Luck Companies · 8 hours ago
Infrastructure Engineer
Richmond, VA
Full-time
Onsite
Senior Level
5+ years expLuck Companies is seeking an Infrastructure Engineer to lead the design, implementation, and management of secure and reliable infrastructure across hybrid cloud and on-premises environments. The role involves working with infrastructure-as-code, automation, and security frameworks to support corporate workloads and drive modernization initiatives.
CommunitiesMiningReal Estate
Responsibilities
Lead adoption and implementation of security frameworks (NIST CSF, Azure Benchmarks, PCI) across hybrid cloud infrastructure
Architect and enforce identity and access management controls using SAML, SCIM, OAuth, and Azure AD/Entra with Conditional Access policies
Conduct continuous security audit: RBAC reviews, service principal access checks, expiring SAML certificates, orphaned resources, BitLocker key backups to Azure AD, etc
Engineer and monitor security tools: Microsoft Sentinel, Defender XDR, Microsoft Purview, and Defender for Cloud for threat detection and incident response
Enforce Azure Policy definitions and assignments across management groups and subscriptions for compliance automation
Maintain compliance evidence through automated logging, script-based audits, and reporting in Log Analytics and designated storage accounts
Manage risk analysis, policy development, and disaster recovery planning aligned with business continuity objectives
Develop Infrastructure as Code (IaC) for centralized configuration management, rapid deployment, and disaster recovery of resources
Design, deploy, and maintain Azure infrastructure using Bicep and ARM templates following modular, reusable patterns
Manage multi-environment deployments (Dev/Test/Prod) using parameterized Bicep templates and module sharing
Implement and maintain Azure Landing Zone patterns: management group hierarchies, subscription placement, policy-driven governance
Deploy and manage hub-and-spoke network architectures with VNet peering, private endpoints, route tables, SD-WAN, and network virtual appliances (NVAs)
Occasionally contribute to the maintenance of shared infrastructure: App Configuration, Key Vault, Application Insights, Log Analytics, Redis Cache, Application Gateways, and App Service Plans
Build and maintain CI/CD pipelines in Azure DevOps for infrastructure and IAM deployments with approval gates and what-if validation
Implement RBAC-as-code using custom Bicep modules
Manage Azure AD/Entra group-to-role mappings across organizational hierarchy
Execute access control changes following a what-if → deploy → verify workflow with deterministic role assignment naming
Automate identity lifecycle processes: user provisioning/deprovisioning with PowerShell and Azure Automation Runbooks
Implement SSO/SAML integrations and SCIM provisioning for SaaS platforms (Snowflake, D365, OTIS, CRM, etc)
Manage Active Directory (on-prem and Azure AD/Entra), Intune device management, and hybrid identity synchronization
Design and implement disaster recovery strategies using Azure Backup, Azure backup server, CommVault, and custom solutions where required
Develop and maintain backup automation for Azure SQL databases and other azure resources using custom PowerShell scripts, Azure Automation, and integrations with other tooling where required
Follow established patterns such as tag-based backup policies and automated restore testing for VMs, databases, and storage accounts
Maintain backup and restore processes across hybrid environments with integration to CommVault and other DR platforms
Document and test disaster recovery runbooks; participate in DR drills and on-call rotation for infrastructure incidents
Participate in network modernization efforts with the guidance of network engineers and contracted network architects
Administer SD-WAN, firewalls (Azure Firewall, NVAs), and hybrid DNS solutions
Deploy and manage NVAs, Application Gateway, Traffic Manager, and Private Endpoints for secure hybrid connectivity
Optimize network performance, routing, and resilience through change management and traffic analysis
Maintain a library of operational scripts including (but not limited to): VM lifecycle (provisioning, Arc onboarding, bulk deployments from VHD blobs)
Azure SQL backups, restores, and tag-based backup policies
User lifecycle management and guest user provisioning
Defender software inventory, stale AD computer cleanup, and compliance reporting
Resource utilization analysis and cost optimization
Other automations as needed
Automate TLS certificate lifecycle using Let's Encrypt, Cloudflare DNS validation, and Azure Key Vault integration via PowerShell and Azure DevOps pipelines
Standardize and automate certificate management, policy updates, and compliance monitoring
Develop security automation and monitoring solutions using Azure Workbooks, Azure Monitor, and custom alerting
Drive cloud modernization efforts and align infrastructure with long-term business objectives
Contribute to security roadmap development and enterprise governance frameworks
Collaborate with cross-functional teams (application, security, analytics, architecture) to enable self-service infrastructure with guardrails
Ensure best practices in cost management, resource tagging, and subscription governance
Provide operational runbooks and tooling for infrastructure and application teams, ensuring clear separation of responsibilities
Qualification
Required
Deep knowledge of the azure platform, management groups, subscriptions, VNets, private endpoints, Application Gateway, App Services, Function Apps, Key Vault, Azure SQL, Backup Vaults, etc. commensurate with the azure solutions architect expert certification or equivalent experience
Experience with Bicep or ARM templates; familiar with modular, reusable patterns and deployment stacks
Advanced PowerShell/Python scripting, experience with Azure CLI, Az PowerShell modules, and Azure Automation Runbooks
Hands-on experience with Microsoft Sentinel, Defender XDR, Purview, Conditional Access, Azure Policy, and security frameworks (NIST CSF)
Deep experience with Azure AD/Entra, SAML/SCIM integrations, SSO, MFA, and hybrid identity solutions
Hub-and-spoke topologies, VNet peering, routing, SD-WAN, NVAs, firewalls, and hybrid connectivity
Design and implementation of backup/restore strategies
Hands-on experience with Azure DevOps pipelines, YAML workflows, parameter-driven deployments, and what-if analysis
Certificate lifecycle management (Let's Encrypt, DNS validation, Key Vault integration)
Multi-environment deployment patterns (Dev/Test/Prod) with environment-specific configurations
Automation using PowerShell, python, or related tooling with integration into common orchestration platforms (azure automation, ansible, etc.)
Experience supporting enterprise Azure platforms and corporate workloads
Project management and cross-team collaboration skills
Create clear, concise technical documentation for infrastructure, runbooks, security baselines, and operational procedures
Work effectively with application teams, security teams, and DevOps engineers to enable secure self-service infrastructure
Diagnose and resolve complex infrastructure and security issues quickly; comfortable working in high-availability production environments
Default to scripting and IaC instead of manual portal changes; champion pipeline-first governance
Desire to learn on the fly
Company
Luck Companies
Luck Companies specializes in real estate businesses.
501-1000 employees
H1B Sponsorship
Luck Companies has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2022 (2)
2021 (1)
2020 (1)
Funding
Current Stage
Late StageLeadership Team
Charlie Luck
CEO & Chairman, Luck Companies
Recent News
UPSTATE BUSINESS JOURNAL
2025-01-08
Company data provided by crunchbase