Senior Infrastructure Engineer at Friends From The City | Torre
warning

Heads-up

The job you’re trying to post already exists in Torre:

Senior Infrastructure Engineer

You'll secure critical financial aid systems, ensuring equitable access for hundreds of thousands of students.
Emma highlights
This highlight was written by Emma’s AI. Ask Emma to edit it.
Full-time

Legal agreement: To be defined

Compensation USD163k/year
location_on
Remote (anywhere)
Match
skeleton-gauges
You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Review preferences
Shared by
Emma of Torre.ai
14 days ago

Requirements and responsibilities


About usWe are Friends From The City, a design and technology company focused on public impact and equity. We believe that inclusive design and accessible technology are essential to a just society. Every person we hire brings a distinct perspective, and we celebrate that.Our mission is to make digital interactions with the government simple, intuitive, and accessible. That means removing barriers like confusing user flows, inaccessible content, or language limitations that prevent people from getting what they need.We use human-centered design, thoughtful research, and well-crafted, reliable code to build digital products that work for everyone.Why this role existsA state government agency is moving the systems that process financial aid for hundreds of thousands of students onto a modern cloud platform. Today, that work runs on aging on-premises systems: a DB2 mainframe, SQL Server, file servers, and an identity service staff log into every day. The new cloud platform does not yet exist in a form anyone can trust with citizens' financial data. Building it, securing it, and proving it is safe is this job.You'll build the foundation the application teams rely on. When a developer ships a service, it runs on infrastructure you designed. When an auditor asks how this system is allowed to hold sensitive data at all, the answer is the security work you did.RequirementsThe work you'll actually doYou'll design and run the agency's cloud environment in a government cloud tenant, with separate Dev, Test, Staging, and Production setups. You'll build them as code with Terraform or OpenTofu, so they stay consistent and reproducible.The hardest part is the seam between the new cloud and the old on-premises world. The cloud has to reach back to systems that still run on-premises, like the mainframe and the agency's identity provider, over a private network link. That connection has to be encrypted, locked down, and routed correctly. A real part of the job is the day a new service can't reach something on-premises, and you have to trace the whole path to find where the traffic is dying.You'll own the cloud directory, user accounts, and role-based access (Active Directory and Entra ID), which connect to the agency's identity provider. You'll build the CI/CD pipelines in GitHub Actions that let teams deploy safely, integrated with the Azure environment. You'll run containerized workloads with Docker, handle encryption in transit and at rest, and configure firewalls across the cloud and on-premises boundary. You'll keep the monitoring and disaster-recovery posture that holds a public-facing system up.This system needs a documented security posture, including a System Security Plan and the authorization behind it, and you are central to producing and defending it.If you've built cloud infrastructure in a regulated or government environment, connected it to on-premises systems, and lived through a security authorization, you'll recognize this as your kind of problem.What tells us you can do thisMost engineers who fit have around five years building and running Azure, or a comparable cloud.A few things matter most for this role. You've done the Azure networking and network integrations that connect cloud to on-premises, not just stood up isolated cloud resources. You've owned Active Directory and role-based access. You've built CI/CD pipelines in GitHub Actions and integrated them with Azure. You've provisioned infrastructure as code with Terraform or OpenTofu, and you're comfortable with Docker and containers, encryption at rest and in transit, and firewall rules across a cloud and on-premises boundary.Most important: you've done security and authorization work. You can describe a System Security Plan, an authorization to operate, or the controls behind one as something you produced.Nice To HavesExpressRoute or other private cloud-to-on-premises connectivity in productionGovernment, civic-tech, or other regulated/high-stakes environments (FedRAMP, StateRAMP, NIST 800-53)Monitoring and disaster-recovery design for public-facing systemsA public artifact you can speak to in depth: an open-source module, a write-up, a talkEducation & ExperienceBachelor’s degree in any discipline or equivalent experience. 5-7 years of relevant experience preferred. If the mission and the problem excite you and you can do the work, apply even if you don't check every box.BenefitsWe believe people do their best work when they feel supported, valued, and inspired. At Friends From The City, our benefits are designed to help you thrive at work and in life.Compensation & Time OffCompetitive salary based on experience and market benchmarks401(k) with company match to help you invest in your future18 days of PTO, 11 paid federal holidays, and 5 additional wellness days to rest, recharge, and take care of yourselfFlexible remote work with support for coworking memberships if neededHealth & WellnessComprehensive medical, dental, and vision insuranceLife insurance and short-term disability coverageWellness-first culture that respects boundaries and encourages balanceProfessional GrowthAnnual Professional Development Stipend to invest in courses, conferences, books, or coachingOpportunities to lead, mentor, and learn across projects and disciplinesRegular feedback, growth planning, and clear career pathwaysWork Culture & ValuesA collaborative, mission-driven team that values your perspectiveThe chance to work on meaningful civic tech projects that directly improve people’s livesAn environment where creativity, curiosity, and care are part of the jobOur Hiring ProcessPhone InterviewTechnical InterviewFinal InterviewVisit our Candidate Handbook to learn more about what to expect.
Optionally, you can add more information later (benefits, pre-screening questions, etc.)
check_circle

Payment confirmed

A member of the Torre team will contact you shortly

In the meantime, continue adding information to your job opening.