Cloud Platform Specialist

The OpportunityWe are seeking a Cloud Platform Specialist to design and build the foundational systems that enable secure, scalable application development across PAE. This role is critical in supporting emerging automation, AI initiatives, and citizen development efforts by creating standardized, production-ready environments and enforcing governance controls that ensure all applications follow consistent security, compliance, and operational standards before reaching production. This includes everything from engineer-built Python tools to AI-enabled workloads.The Cloud Platform Specialist owns the intake, review, and environment promotion process for citizen- and engineer-developed applications. This role also maintains working-level proficiency in Windows Server, Linux, and Azure IaaS administration to provide operational coverage and secondary support to the Core Services infrastructure team.Who We ArePAE is an engineering and design firm that turns complex challenges into reality. By leveraging the latest technologies, we solve problems in unique ways, and our designs enable buildings and communities to be more resilient and efficient. PAE is trusted by our clients in every aspect of a project's lifespan, from idea to occupancy. We set ambitious goals backed by analysis to significantly conserve water and energy while balancing costs and long-term operational needs. As a B Corp, we measure success by the benefits our projects provide to our clients, our communities, and our planet. We embrace innovation, transparency, sustainability, and lifelong curiosity.What You'll DoSystem/Process ManagementDesign and implement secure, scalable application hosting environments in Azure, including environment segmentation (dev/test/UAT/prod) and isolation strategiesEstablish identity, access, and secrets management patterns across all environmentsBuild and maintain CI/CD pipelines for application deployment using Azure DevOps Pipelines and GitHub Actions; standardize release and promotion workflows across environments regardless of pipeline toolingMonitor Define and document approved deployment patterns for Power Platform solutions, custom-developed applications including AI-generated and low-code apps, and AI/ML-enabled workloadsImplement infrastructure as code using Bicep and Terraform for consistent, repeatable environment provisioning; maintain standards for both Microsoft-native and open-source IaC tooling depending on workload requirementsDefine approved patterns for containerized workloads including Docker-based packaging and deployment to Azure Container Apps or AKS; maintain working proficiency in Linux as the primary runtime for containerized and serverless applicationsDefine Establish standards for event-driven and serverless compute patterns using Azure Functions and Logic Apps alongside open-source frameworks and runtimes; define approved language runtimes, dependency management practices, and cold-start mitigation approachesEnsure logging, monitoring, alerting, and compliance requirements are met by design in all managed environmentsApplication Platform Governance & Citizen Development EnablementOwn the citizen development intake, review, and application promotion process; evaluate all citizen and staff-developed applications for security, compliance, and operational supportability before advancement through dev/test/UAT/prod environmentsDefine and enforce data classification requirements for all applications and workloads, particularly those integrating with AI services, external APIs, Microsoft 365, or business-critical data sourcesEstablish open-source software governance standards for all applications entering the promotion pipeline, including license compatibility review, dependency scanning, and policies governing the use of community-maintained packages in production workloadsDevelop and maintain secure development guidelines and reference materials for non-technical builders covering authentication patterns, data handling, API integration basics, and deployment standards. These guardrails exist to prevent insecure applications from reaching production; they are not a formal training programPartner with the integration developer and BIM developer to ensure citizen-developed solutions are compatible with enterprise integration patterns and supportable by Core ServicesDefine production readiness criteria and ensure all deployed applications are supportable by the Service Desk and IT operations teamsAzure AI & Low-Code GovernanceGovern Azure AI Foundry and Azure OpenAI Service access; define approved patterns for AI-enabled workloads including proprietary and open-weight model deployment standards, content filtering configuration, audit logging, and data residency complianceReference established open standards including the OWASP Top 10 for LLM Applications when evaluating AI workload risk and defining guardrails for data flowing into AI servicesDefine and maintain Power Platform environment strategy and DLP policy governance, including environment segmentation and access controls for citizen developersEstablish API management standards for internally developed or citizen-developed applications that expose or consume APIs, including authentication patterns (OAuth2/Entra ID), secret management, connector approval workflows, and OpenAPI specification requirements for internally documented APIsEvaluate and approve requests for access to Azure AI Foundry from technical and non-technical staff; define and enforce guardrails for what data is permitted to flow into AI workloadsInfrastructure Support (Secondary Duties)Provide Tier 2/3 secondary coverage for Windows Server, Linux, and Azure IaaS operationsMaintain working-level proficiency in Azure VM administration, storage, and networking sufficient to support team operations during planned or unplanned absencesMaintain Participate in the execution of IT Service Management (ITSM) controls including incident, problem, and change management; this includes after-hours operations and maintenanceParticipate in audits and rehearsals associated with Information Security, Business Continuity, and Disaster RecoveryWhat Success Looks LikeCitizen developers have a clear, low-friction path from idea to production without bypassing security or IT controlsAll production applications, regardless of who built them, follow consistent and secure deployment patternsAzure AI Foundry and Power Platform access is governed with defined policies; no ungoverned AI workloads exist in productionDD Data classification is enforced at the platform level before applications reach productionOpen-source components used in any production application are reviewed, licensed appropriately, and trackedTime to deploy new applications decreases while risk and ad hoc IT intervention decrease alongside itWhat This Role Is NotThis role is not a full-time systems administrator; primary infrastructure ownership remains with the Core Services team. This role is not responsible for building business applications. This is a platform and governance function: it builds and enforces the systems, standards, and processes that allow others to develop and deploy safely. The secondary infrastructure coverage responsibility is a team depth requirement, not the primary function of the role.What You BringStrong hands-on experience with Microsoft Azure including compute, networking, identity (Entra ID), and security servicesExperience designing and implementing CI/CD pipelines using GitHub Actions or Azure DevOpsExperience with infrastructure as code tools including Bicep and TerraformFamiliarity with containerization concepts including Docker and Linux-based runtimes, and their application to Azure-hosted workloadsExperience reviewing third-party and citizen-developed applications for production readiness, security posture, and operational supportabilityExperience with Power Platform governance including DLP policy configuration, environment strategy, and connector managementSolid understanding of identity and access management; specifically Azure AD/Entra ID, OAuth2/OIDC, app registrations, and service principalsExperience governing or operating Azure AI Foundry, Azure OpenAI Service, or equivalent AI/ML platforms in an enterprise environmentFamiliarity with data classification frameworks and their application to cloud workloads and AI pipelinesWorking-level proficiency in Windows Server, Linux, and Azure IaaS administration sufficient to provide team secondary coverageStrong verbal and written communication skills with the ability to explain security and governance requirements to non-technical audiencesProven problem-solving skills with experience as a key contributor in an IT teamPreferred: Experience building or operating a formal citizen development governance program, including intake processes and promotion gate criteriaPreferred: Background in IT platform engineering or site reliability engineering (SRE)Preferred: Familiarity with SharePoint Online, SPFx, and Power Platform as a development ecosystemPreferred: Experience supporting low-code and no-code development ecosystems with mixed technical skill levelsWhat We Offer Hiring Base Salary Range: $106,000-$147,000 annualThis position is eligible for time and a half overtime payThe base salary is one component of PAE’s competitive compensation package for employees. We take into consideration a variety of factors including but not limited to skills, abilities, experience, education, credentials, internal equity and geographic location in determining exact salary offered. At PAE, employees are eligible for annual compensation reviews based on performance and business needs. The above range represents PAE's good faith and reasonable estimate of the range of possible compensation at the time of posting.In addition, PAE offers a comprehensive benefits package which includes the following: Employer paid health insurance (medical, dental, vision) Annual 401k profit sharing based on company profit for the year and account contribution Professional development reimbursements including state registration and professional association dues Employer paid commuter/parking stipendCell phone stipend Life insurance and disability benefits Hybrid work schedule Employee Assistance Program 9 paid holidays including an additional employee-selected dayPaid time off for sick leave, family leave, community service, holidays and vacationTo learn more about our comprehensive benefits package, visit  https://www.pae-engineers.com/careers/benefits. This information is provided per the Equal Pay ActOur commitment to pay equity PAE is a JUST label certified company; we demonstrate JUST label requirements within pay equity. Pay scales should meet or exceed applicable legislated wage requirements and industry standards and compensate, on the same basis, all individuals performing the same or similar work and work of equal value. We are committed to the principle of pay equity – paying employees equitably for substantially similar work. To learn more about pay equity and our commitments to equitable business practices, you may view our JUST label certification here: Living Future: Just Label Certification.To find out more visit our website.What We’re Made OfFounded in 1967, PAE is a leading sustainable engineering and consulting firm on a mission to deliver clean air, energy, and water for all. We specialize in mechanical, electrical, and plumbing engineering, building performance analysis, technology design, and lighting design (LUMA). PAE designs some of the nation's highest-performing and most regenerative built environments across the U.S., from Living Buildings to all-electric buildings and beyond. Learn more at pae-engineers.com.Our portfolio includes over 100 LEED Platinum projects as well as dozens of projects that have either achieved or are pursuing the Living Building Challenge, Passive House, Architecture 2030, Carbon Neutral, Net Zero Energy, and Net Zero Water.Fine Print Please note that resumes received from third party recruiters or agencies will not be accepted unless requested directly by PAE Talent Acquisition and with a prior signed fee agreement. If candidates without a previously signed recruiter fee agreement are submitted, PAE reserves the right to engage with and hire those candidate(s) without any obligation financial or otherwise to the recruiter or agency.In order to provide equal employment and advancement opportunities to all individuals, employment decisions at PAE will be based on merit, qualifications and abilities. PAE does not discriminate in employment opportunities or practices on the basis of race, color, religion, gender (sex), national origin, age, veteran status, sexual orientation, gender identity, physical characteristics historically associated with race, disability, genetic information or any other characteristic protected by applicable law.PAE will make reasonable accommodations for qualified individuals with known disabilities unless doing so would result in an undue hardship. This policy governs all aspects of employment including: selection, job assignment, compensation, discipline, termination and access to benefits and training.