Apply on Employer Site

Coastal · 2 weeks ago

Cloud & Core Services Engineer

United States

Full-time

Onsite

Senior Level, Lead/Staff

$146K/yr - $195K/yr

8+ years exp

Coastal is at the forefront of modern banking, focusing on innovative banking technology and services. The Cloud & Core Services Engineer will be responsible for designing and improving technical controls for Coastal's Azure environment and ensuring security across various cloud domains.

Financial Services

Responsibilities

Design, build, and operate the enterprise Azure “base service” (landing zones, subscription strategy, management groups, RBAC, tags, budgets) for technology teams across the bank

Define and maintain the Azure service catalog (self-service templates, guardrails, quotas, request workflows) that enables fast, safe provisioning for app teams

Work with IT Operations and Security Engineering to establish platform SLOs, capacity plans, backup and disaster recovery standards, and cost governance (FinOps tagging, budgets)

Work with Security Engineering to design and operate Microsoft Entra ID and Okta as core services: conditional access, MFA, SSO, federation, SCIM provisioning, and lifecycle automation

Implement least-privilege access with PIM/PAM, JIT elevation, and policy-as-code guardrails

Advance Zero Trust by aligning identity, device posture, network controls, and data protections across cloud and on-prem

Design and run hybrid network foundations, including vWAN, VNets/VNet peering, SD-WAN, Private Link, DNS, and Azure Firewall

Build reusable, secure IaC modules using Terraform for repeatable, compliant deployments

Encode governance via Azure Policy and Terraform deployment pipelines to enforce configuration baselines and drift detection

Provide shared platform components (such as App Service, Functions, Key Vault, Event Hub/Service Bus) with opinionated, secure defaults

Embed security and compliance checks into CI/CD (image signing, policy enforcement, SAST/DAST/secret scanning) and automate result evaluation

Work with Security Operations to integrate cloud services with the enterprise SIEM and other detection and prevention tools, and help to develop analytics, response playbooks, and platform-level detections

Lead hardening after incidents and add improvements into baselines, policies, and IaC for durable risk reduction

Map platform controls to FFIEC, GLBA, SOX, PCI-DSS, and NIST CSF 2.0

Automate evidence collection from Azure native services and pipelines to streamline audits

Diagnose and respond to outages of cloud services in collaboration with other operations and app teams

Perform root cause analysis (RCA) and post-incident reviews

Investigate and troubleshoot failed resource deployments

Maintain documentation and procedures (runbooks, playbooks, standards, etc.)

Qualification

Azure architectureIdentityAccess ManagementNetwork securityIaC & DevSecOps automationCloud-native protection servicesScripting skillsManage prioritiesDynamic environment adaptabilityCommunication skills

Required

Deep expertise in cloud services, identity, network, and cybersecurity, within financial services

Demonstrated expertise in three or more of the following:

Azure architecture, networking, and identity

Identity and Access Management lifecycle architecture and capabilities

Cloud-native protection services, including CSPM and CWPP

Network security (firewalls, IDS/IPS, NAC)

Kubernetes / container security

IaC & DevSecOps automation (Terraform, GitHub Actions, Argo)

Familiarity with FFIEC, GLBA, and NIST CSF or SP?800-53 frameworks

Scripting skills in PowerShell, Bash, or Python for automation and SOAR

Strong ability to assess risk and develop long-term strategies

Comfortable operating effectively in a dynamic and changing environment (often with unstructured and/or virtual teams)

Ability to manage multiple priorities, meet deadlines, and deliver business results

Strong communication and presentation skills

Ability to influence even when holding a position contrary to the majority

8+ years of hands-on security engineering or system administration in regulated financial-services or cloud-first environments

Preferred

Security certifications, such as CISSP, AZ-500, or GIAC, are a plus

Benefits

Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.

Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.

Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.

Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.

Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.

Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.

Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.

401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.

Paid Time Off: Generous vacation and sick leave policies to support your time away from work.

Holidays: Enjoy 11 paid holidays throughout the year.