Cloud Platform Principle Engineer (Kubota Credit Corporation)

The Principal Cloud Platform Engineer will serve as the technical authority for enterprise cloud platform architecture and implementation across the organization’s Azure environment. This role is responsible for establishing and maintaining the Azure Landing Zone architecture, driving infrastructure automation strategy, and ensuring alignment with security frameworks including CIS Azure Foundations Benchmark and Zero Trust principles.  The Principal Engineer will lead cross-functional initiatives spanning network connectivity, identity management, data platforms, and application landing zones while mentoring engineering teams and establishing technical standards that scale with organizational growth. KEY RESPONSIBILITIESThis position does the following in accordance with all applicable Federal, State and local laws / regulations and the Company’s policies, procedures and guidelines:Architect and maintain enterprise Azure Landing Zone implementations including management groups, policy governance, and subscription vending strategies Design hub-and-spoke network topologies with Azure Firewall Premium, VPN gateways, ExpressRoute, and Private Link integration for hybrid connectivity Establish Infrastructure as Code standards using Terraform, including module development,state management strategies, and drift detection mechanism Lead the design of multi-region disaster recovery architectures leveraging Azure Site Recovery, geo-redundant storage, and automated failover orchestration Define and implement Azure Policy and Governance frameworks ensuring compliance with CIS Microsoft Azure Foundations Benchmark and regulatory requirements Architect identity and access management solutions using Microsoft Entra ID, Privileged Identity Management (PIM), and RBAC strategies across platform and application landing zones Design and implement CI/CD pipeline architectures using Azure DevOps with security gates, automated testing, and approval workflows Lead platform observability strategy including Log Analytics Workspace design, diagnostic settings, Azure Monitor alerting, and centralized audit logging Collaborate with data engineering teams on Data Platform Landing Zone architecture including Microsoft Fabric integration and analytics infrastructure Facilitate integration of modern identity providers (e.g. Auth0 Customer Identity Cloud, Entra ID) with application workloads Provide technical leadership and mentorship to cloud engineering teams, establishing coding standards, review processes, and knowledge sharing practices Evaluate emerging Azure services and capabilities, providing recommendations for platform modernization and optimization Collaborate with security teams on vulnerability management, security posture assessment, and incident response planning Partner with business stakeholders to translate requirements into scalable, secure cloud architectures. Other duties as assigned. QUALIFICATIONS Bachelor’s degree in Computer Science, Information Systems, Engineering, or related discipline and 8 years of cloud platform engineering experience required. In lieu of a degree, High School Diploma or GED and at least 10 years related experience required. Experience architecting and implementing Azure Landing Zones following Microsoft Cloud Adoption Framework Experience with Infrastructure as Code using Terraform at enterprise scale including module development and state management Deep knowledge of Azure networking including Virtual Networks, Azure Firewall, VPN Gateway, ExpressRoute, Private Link, and DNS architecture Experience implementing Azure Policy and Governance at scale across management group hierarchies Experience with Microsoft Entra ID, Privileged Identity Management, Conditional Access, and enterprise RBAC patterns Experience designing CI/CD pipelines in Azure DevOps with YAML templates and secure deployment patterns Strong understanding of security frameworks including CIS Benchmarks, Zero Trust architecture, and defense-in-depth strategies Experience with Azure monitoring and observability including Log Analytics, Azure Monitor, and diagnostic configuration Experience with container technologies including Azure Container Apps, Azure Kubernetes Service, and container registry patterns Technically proficient with Infrastructure as Code: Terraform (primary), ARM Templates, Bicep Technically proficient with CI/CD: Azure DevOps, GitHub Actions Technically proficient with Scripting: PowerShell, Bash, Python Technically proficient with Operating Systems: Linux (Ubuntu, RHEL), Windows Server Technically proficient with Monitoring: Azure Monitor, Log Analytics, Grafana, Application Insights Technically proficient with Version Control: Git, Azure Repos Technically proficient with Collaboration: Confluence, Jira, ServiceNow Technically proficient with Containers: Docker, Azure Container Apps, Kubernetes (preferred) Microsoft certifications such as Azure Solutions Architect Expert (AZ-305), Azure Administrator Associate (AZ-104), or Azure Security Engineer Associate (AZ-500) preferred Experience with Azure Data Platform services including Microsoft Fabric, Azure Data Factory, or Azure Synapse preferred Experience with customer identity platforms such as Auth0, Azure AD B2C, or similar CIAM solutions preferred Experience in financial services, agriculture, or manufacturing industries preferred Technically proficient with Cloud Platforms: Azure (primary), familiarity with AWS or GCP preferred Proficient in the use of MS Office suite. PHYSICAL REQUIREMENTSRequires sufficient personal mobility and physical reflexes, to permit the employee to function in a general office environment and accomplish tasks and duties as outlined above.