-the-job training.

Requirements

  • 3+ years of experience in a technical-related field.
  • Designing and architecting Microsoft Cloud and Identity solutions – Including but not limited to: Entra ID (EID / Azure AD / AAD) Entra Connect SAML SSO and OpenID Connect (OIDC) Conditional Access Multi-Factor Authentication (MFA) Self-Service Password Reset (SSPR) Password Protection Passwordless Authentication Privileged Identity Management (PIM)
  • Preferred Experience: 3 - 5 years in a technical-related field. 3+ years’ experience working as a consultant.
  • Microsoft Azure Infrastructure: Virtual Machines and Azure Virtual Desktop (AVD) Networking and DNS, including Network Security Groups (NSGs), VPN Gateways, Traffic Managers, Load Balancers, Private Link, and ExpressRoute.
  • Storage Azure Backup, Azure Site Recovery Azure Update Manager Pricing & Cost Management Azure Secure Score
  • Designing and architecting systems-based solutions with a focus on the cloud: IaaS, PaaS, and SaaS.
  • Installing and supporting Microsoft enterprise products, including Active Directory (AD) Domain Services (ADDS).
  • Comprehensive understanding of IP networking protocols, including DNS, static routing, TCP, UDP, and ICMP.
  • Configuring on-premises networking, especially firewalls (Palo Alto, Cisco, and/or Fortinet) – towards creating and supporting site-to-site IKE/IPSEC site-to-site (S2S) VPN connections with Azure environments.
  • Microsoft Intune and Defender for Endpoint / Server: Intune Endpoint Management Endpoint Security Application Management Windows Autopilot Defender for Endpoint (MDfE / MDATP) Defender for Servers Attack Surface Reduction (ASR) rules Secure Score
  • Microsoft Security: Purview – including, but not limited to: Audit, Data Lifecycle Management / Retention Policies, eDiscovery, Data Loss Prevention (DLP), Information Protection (AIP) Defender for Office 365 (MDO / M365D) Defender for Identity (MDI / AATP) Defender for Cloud Defender for Cloud Apps (MCAS / MDCA) Secure Score
  • PowerShell, Python, or other scripting and development background.
  • Azure Sentinel, including Kusto Query Language (KQL).
  • Public Key Infrastructure (PKI), including working with X.509 certificates and CSRs.
  • Orchestration and automation of cloud deployment (Bicep & ARM Templates, Terraform, Chef, Ansible, etc.)
  • Developing and maintaining security architecture for PHI/PII/PCI data in various cloud, hybrid-cloud, HBS Cloud and on-premises systems.
  • Thycotic / Delinea Secret Server Cloud (SSC) – deployment and configuration.
  • Dynamic IP routing protocols, including BGP.
  • Familiarity or experience with Microsoft Exchange, Linux, Cisco (Hyperflex, Nexus, UCS), HPE Nimble, HPE ProLiant, Dell PowerEdge, VMware ESXi, Nutanix, Hyper-V, and Software Defined Networking (SDA, SD-WAN).
  • Experience with Microsoft 365, including Exchange Online, SharePoint, OneDrive, Teams, ConnectWise and Hudu.