Senior Infrastructure Engineer Save

Overview

Job Title: Senior Infrastructure Engineer
Location: 100% Remote - anywhere in the Continental U.S.
Salary: $163,000
Note: All advertised positions are salaried and full-time.

About us

We are Friends From The City, a design and technology company focused on public impact and equity. We believe that inclusive design and accessible technology are essential to a just society. Every person we hire brings a distinct perspective, and we celebrate that.

Our mission is to make digital interactions with the government simple, intuitive, and accessible. That means removing barriers like confusing user flows, inaccessible content, or language limitations that prevent people from getting what they need.

We use human-centered design, thoughtful research, and well-crafted, reliable code to build digital products that work for everyone.

Why this role exists

A state government agency is moving the systems that process financial aid for hundreds of thousands of students onto a modern cloud platform. Today, that work runs on aging on-premises systems: a DB2 mainframe, SQL Server, file servers, and an identity service staff log into every day. The new cloud platform does not yet exist in a form anyone can trust with citizens' financial data. Building it, securing it, and proving it is safe is this job.

You'll build the foundation the application teams rely on. When a developer ships a service, it runs on infrastructure you designed. When an auditor asks how this system is allowed to hold sensitive data at all, the answer is the security work you did.

The work you'll actually do

You'll design and run the agency's cloud environment in a government cloud tenant, with separate Dev, Test, Staging, and Production setups. You'll build them as code with Terraform or OpenTofu, so they stay consistent and reproducible.

The hardest part is the seam between the new cloud and the old on-premises world. The cloud has to reach back to systems that still run on-premises, like the mainframe and the agency's identity provider, over a private network link. That connection has to be encrypted, locked down, and routed correctly. A real part of the job is the day a new service can't reach something on-premises, and you have to trace the whole path to find where the traffic is dying.

You'll own the cloud directory, user accounts, and role-based access (Active Directory and Entra ID), which connect to the agency's identity provider. You'll build the CI/CD pipelines in GitHub Actions that let teams deploy safely, integrated with the Azure environment. You'll run containerized workloads with Docker, handle encryption in transit and at rest, and configure firewalls across the cloud and on-premises boundary. You'll keep the monitoring and disaster-recovery posture that holds a public-facing system up.

This system needs a documented security posture, including a System Security Plan and the authorization behind it, and you are central to producing and defending it.

If you've built cloud infrastructure in a regulated or government environment, connected it to on-premises systems, and lived through a security authorization, you'll recognize this as your kind of problem.

What tells us you can do this

Most engineers who fit have around five years building and running Azure, or a comparable cloud.

A few things matter most for this role. You've done the Azure networking and network integrations that connect cloud to on-premises, not just stood up isolated cloud resources. You've owned Active Directory and role-based access. You've built CI/CD pipelines in GitHub Actions and integrated them with Azure. You've provisioned infrastructure as code with Terraform or OpenTofu, and you're comfortable with Docker and containers, encryption at rest and in transit, and firewall rules across a cloud and on-premises boundary.

Most important: you've done security and authorization work. You can describe a System Security Plan, an authorization to operate, or the controls behind one as something you produced.

Nice To Haves

• ExpressRoute or other private cloud-to-on-premises connectivity in production
• Government, civic-tech, or other regulated/high-stakes environments (FedRAMP, StateRAMP, NIST 800-53)
• Monitoring and disaster-recovery design for public-facing systems
• A public artifact you can speak to in depth: an open-source module, a write-up, a talk

Education & Experience

• Bachelor’s degree in any discipline or equivalent experience. 5-7 years of relevant experience preferred. If the mission and the problem excite you and you can do the work, apply even if you don't check every box.

We believe people do their best work when they feel supported, valued, and inspired. At Friends From The City, our benefits are designed to help you thrive at work and in life.

Compensation & Time Off

• Competitive salary based on experience and market benchmarks
• 401(k) with company match to help you invest in your future
• 18 days of PTO, 11 paid federal holidays, and 5 additional wellness days to rest, recharge, and take care of yourself
• Flexible remote work with support for coworking memberships if needed

Health & Wellness

• Comprehensive medical, dental, and vision insurance
• Life insurance and short-term disability coverage
• Wellness-first culture that respects boundaries and encourages balance

Professional Growth

• Annual Professional Development Stipend to invest in courses, conferences, books, or coaching
• Opportunities to lead, mentor, and learn across projects and disciplines
• Regular feedback, growth planning, and clear career pathways

Work Culture & Values

• A collaborative, mission-driven team that values your perspective
• The chance to work on meaningful civic tech projects that directly improve people’s lives
• An environment where creativity, curiosity, and care are part of the job

Our Hiring Process

1. Phone Interview
2. Technical Interview
3. Final Interview