United States onlyAbout Samtek
At Samtek, we're redefining cloud innovation as an engineer-owned and operated, SBA-certified minority-owned small business founded in 2018. Our mission is simple: empower federal agencies and large enterprises with cutting-edge DevSecOps and cloud transformation solutions that drive security, scalability, and speed. From cloud-native application development and platform engineering to robust security implementations, data center migrations, and seamless operations, we deliver modern IT services backed by over 50 years of collective expertise.
We're a diverse, collaborative team that's passionate about pushing the boundaries of technology. Our culture thrives on curiosity, inclusivity, and real impact—whether it's optimizing cloud environments for mission-critical operations or fostering innovation in a supportive, hybrid work setting. Join us to work on high-stakes projects that matter, grow alongside top talent, and be part of a company that's not just building the future of cloud computing, but shaping it.
Samtek: Where engineers lead, and excellence follows.
Job Summary
Samtek Inc is seeking a skilled Azure Cloud Engineer to join a high-impact team delivering secure, compliant, and scalable Azure solutions for the Centers for Medicare & Medicaid Services (CMS). This is a hands-on engineering role focused on building, automating, and operating Azure Government (GCC High) environments while supporting large-scale migrations and cloud-native modernization of mission-critical healthcare systems.
Key Responsibilities
- Implement and manage Azure Landing Zones using Enterprise-Scale architecture, Bicep, Terraform, and Azure Policy
- Deploy and configure Azure governance frameworks (Management Groups, Azure Policy, Blueprints, Resource Graph, tagging, cost management)
- Build and maintain infrastructure-as-code (IaC) repositories using Bicep, Terraform Enterprise/Cloud, ARM templates, and Azure CLI/PowerShell
- Execute cloud migration waves (rehost, refactor, replatform) with Azure Migrate, Azure Site Recovery (ASR), Database Migration Service (DMS), and Data Box
- Configure Zero-Trust networking and security controls including Azure Firewall, Private Link, Private Endpoints, VNet peering, ExpressRoute, NSGs, and Azure DDoS Protection
- Implement and manage identity solutions using Azure Entra ID (formerly AAD), Conditional Access, Privileged Identity Management (PIM), and RBAC
- Integrate and operate DevSecOps pipelines with Azure DevOps, GitHub Actions, Azure Pipelines, and security tools (Microsoft Defender for Cloud, Sentinel, Prisma Cloud)
- Automate compliance evidence collection and monitoring using Microsoft Defender for Cloud, Azure Policy, and Sentinel playbooks for FedRAMP High and CMS ARS requirements
- Support containerized workloads on Azure Kubernetes Service (AKS), Azure Container Apps, and Azure Red Hat OpenShift
- Troubleshoot production issues, perform root cause analysis, and optimize performance/cost in GCC High environments
- Contribute to Architecture Review Board (ARB) packages, System Security Plans (SSP), diagrams, and ATO documentation
- Collaborate daily with cloud architects, security engineers, developers, and CMS stakeholders
Required Skills & Experience
- 4+ years of hands-on experience building and operating production workloads in Azure (commercial and/or Government)
- 2+ years working in Azure Government Community Cloud High (GCC High)
- Strong proficiency in Infrastructure as Code: Bicep (required), Terraform (strong plus), ARM
- Experience deploying and managing Azure Enterprise-Scale Landing Zones
- Solid understanding of Azure networking (VNet, Private Link, Firewall, ExpressRoute, VPN
- Hands-on experience with Azure DevOps (Repos, Pipelines, Boards) and GitHub Actions
- Familiarity with Microsoft Defender for Cloud, Azure Policy, Sentinel, and Log Analytics
- Scripting and automation skills: PowerShell (required), Python or Bash (plus)
- U.S. citizenship and ability to obtain and maintain CMS Public Trust clearance
Preferred Qualifications
- Active Microsoft certifications:
- Azure Administrator Associate (AZ-104)
- Azure Solutions Architect Expert (AZ-305) or DevOps Engineer Expert (AZ-400)
- Azure Security Engineer Associate (AZ-500)
- Experience with CMS MARS-E, CMS ARS, FedRAMP High, or NIST 800-53 control implementation
- Prior work on CMS contracts (SPARC, ESIM, EPMO, XLC)
- Knowledge of Azure Health Data Services, FHIR APIs, Synapse Analytics, or Databricks
- Experience with AKS, Azure Arc, or Azure Stack HCI
- Active Public Trust clearance or higher
Other Requirements
- Must have resided in the U.S. for at least 3 of the last 5 years
- Must be eligible for CMS Public Trust clearance
- No visa sponsorship available
