Principal Cloud Engineer

About the role

We are looking for a Principal Cloud Engineer to join our Architecture and Cloud Engineering (ACE) team, reporting to the VP of Architecture and Cloud Engineering. You will be the senior technical voice on the platform that everything else at Auris runs on: our Azure landing zone, our Terraform module catalog, our CI/CD posture, and the workload onboarding paradigm that lets product teams ship safely and quickly. This is a hands-on role for a senior engineer who wants to own platform direction. You will work directly with the VP of Architecture and Cloud Engineering, partner with the Deputy CISO on security posture, and mentor cloud engineers across the broader organization (FTEs, DevPro , and Persistent contributors). The work is high-leverage . The decisions you make on the platform shape how every workload, from HCM to Payroll to internal tooling, gets built and run.

Responsibilities

• Drive landing zone standards - Own the architecture and ongoing evolution of the Auris Azure landing zone across sandbox, dev, test, stage, and prod subscriptions. Per-subscription hub-and-spoke, with zero cross-environment peering, is the operating model.
• Own the Terraform module catalog - Maintain and extend the composable workload modules (workload-base, workload-app, workload- containerapp , workload- sql , workload- keyvault , workload-storage, workload- frontdoor ) that workloads consume. Author new modules as the catalog grows.
• Lead workload onboarding patterns - Define and shepherd the path that new applications take onto the platform. Set the bar for what a production-ready workload looks like at Auris and codify it as reference implementations.
• Own the runner platform - Operate the GitHub Actions runner platform built on KEDA-scaled Azure Container Apps, fronted by a GitHub App for cross-repo automation. Keep it secure, observable, and within cost envelope.
• Partner with security - Work directly with the Deputy CISO on security posture across Defender for Cloud, Azure Policy, Private Endpoints, Key Vault, and Entra controls. Translate SOC 2 and SOX requirements into platform guardrails.
• Mentor engineers across the org - Set the technical example for FTE cloud engineers, DevPro contributors, and Persistent engineers. Code review, pairing, and reference implementations are part of the job, not a side activity.
• Contribute to multi-subscription promotion strategy - Help define how workloads move from dev to test to stage to prod under our sealed-island subscription model, where promotion is CI/CD rather than network peering.
• Lead incident response on platform issues - Be the senior responder when something on the landing zone, runner platform, or shared infrastructure breaks. Drive root cause analysis, remediation, and prevention.
• Leverage AI to accelerate outcomes - Apply AI-assisted tooling to infrastructure code, documentation, and operational workflows, and help the team push the AI ceiling forward.
• What You Bring
• Required
• 8+ years in cloud engineering, with at least 3 years at Principal, Staff, or Lead level
• Deep, hands-on Microsoft Azure across App Service, Azure Container Apps, Azure SQL, Front Door, Key Vault, Defender for Cloud, Azure Policy, networking, and Private Endpoints. AKS exposure optional.
• Production Terraform at scale: module authorship, AzureRM provider 4.x, state management, drift detection, and multi-environment promotion patterns
• GitHub Actions with OIDC federation, self-hosted runner platforms (KEDA-scaled preferred), and GitHub App-based automation for cross-repo workflows
• Hub-and-spoke networking, Private Endpoint design, and DNS architecture (Azure private DNS zones, hub-based forwarders, split-horizon resolution)
• SOC 2 and SOX-aware infrastructure design; PCI-DSS exposure a plus
• Strong written communication. ADRs, runbooks, and design docs are part of the role, not an afterthought.
• Comfort and enthusiasm with AI-assisted tools (Copilot, Claude, Gemini) as part of daily workflow
• Highly Valued
• Experience consolidating dual-cloud (Azure + AWS) footprints, particularly during a carve-out or post-acquisition consolidation
• Cloudflare experience (Tunnels, Workers, Zero Trust). Cloudflare Tunnels is our go-forward ingress standard, replacing Front Door for net-new workloads.
• Acrisure or other large enterprise-tenant Azure operating models: multi-subscription estates, PIM, Entra, and federated identity at scale
• HCM, payroll, or fintech domain background
• Container platform experience, Azure Container Apps preferred, AKS acceptable

Additional Information

About Auris Auris empowers small business clients with tools to foster the growth of their most valuable assets: their people. Serving approximately 60,000 client locations (and growing to 85,000), we deliver Payroll and Human Capital Management (HCM) SaaS solutions purpose-built for the SMB market. Headquartered in Oklahoma City, OK, we are in an exciting period of growth, platform modernization, and infrastructure transformation.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Acrisure? Share your experience