Principal, Cloud Engineer
$130,530 - $221,920/Yr
Northern Trust - Tempe, AZ
posted 4 days ago
Full-time - Senior
Tempe, AZ
Securities, Commodity Contracts, and Other Financial Investments and Related Activities
About the position
Northern Trust is seeking a dynamic Principal, Cloud Engineer with an emphasis in Security Architecture, API Management, Automation, and Security Operations to join an organization under managing one of the most security focused areas of the company. This person will have a strong cloud automation engineering background with experience in application integration and APIs. The job will require the right candidate to build, automate, and secure a highly available multi-cloud provider infrastructure environments to protect Northern Trust's cloud-hosted assets and applications. Are you ready for the next step in your career for this exciting opportunity?
Responsibilities
- Principal leader on infrastructure-as-code (IaC) automation (e.g., Terraform) to ensure adoption of highly secured cloud patterns within Northern Trust's secure enclave for system administration.
- Expert in modern software DevOps and CI/CD tooling, such as GitHub, GitHub Actions, ADO, Jenkins, etc., to provision infrastructure resources and prevent configuration drift.
- Acts as senior technical advisor to DevOps and Infrastructure teams working with Cloud Foundation team to ensure that Infrastructure and InfoSec orgs adopt cloud best practices.
- Partner w/ Cloud Foundation Team and Architecture organizations to evaluate new technology options for cloud automation, vendor products to make recommendations to leadership to integrate into DevOps infrastructure frameworks.
- Expert with Terraform Cloud for workspace and state management.
- Collaborate with product, architecture, and other stakeholders to ensure cloud technologies are designed in accordance with product roadmaps and well architected frameworks.
- Investigate and resolve complex cloud infrastructure related issues and recommend and develop solutions to issues and create documentation of reengineering processes as required.
- Participate in IT Service Management (ITSM) change, incident, and general requests for cloud platform support for business as usual (BAU) operations.
- Mentor junior DevOps engineer personnel to ensure team has necessary skill and capabilities.
- Maintain secure branches for Cloud Foundation/Cloud Security team engineered Terraform modules and ensure that.
- Design, develop, and implement CI/CD and configuration management solutions using Azure APIM for API onboarding, deployments, auto-provisioning of security, SLA policies, custom endpoint creation.
- Design, develop and implement integration with API registry platforms - API Center, ServiceNow by parsing metadata from Swagger/OAS formats.
- Design, develop, and implement custom developer portals integrated with APIM.
- Design, develop and implement automated user provisioning, API access request process workflows for consumption governance and auto-provisioning of consuming apps.
- Manage Azure Conditional access and Entra ID synchronization partnering with MS AD team which runs EASE environment.
- Develop, implement, and enforce Policy-as-Code (PaC) for cloud environments (Azure, AWS) to configure, detect, remediate, and enforce security standards.
- Define and implement security policies based upon CIS/NIST industry benchmarks.
- Support remediation of security vulnerabilities using cloud posture management and ITSM tooling in accordance with service level agreements (SLA).
- Manage, configure, enhance, and operate cloud security posture management platforms (e.g., Wiz, Prisma Cloud, etc.) for pre-deployment scanning of IaC code to protect infrastructure.
Requirements
- Bachelor's degree in computer science, engineering, or related technical fields
- 15+ years of technology experience
- 6 to 10+ years cloud computing (Azure, AWS)
- 3 to 5+ years API management and related technologies
- Terraform Infrastructure as Code (IaC) automation
Nice-to-haves
- Heavy emphasis on API Management skills, out of the box thinker
- Experience with Azure networking tools (V-WAN, VNET, BGP, etc.) as well as Marketplace tools including F5, Checkpoint, and other Network Virtual Appliance offerings
- Proven understanding of DevSecOps concepts, and has implemented or working knowledge of using those skills in an already existing framework
- Strong passion for end-to-end DevOps automation via CI/CD pipelines to deploy Infrastructure as Code (IaC) and usage of tools (e.g., ADO, GitHub/Actions, Jenkins, or equivalents).
- Ability to manage infrastructure environments, configurations, and IaC scripts to support application pattern and workflows via self-service automation (e.g., Backstage.io).
- Support all phases of the cloud resource lifecycle management and develop new IaC automation capabilities when new cloud service products are created and business need.
- Strong understanding of the design, implementation and maintenance of network infrastructure in multi-region and multi-cloud environments
- Proficiency in scripting languages: Python, Perl, Ruby, PowerShell, YAML, KQL, other
- Proficiency in waterfall and Agile, Scrum, Kanban, SAFe, etc. delivery methodologies
- Knowledge and experience in testing automation harnesses and frameworks
- Understanding and ability to ensure operational stability and enforcement of security controls via Policy-as-Code and IaC automation.
- Independently managing workload, coordinating priorities with technical leads, and completing deliverables per the processes and standards
- Ability to work independently and manage multiple tasks and projects and maintain day-to-day management and administration of projects in an Agile environment.
Benefits
- 401k and pension
- medical, dental, vision, spending accounts and disability
- paid time off
- parental and caregiver leave
- life & accident insurance
- discretionary bonus program that may include an equity component
