Senior Cloud Engineer — Azure Governance, Security & DevOps (Multi-Cloud)

Senior Cloud Engineer — Azure Governance, Security & DevOps (Multi-Cloud)

This role has been designated as ‘Remote/Teleworker’, which means you will primarily work from home.

Job Description:

HPE’s Cybersecurity team is where you can do just that! We’re looking for a dynamic and experienced offensive security expert to join our Offensive Security Special Ops team. If you’re passionate about shaping the future of cybersecurity by applying offensive security skills to make defense better, join us!

 

Job Family Definition:

Designs and builds secure system infrastructures and architectures by establishing business requirements, translating them into secure technical solutions, and testing and ensuring the performance and capacity of security solutions.

Management Level Definition:

As a Technical Career Path Expert, the candidate applies advanced subject matter knowledge to solve complex business issues and is regarded as a subject matter expert. Provides expertise and partnership to functional and technical project teams and may participate in cross-functional initiatives. Exercises significant independent judgment to determine best method for achieving objectives. May provide team leadership and mentoring to others.

We are seeking an experienced Senior Cloud Engineer with deep expertise in Azure governance, security and Policy-as-Code combined with strong DevOps tooling (Terraform, CI/CD pipelines). The ideal candidate will lead the design and implementation of cloud security and compliance frameworks, automate policy and infrastructure deployment, and continuously learn and expand their skills to apply these practices across public clouds. This role requires hands‑on experience creating and operationalizing Azure Policies, custom policy development, automated remediation, and implementing Infrastructure‑as‑Code and GitOps workflows.

What you’ll do:

• Design, implement, and maintain enterprise-wide cloud governance and security frameworks in Azure using Policy-as-Code and Infrastructure-as-Code patterns.
• Author, test and deploy built-in and custom Azure Policies (ARM/Bicep/JSON) to enforce security, compliance, tagging, encryption, network and logging standards across subscriptions and tenants.
• Build, manage and optimize Terraform modules/registries and reusable infrastructure code for secure cloud provisioning and drift remediation.
• Implement automated remediation for non-compliant resources using Terraform, Azure Automation Runbooks, Logic Apps or equivalent tooling.
• Create and maintain CI/CD pipelines (Azure DevOps, GitHub Actions) to automate policy and infrastructure promotion from development to production with branching and release strategies.
• Instrument logging and monitoring: enable diagnostic settings, forward logs to Log Analytics/Storage/Event Hubs/Splunk, and use Kusto Query Language (KQL) for compliance reporting and alerts.
• Lead PoCs and evaluate cloud-native and cloud agnostic security services and integrate them into governance programs.
• Collaborate with cloud architects, security, compliance, and application teams to define policy requirements, document test cases and maintain audit evidence.
• Mentor junior engineers and lead small teams to deliver policy-as-code and automation initiatives.
• and vendors on complex issues.

Education and Experience Required:

6+ years cloud experience with 3+ years focused on Azure security, governance and Policy-as-Code.

What you need to bring:

• Proven experience authoring and deploying large scale Azure Policies (built-in and custom) — 100+ policies and dozens of custom rules preferred.
• Strong Infrastructure-as-Code experience using Terraform (writing modules, state management, remote backends).
• CI/CD expertise: Azure DevOps (YAML pipelines) and/or GitHub Actions for automated policy and infrastructure deployment.
• Experience implementing automated remediation workflows (Terraform scripts, Azure Automation Runbooks, Logic Apps).
• Hands-on with Azure monitoring and security tooling (Log Analytics, Azure Monitor, Azure Defender for Cloud).
• Ability to write and use Kusto Query Language (KQL) for compliance and monitoring queries.
• Experience with multi-cloud policy/constraint approaches (GCP Organization Policies, AWS Organizations SCPs) and ability to adapt Azure patterns to other clouds.
• Strong scripting skills (PowerShell, Bash, Python) and familiarity with ARM templates or Bicep.
• Experience with branching strategies, version control workflows (Git) and release management for policy-as-code.
• Strong documentation skills and experience preparing compliance evidence for audits.

Preferred/Nice-to-have:

• Hands-on experience with GCP Organization Policy constraints and AWS SCP/IAM controls.
• Experience deploying diagnostics/log forwarding to third-party systems such as Splunk.
• Certifications: Microsoft Certified: Azure Security Engineer Associate, Azure Solutions Architect, HashiCorp Terraform Associate, or equivalent.
• Experience in large enterprise environments and working across multiple subscriptions/tenants.
• Prior experience leading small teams or acting as a policy-as-code architect.

Accountability, Accountability, Action Planning, Active Learning, Active Listening, Agile Methodology, Bias, Business, Coaching, Creativity, Critical Thinking, Cybersecurity, Data Analysis Management, Data Collection Management (Inactive), Data Controls, Design Thinking, Development Methodologies, Empathy, Follow-Through, Growth Mindset, Implementation Methodologies, Infrastructure Design, Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity {+ 4 more}

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Job:

Information Technology

Job Level:

TCP_04

    

    

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

   

No Fees Notice & Recruitment Fraud Disclaimer

 

It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates.  These scammers often seek to obtain personal information or money from candidates.

 

Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process.  The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.