# Staff Production Engineer- Public Sector

**Company:** [Databricks](https://hotfix.jobs/companies/databricks)
**Location:** Virginia
**Role:** DevOps / SRE
**Salary:** $162k – $223k/yr
**Experience:** 8+ years
**Skills:** AWS, Azure, GCP, IAM, Terraform, CloudFormation, Okta, Opal, CI/CD, Infrastructure As Code
**Posted:** 2026-04-22

> Owns secure cloud infrastructure, IAM, and automation across AWS, Azure, GCP for public sector environments. Requires 8+ years experience, deep cloud expertise, IaC tools like Terraform, and TS/SCI clearance eligibility.

## Job Description

## Responsibilities

### Security-Focused Cloud Operations
- Design, automate, and operate the IAM, account/subscription, and project lifecycle across AWS, Azure, and GCP, enforcing least-privilege and standardized access patterns at scale.
- Review, implement, and continuously improve cloud identity and access policies (IAM, Okta, Opal) to align with Databricks security standards and audit requirements.

### Production Engineering & Automation
- Build and maintain reliable, observable automation and tooling to apply cloud changes (roles, policies, accounts, networking) safely and repeatedly.
- Treat operational and security issues as software problems: eliminate toil, drive root-cause analysis, and codify fixes into infrastructure and tooling.

### Security Data Pipelines & Compliance
- Own and improve security and audit logging data pipelines from cloud providers into our internal systems, ensuring timely, accurate data for detection, investigations, and audits.
- Partner with Security, Compliance, and Audit teams to provide evidence, clarifications, and policy updates that keep our environments aligned with evolving standards.

### Regulated & Specialized Environments
- Operate and improve specialized, highly regulated environments (e.g., FedRAMP / GovCloud) including release management, patching cadences, and supporting secure access workflows (e.g., SAW).
- Ensure high availability and resiliency for critical security and access infrastructure across these environments.

### On-Call & Incident Response
- Participate in a 24x7 on-call rotation for high-severity incidents impacting cloud accounts, IAM, or security data pipelines.
- Act as a key partner to product engineering, security engineering, and field teams during incidents to restore service and harden systems for the future.

## Requirements

**Education:** BS, MS, or PhD in Computer Science, Engineering, or a related technical field, or equivalent practical experience.

**Experience:** 8+ years of experience operating and automating large-scale cloud environments, with a track record of driving cross-team infrastructure improvement.

**Cloud & Infrastructure Expertise:**
- Deep hands-on experience with at least one major cloud provider (AWS, Azure, or GCP) in areas such as IAM, networking, accounts/subscriptions/projects, and audit logging.
- Strong background in Infrastructure-as-Code and automation (e.g., Terraform, CloudFormation, or similar) and CI/CD for infrastructure changes.

**Security & Compliance Mindset:**
- Proven experience working in or with security-sensitive or regulated environments (e.g., SOC2, FedRAMP, ISO 27001, financial services, public sector) and translating requirements into concrete technical controls.
- Familiarity with access review processes, policy baselines, and audit evidence for cloud environments.

**Operational Excellence:**
- Demonstrated success running high-availability, security-critical services, including on-call responsibilities and incident management.
- Strong debugging and problem-solving skills across distributed systems, with the ability to navigate ambiguous issues spanning multiple teams and platforms.

**Required:** Candidates must be eligible for a Top Secret / Sensitive Compartmented Information (TS/SCI) security clearance.

## Nice-to-Haves (Bonus)
- Possession of a current polygraph (Counterintelligence or Full Scope).
- Experience with Okta, Opal, or similar identity/access tooling.
- Background operating secure admin workstations (SAW) or comparable hardened access patterns.
- Experience migrating cloud accounts or subscriptions during M&A or large-scale reorganizations.

## Similar roles

- [Staff Software Engineer - Federal](https://hotfix.jobs/jobs/875ad256-d627-448a-a096-b0e54a48f959) - Okta - Remote - $161k – $221k/yr
- [Staff Site Reliability Engineer - Data Center](https://hotfix.jobs/jobs/131f28e9-5848-4f12-8d0b-61ae34487246) - PathAI - Boston, MA - $166k – $224k/yr
- [Staff Engineer, XBAT DevOps (R4542) (Dallas, TX)](https://hotfix.jobs/jobs/944844ce-54b9-47dc-906b-a6ff11b4ecd5) - Shield AI - Dallas, TX - $158k – $215k/yr
- [Senior - Staff Infrastructure Engineer](https://hotfix.jobs/jobs/9751c385-a470-4c71-8d69-8af8f75feec5) - Paperless Post - New York, NY - $157k – $220k/yr
- [Staff Modular Data Center Engineer](https://hotfix.jobs/jobs/16225c89-e74f-43a9-8923-e02a4252be0a) - Crusoe - Denver, CO - $168k – $192k/yr

**Apply:** https://hotfix.jobs/jobs/8a81e484-8b11-40c0-81a7-d60d594509d0
**Canonical:** https://hotfix.jobs/jobs/8a81e484-8b11-40c0-81a7-d60d594509d0