WHY THIS ROLE EXISTS 

GSI is in the midst of a strategic IT transformation and a rapidly accelerating GenAI production program. Functional leaders across the organization are building their own software — purpose-built tools for estimating, field operations, project management, AP automation, HR, and revenue reporting. At the same time, a growing cohort of business builders is advancing AI agents from hackathon prototypes into production under the GSI GenAI Agile Development Standard. 

What these builders need is a deployment partner and production gate — someone who ensures every application lands safely on GSI's Azure platform, meets security and compliance standards, and has passed a structured IT code review before it reaches production. This role bridges business-driven AI innovation and enterprise-grade infrastructure discipline. 

This is not a traditional help-desk or systems-administration role. This is a technical execution role for someone who thrives at the intersection of cloud infrastructure, security, AI application deployment, and enabling non-IT builders to ship production software with confidence and accountability. 

WHAT YOU WILL OWN 

This role carries direct accountability for the following outcomes. We measure ownership by results, not activity. 

GenAI Application Production Pathway 

• Own the IT code review gate for all AI agents and GenAI Code–generated applications advancing through the GSI GenAI Agile Development Standard. You are the checkpoint between prototype and production. 

• Assess builder development level at each code review. Assign sprint scope per builder — sprint scope is set by IT, not self-selected. Review intensity scales with builder maturity. 

• Enforce the Publish vs. Promote distinction: staging deployments are iterative; production promotion requires all security gates passed and your sign-off. 

• Identify and document the failure patterns common in AI-generated code at deployment — mock connections, hard-coded success states, absent RBAC, over-engineered scope — and surface them before they become production incidents. 

• Manage AI API credential infrastructure: Azure Key Vault secrets for LLM API keys, rotation schedules, rate limit monitoring, and cost governance for AI API consumption across deployed applications. 

• Maintain and evolve the sprint framework as the builder cohort grows. Build a shared FAQ and code review knowledge base that accelerates builder development across the cohort. 

Azure Deployment & Release Engineering 

• Own the deployment pipeline for all functionally-built applications targeting GSI's Azure environment. You are the person who makes code go live — reliably, repeatably, and fast. 

• Build and maintain CI/CD pipelines (Azure DevOps, GitHub Actions, or equivalent) that allow functional teams to push code through standardized gates without needing to understand infrastructure plumbing. 

• Establish and enforce deployment standards: naming conventions, resource group organization, environment separation (dev/staging/production), and rollback procedures. 

• Reduce deployment cycle time. The target is same-day deployment for production-ready code. If a functional leader has tested software that meets security and quality gates, infrastructure should never be the bottleneck. 

Security & Compliance Enforcement 

• Implement and maintain security controls across all Azure-hosted applications: identity and access management (Azure AD/Entra ID), network security groups, secrets management (Azure Key Vault), and encryption standards. 

• Own the security sprint for every application in the production pathway: Azure AD SSO, Azure RBAC security groups coded into the application logic, principle of least privilege, role/permission matrix, and audit defensibility. This sprint is non-deferrable. 

• Serve as the security checkpoint for functional deployments. Every application must pass through your review before reaching production — not as a bureaucratic gate, but as a rapid, expert quality filter. 

• Ensure compliance with GSI's security policies, data classification requirements, and any industry or regulatory standards applicable to infrastructure-critical construction services. 

• Monitor deployed applications for security vulnerabilities, misconfigurations, and access anomalies. You own the response when something looks wrong. 

Database Management & Data Architecture Support 

• Manage Azure-hosted databases (Azure SQL, Azure Database for PostgreSQL, or equivalent) that underpin functionally-owned and AI-powered applications. Includes provisioning, performance tuning, backup/recovery, and access control. 

• Partner with functional application owners to design database schemas and data models that are performant, scalable, and secure. You are the technical advisor who keeps self-built applications from creating data debt. 

• Implement data governance practices: classification, retention policies, and access auditing. Functional teams own their data; you own the platform it lives on. 

• Support infrastructure migrations from external hosting stacks (Vercel, Render, Supabase) into Azure-governed environments — including schema mapping, zero-downtime cutover planning, and rollback readiness. 

Internal Technical Partnership 

• Serve as the primary IT deployment partner for functional leaders building their own software. You are embedded in their workflows, not sitting in a separate IT silo waiting for tickets. 

• Translate functional requirements into Azure architecture decisions. When a functional leader says "I need an AI agent that does X," you guide them to the right Azure services, hosting model, and deployment approach. 

• Create and maintain deployment documentation, runbooks, and self-service guides that raise the technical floor for functional builders without creating dependency on you. 

• Proactively identify technical debt, infrastructure risks, or architectural decisions in functional applications that will cause problems at scale — and surface them before they become production incidents. 

QUALIFICATIONS 

 Required 

• 3–6 years of hands-on experience with Microsoft Azure cloud services, including Azure App Services, Azure Functions, Azure SQL, Azure DevOps, Azure AD/Entra ID, Azure Key Vault, and Virtual Networks. 

• Demonstrated experience building and maintaining CI/CD pipelines (Azure DevOps Pipelines, GitHub Actions, or equivalent). 

• Working knowledge of cloud security principles: identity and access management, network segmentation, secrets management, encryption at rest and in transit, and security monitoring. 

• Database administration experience: provisioning, performance tuning, backup/recovery, and access control for relational databases (SQL Server / Azure SQL preferred). Experience with PostgreSQL and Azure database migration is a plus. 

• Infrastructure-as-Code proficiency: Terraform, Bicep, or ARM templates. You should be able to define an entire deployment environment in code and spin it up from scratch. 

• Scripting and automation fluency: PowerShell, Bash, Python, or equivalent. Manual, repetitive infrastructure work is a failure mode you actively eliminate. 

• Ability to communicate technical architecture decisions in plain language to non-technical functional leaders. This role fails if you cannot translate. 

• Demonstrated ability to conduct structured code reviews: identifying real vs. mock integrations, assessing security gaps, and providing actionable sprint-level feedback to builders of varying experience levels. 

Preferred 

• Azure certifications: AZ-104 (Azure Administrator), AZ-400 (DevOps Engineer), AZ-500 (Security Engineer), or SC-300 (Identity and Access Administrator). 

• Experience deploying or reviewing applications built with AI-assisted development tools (Claude Code, GitHub Copilot, Microsoft Copilot Studio, or equivalent). Familiarity with the failure patterns of AI-generated code at production deployment — mock connections, hard-coded success states, absent RBAC — is a strong differentiator. 

• Experience supporting non-IT application developers — business analysts, engineers, or operational leaders who build their own tools using low-code/no-code platforms, Power Platform, or custom code. 

• Experience managing LLM API infrastructure: key rotation, rate limit monitoring, cost governance, and secrets management for AI API consumption at the application layer. 

• Familiarity with construction services, field operations, or infrastructure-heavy industries. Candidates who understand the pace, urgency, and field conditions of GSI's work will ramp faster. 

• Experience with cost optimization on Azure: reserved instances, auto-scaling policies, resource tagging for chargeback, and spend alerting. 

• Exposure to containerization (Docker, Azure Container Instances, AKS) and serverless architecture patterns. 

Education 

Bachelor's degree in Computer Science, Information Technology, or a related field — or equivalent professional experience. We value demonstrated capability over credentials.