Cloud Platform Specialist

The Opportunity

We are seeking a Cloud Platform Specialist to design and build the foundational systems that enable secure, scalable application development across PAE. This role is critical in supporting emerging automation, AI initiatives, and citizen development efforts by creating standardized, production-ready environments and enforcing governance controls that ensure all applications follow consistent security, compliance, and operational standards before reaching production. This includes everything from engineer-built Python tools to AI-enabled workloads.

The Cloud Platform Specialist owns the intake, review, and environment promotion process for citizen- and engineer-developed applications. This role also maintains working-level proficiency in Windows Server, Linux, and Azure IaaS administration to provide operational coverage and secondary support to the Core Services infrastructure team.

---

Who We Are 

PAE is an engineering and design firm that turns complex challenges into reality. By leveraging the latest technologies, we solve problems in unique ways, and our designs enable buildings and communities to be more resilient and efficient. PAE is trusted by our clients in every aspect of a project's lifespan, from idea to occupancy. We set ambitious goals backed by analysis to significantly conserve water and energy while balancing costs and long-term operational needs. As a B Corp, we measure success by the benefits our projects provide to our clients, our communities, and our planet. We embrace innovation, transparency, sustainability, and lifelong curiosity.

---

What You'll Do

System/Process Management

• Design and implement secure, scalable application hosting environments in Azure, including environment segmentation (dev/test/UAT/prod) and isolation strategies
• Establish identity, access, and secrets management patterns across all environments
• Build and maintain CI/CD pipelines for application deployment using Azure DevOps Pipelines and GitHub Actions; standardize release and promotion workflows across environments regardless of pipeline tooling
• Monitor Define and document approved deployment patterns for Power Platform solutions, custom-developed applications including AI-generated and low-code apps, and AI/ML-enabled workloads
• Implement infrastructure as code using Bicep and Terraform for consistent, repeatable environment provisioning; maintain standards for both Microsoft-native and open-source IaC tooling depending on workload requirements
• Define approved patterns for containerized workloads including Docker-based packaging and deployment to Azure Container Apps or AKS; maintain working proficiency in Linux as the primary runtime for containerized and serverless applications
• Define Establish standards for event-driven and serverless compute patterns using Azure Functions and Logic Apps alongside open-source frameworks and runtimes; define approved language runtimes, dependency management practices, and cold-start mitigation approaches
• Ensure logging, monitoring, alerting, and compliance requirements are met by design in all managed environments

Application Platform Governance & Citizen Development Enablement

• Own the citizen development intake, review, and application promotion process; evaluate all citizen and staff-developed applications for security, compliance, and operational supportability before advancement through dev/test/UAT/prod environments
• Define and enforce data classification requirements for all applications and workloads, particularly those integrating with AI services, external APIs, Microsoft 365, or business-critical data sources
• Establish open-source software governance standards for all applications entering the promotion pipeline, including license compatibility review, dependency scanning, and policies governing the use of community-maintained packages in production workloads
• Develop and maintain secure development guidelines and reference materials for non-technical builders covering authentication patterns, data handling, API integration basics, and deployment standards. These guardrails exist to prevent insecure applications from reaching production; they are not a formal training program
• Partner with the integration developer and BIM developer to ensure citizen-developed solutions are compatible with enterprise integration patterns and supportable by Core ServicesDefine production readiness criteria and ensure all deployed applications are supportable by the Service Desk and IT operations teams

Azure AI & Low-Code Governance

• Govern Azure AI Foundry and Azure OpenAI Service access; define approved patterns for AI-enabled workloads including proprietary and open-weight model deployment standards, content filtering configuration, audit logging, and data residency compliance
• Reference established open standards including the OWASP Top 10 for LLM Applications when evaluating AI workload risk and defining guardrails for data flowing into AI services
• Define and maintain Power Platform environment strategy and DLP policy governance, including environment segmentation and access controls for citizen developers
• Establish API management standards for internally developed or citizen-developed applications that expose or consume APIs, including authentication patterns (OAuth2/Entra ID), secret management, connector approval workflows, and OpenAPI specification requirements for internally documented APIs
• Evaluate and approve requests for access to Azure AI Foundry from technical and non-technical staff; define and enforce guardrails for what data is permitted to flow into AI workloads

Infrastructure Support (Secondary Duties)

• Provide Tier 2/3 secondary coverage for Windows Server, Linux, and Azure IaaS operations
• Maintain working-level proficiency in Azure VM administration, storage, and networking sufficient to support team operations during planned or unplanned absences
• Maintain Participate in the execution of IT Service Management (ITSM) controls including incident, problem, and change management; this includes after-hours operations and maintenance
• Participate in audits and rehearsals associated with Information Security, Business Continuity, and Disaster Recovery

What Success Looks Like

• Citizen developers have a clear, low-friction path from idea to production without bypassing security or IT controls
• All production applications, regardless of who built them, follow consistent and secure deployment patterns
• Azure AI Foundry and Power Platform access is governed with defined policies; no ungoverned AI workloads exist in production
• DD Data classification is enforced at the platform level before applications reach production
• Open-source components used in any production application are reviewed, licensed appropriately, and tracked
• Time to deploy new applications decreases while risk and ad hoc IT intervention decrease alongside it

What This Role is Not

• This role is not a full-time systems administrator; primary infrastructure ownership remains with the Core Services team. This role is not responsible for building business applications. This is a platform and governance function: it builds and enforces the systems, standards, and processes that allow others to develop and deploy safely. The secondary infrastructure coverage responsibility is a team depth requirement, not the primary function of the role.

---

What You Bring

• Strong hands-on experience with Microsoft Azure including compute, networking, identity (Entra ID), and security services
• Experience designing and implementing CI/CD pipelines using GitHub Actions or Azure DevOps
• Experience with infrastructure as code tools including Bicep and Terraform
• Familiarity with containerization concepts including Docker and Linux-based runtimes, and their application to Azure-hosted workloads
• Experience reviewing third-party and citizen-developed applications for production readiness, security posture, and operational supportability
• Experience with Power Platform governance including DLP policy configuration, environment strategy, and connector management
• Solid understanding of identity and access management; specifically Azure AD/Entra ID, OAuth2/OIDC, app registrations, and service principals
• Experience governing or operating Azure AI Foundry, Azure OpenAI Service, or equivalent AI/ML platforms in an enterprise environment
• Familiarity with data classification frameworks and their application to cloud workloads and AI pipelines
• Working-level proficiency in Windows Server, Linux, and Azure IaaS administration sufficient to provide team secondary coverage
• Strong verbal and written communication skills with the ability to explain security and governance requirements to non-technical audiences
• Proven problem-solving skills with experience as a key contributor in an IT team
• Preferred: Experience building or operating a formal citizen development governance program, including intake processes and promotion gate criteria
• Preferred: Background in IT platform engineering or site reliability engineering (SRE)
• Preferred: Familiarity with SharePoint Online, SPFx, and Power Platform as a development ecosystem
• Preferred: Experience supporting low-code and no-code development ecosystems with mixed technical skill levels

---

What We Offer 

• Hiring Base Salary Range: $106,000-$147,000 annual 
  • This position is eligible for time and a half overtime pay

The base salary is one component of PAE’s competitive compensation package for employees. We take into consideration a variety of factors including but not limited to skills, abilities, experience, education, credentials, internal equity and geographic location in determining exact salary offered. At PAE, employees are eligible for annual compensation reviews based on performance and business needs. The above range represents PAE's good faith and reasonable estimate of the range of possible compensation at the time of posting. 

In addition, PAE offers a comprehensive benefits package which includes the following: 

• Employer paid health insurance (medical, dental, vision) 
• Annual 401k profit sharing based on company profit for the year and account contribution 
• Professional development reimbursements including state registration and professional association dues 
• Employer paid commuter/parking stipend
• Cell phone stipend 
• Life insurance and disability benefits 
• Hybrid work schedule 
• Employee Assistance Program 
• 9 paid holidays including an additional employee-selected day
• Paid time off for sick leave, family leave, community service, holidays and vacation
• To learn more about our comprehensive benefits package, visit https://www.pae-engineers.com/careers/benefits. This information is provided per the Equal Pay Act

---

Our commitment to pay equity 

PAE is a JUST label certified company; we demonstrate JUST label requirements within pay equity. Pay scales should meet or exceed applicable legislated wage requirements and industry standards and compensate, on the same basis, all individuals performing the same or similar work and work of equal value. We are committed to the principle of pay equity – paying employees equitably for substantially similar work. To learn more about pay equity and our commitments to equitable business practices, you may view our JUST label certification here: Living Future: Just Label Certification. 

To find out more visit our website.

---

What We’re Made Of 

Founded in 1967, PAE is a leading sustainable engineering and consulting firm on a mission to deliver clean air, energy, and water for all. We specialize in mechanical, electrical, and plumbing engineering, building performance analysis, technology design, and lighting design (LUMA). PAE designs some of the nation's highest-performing and most regenerative built environments across the U.S., from Living Buildings to all-electric buildings and beyond. Learn more at pae-engineers.com.

Our portfolio includes over 100 LEED Platinum projects as well as dozens of projects that have either achieved or are pursuing the Living Building Challenge, Passive House, Architecture 2030, Carbon Neutral, Net Zero Energy, and Net Zero Water. 

---

Fine Print 

Please note that resumes received from third party recruiters or agencies will not be accepted unless requested directly by PAE Talent Acquisition and with a prior signed fee agreement. If candidates without a previously signed recruiter fee agreement are submitted, PAE reserves the right to engage with and hire those candidate(s) without any obligation financial or otherwise to the recruiter or agency.

In order to provide equal employment and advancement opportunities to all individuals, employment decisions at PAE will be based on merit, qualifications and abilities. PAE does not discriminate in employment opportunities or practices on the basis of race, color, religion, gender (sex), national origin, age, veteran status, sexual orientation, gender identity, physical characteristics historically associated with race, disability, genetic information or any other characteristic protected by applicable law. 

PAE will make reasonable accommodations for qualified individuals with known disabilities unless doing so would result in an undue hardship. This policy governs all aspects of employment including: selection, job assignment, compensation, discipline, termination and access to benefits and training. 

#LI-hybrid

---