About Sandia:

Sandia National Laboratories is the nation’s premier science and engineering lab for national security and technology innovation, with teams of specialists focused on cutting-edge work in a broad array of areas. Some of the main reasons we love our jobs:

• Challenging work with amazing impact that contributes to security, peace, and freedom worldwide
• Extraordinary co-workers
• Some of the best tools, equipment, and research facilities in the world
• Career advancement and enrichment opportunities
• Flexible work arrangements for many positions include 9/80 (work 80 hours every two weeks, with every other Friday off) and 4/10 (work 4 ten-hour days each week) compressed workweeks, part-time work, and telecommuting (a mix of onsite work and working from home)
• Generous vacations, strong medical and other benefits, competitive 401k, learning opportunities, relocation assistance and amenities aimed at creating a solid work/life balance*

World-changing technologies. Life-changing careers. Learn more about Sandia at: http://www.sandia.gov

*These benefits vary by job classification.

What Your Job Will Be Like:

We are seeking a Cloud Operations Information Systems Architect! You will be supporting the Operations of our Microsoft Azure Commercial and Government environments. You are expected to understand the various cloud domains and have a shift left cloud security approach to IaaS and PaaS. You will help our customers implement best practices in cloud workloads. You will develop and implement processes and procedures to automate operational efficiency across the Sandia Cloud environment.

On any given day, you may be called on to:

• Work on critical issues caused by policies to support customers
• Manage cloud operations and security tools
• Investigate threats and potential cybersecurity incidents
• Partner with our cybersecurity team on cloud-related incidents
• Plan, design, build, and test automated solutions and capabilities to enhance operations and maintenance of Sandia’s Cloud environment
• Manage and administer a portfolio of cloud security solutions and capabilities, including Microsoft Sentinel, Microsoft Defender for Cloud Apps, and Microsoft Defender for Cloud
• Help the Staff use and understand the 1st party Microsoft Services
• Architect, design, and implement IaaS and network security components that can scale and be maintainable e.g. Virtual Machines, Virtual Networks, Azure Firewalls, Application Gateways, Azure Web Application Firewalls (WAF), Azure Storage, etc.
• Help to Implement Infrastructure as Code (IaC) for automating deployment of solutions and environments according to Azure guidelines, standards, and policies. May be called to help customers with using IaC and/or Azure Resource Manager (ARM) templates.
• Advise cloud customers on initial project engagement and assisting with proof-of-concept work
• Be on an on-call rotation schedule for critical cloud services

The selected applicant can work a combination of onsite and offsite work. The selected applicant must live within a reasonable distance for commuting to the assigned work location when necessary.

Qualifications We Require:

• Bachelor’s degree in Computer Science, Management Information Systems, or a related field plus 5 years of experience, or equivalent (AS + 9 years or no degree + 13 years)
• Experience with Azure and the administration of resources in Azure Commercial
• Experience with cybersecurity fundamentals such as data protection, network security, access control, keys/secrets management, vulnerability management, monitoring services, systems hardening, and GRC (Governance, Risk & Compliance)
• Ability to obtain and maintain a DOE L clearance

Qualifications We Desire:

• Experience in Public Cloud systems (AWS)
• Experience with Azure Stack Hub, on prem Private cloud system
• Experience using Microsoft PowerShell, Bash, and/or Python for scripting and automation
• Experience with Infrastructure as Code (IaC) tools, such as Azure Resource Manager templates, Bicep, Terraform, and Ansible
• Familiarity with container technologies (e.g. Docker, Kubernetes)
• Familiarity with Cloud Security concepts, standard methodologies, and solutions such as Cloud Access Security Broker (CASB), Cloud Security Posture Management (CSPM), and Cloud Workload Protection (CWP)
• Experience with KQL (Kusto Query Language) is a plus
• Demonstrated ability to work well in a team environment and independently with minimal direction and supervision
• Active DOE L or Q level security clearance

About Our Team:

The Enterprise Cloud Services department provides public and private cloud services, automation services, and tools to enable self service delivery of IT using the DevOps framework. This department will constantly evolve to meet the rapid pace of cloud innovation.

Posting Duration:

This posting will be open for application submissions for a minimum of seven (7) calendar days, including the ‘posting date’. Sandia reserves the right to extend the posting date at any time.

Security Clearance:

Sandia is required by DOE to conduct a pre-employment drug test and background review that includes checks of personal references, credit, law enforcement records, and employment/education verifications. Applicants for employment need to be able to obtain and maintain a DOE L-level security clearance, which requires U.S. citizenship. If you hold more than one citizenship (i.e., of the U.S. and another country), your ability to obtain a security clearance may be impacted.

Applicants offered employment with Sandia are subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance. Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by the DOE, resulting in the inability to perform the duties assigned and subsequent termination of employment.

EEO:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status and any other protected class under state or federal law.

NNSA Requirements for MedPEDs:

If you have a Medical Portable Electronic Device (MedPED), such as a pacemaker, defibrillator, drug-releasing pump, hearing aids, or diagnostic equipment and other equipment for measuring, monitoring, and recording body functions such as heartbeat and brain waves, if employed by Sandia National Laboratories you may be required to comply with NNSA security requirements for MedPEDs.

If you have a MedPED and you are selected for an on-site interview at Sandia National Laboratories, there may be additional steps necessary to ensure compliance with NNSA security requirements prior to the interview date.

Job ID: 693128