Sr Systems Engineer - Azure

Responsibilities

• Azure Infrastructure
• Design, deploy, and maintain Azure subscription architecture including management groups, resource groups, and naming and tagging governance across all subscriptions
• Own and administer Azure Virtual Network topology including hub-spoke design, VNets, subnets, NSGs, route tables, and VNet peering aligned to bank security requirements
• Manage IaaS and PaaS resource lifecycle - provisioning, scaling, monitoring, and decommission - with full change management documentation in ServiceNow
• Maintain the documented baseline state of the Azure environment; identify and remediate configuration drift from established standards on a defined cycle
• Serve as the primary technical owner for Azure-dependent infrastructure projects including AXOS Private Cloud and data lake infrastructure initiatives
• Identity and Access Management
• Administer and maintain Entra ID (Azure Active Directory) tenancy health - user lifecycle, group management, application registrations, and service principal governance
• Design, implement, and maintain Conditional Access policies, named locations, sign-in risk policies, and MFA enforcement in alignment with bank security policy and FFIEC guidance
• Manage Privileged Identity Management (PIM) including role activation policy, access reviews for privileged accounts, and just-in-time access configuration
• Monitor and maintain Azure AD Connect synchronization health; resolve sync conflicts; coordinate with the Sr. Architect on hybrid identity topology changes
• Coordinate with the Intune/GPO/Entra sub-team on endpoint compliance integration with Conditional Access and device-based authentication requirements
• Conduct and document semi-annual Azure RBAC assignment reviews and deliver findings to the Audit and Compliance Engineer
• Security and Compliance Posture
• Own Defender for Cloud operational posture - monitor, prioritize, and drive hands-on remediation of high and critical recommendations, not dashboard observation alone
• Manage Azure Policy assignments for baseline compliance enforcement; author and test policy definitions as bank requirements evolve
• Design and maintain RBAC assignments across Azure resources in alignment with least-privilege principles; document all role assignments with business justification
• Produce quarterly Azure security posture reports for the Audit and Compliance Engineer; provide documentation sufficient to satisfy KPMG audit requests related to Azure infrastructure and identity
• Participate as the Azure technical SME in KPMG audit preparation and response
• Maintain working knowledge of FFIEC IT examination guidance and align Azure governance practices accordingly
• Cost Management and Governance
• Own Azure Cost Management analysis, reporting, budget alert configuration, and anomaly detection across all Azure subscriptions
• Enforce tagging policy compliance; identify and remediate untagged or incorrectly tagged resources on a defined cycle
• Provide monthly cost forecasting and variance analysis to the Sr. IT Manager - communicate material spend changes before they appear in billing, not after
• Identify and recommend cost optimization opportunities including right-sizing, reserved instance analysis, and elimination of unused resources
• Automation and Operational Excellence
• Develop and maintain Azure Automation runbooks and PowerShell/Pyth

Benefits

Additional Information

Axos Bank Target Range: $120,000.00 /Yr. - $150,000.00 /Yr. Actual starting pay will vary based on factors including, but not limited to, geographic location, experience, skills, specialty, and education. Eligible for an Annual Discretionary Cash Bonus Target: 10% Eligible for an Annual Discretionary Restricted Stock Units Bonus Target: 10% These discretionary target bonuses may be awarded semi-annually based upon your achievement of performance goals and targets. About This Job Axos Bank is seeking an experienced and technically deep Sr. Microsoft Azure Engineer to join the Microsoft Operations team in San Diego. This is a senior individual contributor role with full ownership of the Azure cloud platform and a primary partnership role alongside our Sr. Engineer and Technology Architect covering the broader Microsoft environment. This is not a ticket-closing role. You will own the Azure platform, infrastructure, identity governance, security posture, cost management, and operational automation for a federally regulated financial institution. You will serve as technical peer and backup to our Sr. Architect, coordinate with sub-team leads covering identity, endpoint, and messaging domains, and play a direct role in positioning the team to support the bank's growing AI and data lake initiatives. The right candidate is a well-rounded senior engineer who has operated in a regulated environment, brings genuine depth in both Azure infrastructure and Microsoft identity, and treats operational discipline, ticketing, documentation, change management, as a professional standard rather than an administrative requirement

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at axos? Share your experience