Azure Systems Engineer Jobs (NOW HIRING)

Job Summary:
Axos Bank is seeking an experienced and technically deep Sr. Microsoft Azure Engineer to join the Microsoft Operations team in San Diego. This role involves full ownership of the Azure cloud platform, focusing on infrastructure, identity governance, security posture, cost management, and operational automation for a federally regulated financial institution.
Responsibilities:
• Design, deploy, and maintain Azure subscription architecture including management groups, resource groups, and naming and tagging governance across all subscriptions
• Own and administer Azure Virtual Network topology including hub-spoke design, VNets, subnets, NSGs, route tables, and VNet peering aligned to bank security requirements
• Manage IaaS and PaaS resource lifecycle — provisioning, scaling, monitoring, and decommission — with full change management documentation in ServiceNow
• Maintain the documented baseline state of the Azure environment; identify and remediate configuration drift from established standards on a defined cycle
• Serve as the primary technical owner for Azure-dependent infrastructure projects including AXOS Private Cloud and data lake infrastructure initiatives
• Administer and maintain Entra ID (Azure Active Directory) tenancy health — user lifecycle, group management, application registrations, and service principal governance
• Design, implement, and maintain Conditional Access policies, named locations, sign-in risk policies, and MFA enforcement in alignment with bank security policy and FFIEC guidance
• Manage Privileged Identity Management (PIM) including role activation policy, access reviews for privileged accounts, and just-in-time access configuration
• Monitor and maintain Azure AD Connect synchronization health; resolve sync conflicts; coordinate with the Sr. Architect on hybrid identity topology changes
• Coordinate with the Intune/GPO/Entra sub-team on endpoint compliance integration with Conditional Access and device-based authentication requirements
• Conduct and document semi-annual Azure RBAC assignment reviews and deliver findings to the Audit and Compliance Engineer
• Own Defender for Cloud operational posture — monitor, prioritize, and drive hands-on remediation of high and critical recommendations, not dashboard observation alone
• Manage Azure Policy assignments for baseline compliance enforcement; author and test policy definitions as bank requirements evolve
• Design and maintain RBAC assignments across Azure resources in alignment with least-privilege principles; document all role assignments with business justification
• Produce quarterly Azure security posture reports for the Audit and Compliance Engineer; provide documentation sufficient to satisfy KPMG audit requests related to Azure infrastructure and identity
• Participate as the Azure technical SME in KPMG audit preparation and response
• Maintain working knowledge of FFIEC IT examination guidance and align Azure governance practices accordingly
• Own Azure Cost Management analysis, reporting, budget alert configuration, and anomaly detection across all Azure subscriptions
• Enforce tagging policy compliance; identify and remediate untagged or incorrectly tagged resources on a defined cycle
• Provide monthly cost forecasting and variance analysis to the Sr. IT Manager — communicate material spend changes before they appear in billing, not after
• Identify and recommend cost optimization opportunities including right-sizing, reserved instance analysis, and elimination of unused resources
• Develop and maintain Azure Automation runbooks and PowerShell/Python scripts for operational task automation; prioritize progressive elimination of manual repetitive processes
• Configure and maintain Azure Monitor alerts, Log Analytics workspaces, and operational dashboards for infrastructure health and performance visibility
• Author and maintain runbook documentation for all operational procedures within the Azure domain — sufficient for another senior engineer to execute independently
• Participate in quarterly cross-team cross-training; contribute at least one procedural training session per cycle
• Serve as primary backup to the Sr. Engineer and Technology Architect for Azure decisions, architecture reviews, and cross-domain escalation during periods of unavailability
• Partner with the Sr. Engineer and Technology Architect on changes to hybrid identity topology, Entra tenant configuration, and Azure AD Connect sync rules — this is a genuine peer relationship with shared architectural ownership, not a sign-off chain
• Contribute to architectural discussions, design reviews, and platform standards development as a senior technical voice on the Microsoft Operations team
• Participate in the weekly leads synchronization meeting and contribute Azure platform status, blockers, and capacity to the standing agenda
• You believe that undocumented work did not happen. Every change, request, incident, and proactive task gets a ServiceNow ticket before execution — full stop
• Complete ServiceNow change requests for all Standard, Normal, and Emergency changes including full description, rollback plan, and approval routing per change management policy
• Maintain change records with sufficient technical detail to serve as KPMG audit evidence
• Author ServiceNow knowledge base articles for any procedure that required meaningful effort to develop, debug, or resolve — the team does not re-solve the same problem twice
Qualifications:
Required:
• Bachelor's degree in Computer Science, Information Technology, Information Systems, or a directly related field; OR equivalent combination of education and verifiable professional experience
• 7+ years of hands-on, production-environment experience administering and engineering Microsoft Azure infrastructure and Microsoft identity technologies
• 5+ years administering Active Directory Domain Services in a multi-domain enterprise environment — Group Policy, OU structure, trust relationships, and schema-level understanding
• 4+ years with Entra ID (Azure Active Directory) including Conditional Access policy authoring, PIM configuration, and Azure AD Connect sync administration in a hybrid identity environment
• 3+ years of experience in a federally regulated industry — banking, financial services, healthcare, or government — with direct exposure to audit processes, change management requirements, and compliance documentation
• Demonstrated experience designing and maintaining Azure Virtual Network topology — hub-spoke architecture, NSG management, and on-premises connectivity
• Demonstrated experience with Defender for Cloud and Azure Policy including hands-on security recommendation remediation — not limited to monitoring
• Demonstrated experience with Azure Cost Management including budget configuration, cost anomaly detection, and spend forecasting across multiple subscriptions
• Proficiency in PowerShell scripting for Azure and Active Directory automation — scripts that are maintainable and executable by other engineers
• Microsoft Certified: Azure Administrator Associate (AZ-104)
Company:
Axos Bank is an online bank that assists consumers and businesses in managing their finances. Founded in 2000, the company is headquartered in San Diego, USA, with a team of 1001-5000 employees. The company is currently Late Stage.