Cloud Careers
Careers that design, secure, and operate cloud platforms (AWS, Azure, GCP) and the Windows Server estate that still runs most enterprises. Roles range from a first cloud admin job to FinOps and security architecture at scale.
Salary ranges reflect 2026 USD totals (base plus typical bonus), derived from BLS 2024 OEWS data adjusted for 3% wage growth and cross-checked against Glassdoor and Levels.fyi medians. Cloud and FinOps roles trend higher in San Francisco, Seattle, NYC, and remote-hub markets; clearance-required roles in DC metro add a 10 to 25 percent premium.
Roles in this house
Windows Server Administrator
Entry
$60K to $90K
Runs the Microsoft estate that quietly powers most enterprises: Active Directory, Group Policy, file and print services, DHCP, DNS, and the patch cycle. The job the WSA course in this house prepares you for.
Key Certifications
Core Skills
A Day in the Life
Promote a new domain controller, write a PowerShell script that audits stale user accounts, troubleshoot a GPO that is not applying, schedule the monthly patch window, restore a file from yesterday's backup for a marketing manager.
Azure Administrator
Mid
$95K to $135K
Owns the day-to-day of an Azure tenant: identity in Entra ID, subscriptions and management groups, VMs, storage, networking, monitoring, and cost. The bridge role between traditional sysadmin work and cloud architecture.
Key Certifications
Core Skills
A Day in the Life
Provision a new resource group via Bicep, tune a Conditional Access policy after a help desk ticket, review last month's Azure cost report, troubleshoot a VM that will not RDP, hand off a runbook to the on-call team.
AWS Solutions Architect
Mid
$120K to $170K
Designs AWS environments for resilience, performance, and cost. Owns reference architectures, Well-Architected Framework reviews, and the trade-offs between Lambda, ECS, and EKS for a given workload.
Key Certifications
Core Skills
A Day in the Life
Whiteboard a multi-region active-passive design with a product team, review IaC pull requests for a landing zone, run a Well-Architected review with a customer, write a one-page architecture decision record, brief leadership on a cost optimization plan.
Cloud Solutions Architect (Multi-Cloud)
Senior
$150K to $200K
Designs across AWS, Azure, and GCP. Owns reference patterns for hybrid and multi-cloud, evaluates managed services, sets landing zone standards, and guides large migrations.
Key Certifications
Core Skills
A Day in the Life
Lead an architecture review board, present a migration wave plan to the steering committee, mentor mid-level engineers on landing zone patterns, evaluate a new SaaS vendor's data residency story.
Cloud Security Engineer
Mid
$115K to $155K
Implements and operates security controls in cloud environments. Tunes CSPM tools, writes IaC guardrails, reviews IAM, and pushes shift-left security into pipelines.
Key Certifications
Core Skills
A Day in the Life
Triage CSPM findings, write a Service Control Policy that blocks a risky region, peer review a Terraform module, work with the SOC on a GuardDuty alert, run a tabletop with the IR team for a leaked access key scenario.
DevSecOps Engineer
Mid
$120K to $165K
Sits between platform engineering and security. Owns secure pipelines, SAST / DAST / SCA tooling, secrets management, container image policy, and the feedback loops that keep developers fast without shipping CVEs.
Key Certifications
Core Skills
A Day in the Life
Add a Trivy scan stage to a build pipeline, debug a failed image signing step, help a dev team adopt Vault for database credentials, brief the platform team on a new SBOM requirement.
Kubernetes Security Engineer
Senior
$130K to $180K
Owns the security posture of one or more Kubernetes platforms. Designs RBAC, admission control, network policy, runtime detection, and the supply chain controls that prevent malicious images from reaching production.
Key Certifications
Core Skills
A Day in the Life
Write a Kyverno policy that blocks privileged pods, investigate a Falco alert about a suspicious shell in a container, review a NetworkPolicy migration plan, debug a service mesh mTLS issue.
Cloud Native Security Engineer
Senior
$135K to $185K
Specializes in securing serverless, container, and event-driven architectures. Designs guardrails for Lambda, Step Functions, EventBridge, API Gateway, App Runner, Cloud Run, and the explosion of managed services that legacy security tools never anticipated.
Key Certifications
Core Skills
A Day in the Life
Threat-model a new event-driven workflow, write a guardrail that prevents wildcard IAM in Lambda execution roles, review an API authorizer Lambda, present a serverless security pattern guide internally.
FinOps Security Specialist
Senior
$130K to $175K
Sits at the intersection of cloud cost management and security. Hunts wasted spend that hides security risk (orphaned snapshots holding sensitive data, abandoned IAM roles with active keys, oversized RIs hiding decommissioned workloads), and builds policy that keeps cost and posture aligned.
Key Certifications
Core Skills
A Day in the Life
Run a weekly cost-anomaly review, find 14 abandoned dev accounts with active access keys, write a Cloud Custodian policy that auto-quarantines stale resources, present quarterly savings to finance and the CISO.
Cloud Security Architect
Executive
$170K to $230K
Sets enterprise cloud security strategy. Owns reference architectures for AWS, Azure, and GCP; defines zero-trust patterns; sets standards for landing zones, IaC, identity federation, and data classification. Briefs the CISO and the board.
Key Certifications
Core Skills
A Day in the Life
Chair the cloud architecture review board, brief the CISO on a new data sovereignty requirement, evaluate a major cloud vendor's roadmap, mentor two principal engineers, write a one-page strategy memo for the audit committee.
A common pathway
Windows Server Admin or Cloud Support
0 to 2 years
$60K to $90K
Azure or AWS Administrator
2 to 4 years
$95K to $135K
Cloud Security or DevSecOps Engineer
4 to 7 years
$115K to $185K
Cloud Security Architect
8+ years
$170K to $230K
Certifications that map to this house
AWS Cloud Practitioner CLF-C02
Foundation
Entry-level AWS cert. Validates cloud concepts, AWS pricing, the shared responsibility model, and core service categories. The on-ramp before SAA-C03.
AWS Solutions Architect Associate SAA-C03
Mid
The most-recognized AWS associate cert. Covers VPC, IAM, EC2, S3, RDS, DynamoDB, Lambda, and architecture trade-offs across cost, resilience, and performance.
AWS Security Specialty SCS-C02
Specialty
Deep dive on AWS security: IAM, KMS, GuardDuty, Macie, Inspector, Security Hub, Detective, incident response, and cross-account patterns.
Microsoft AZ-900 / AZ-104 / AZ-500
Foundation to Mid
The standard Azure ladder. AZ-900 is fundamentals, AZ-104 is the administrator badge, AZ-500 is the security engineer specialty. Often paired with AZ-305 for architects.
Microsoft MS-900
Foundation
Microsoft 365 Fundamentals. Validates Microsoft 365 service models, security, compliance, and licensing. Common pairing for admins who own the M365 estate alongside Azure.
(ISC)2 CCSP
Senior
Vendor-neutral cloud security cert from (ISC)2. Six domains spanning architecture, data, platform, application, operations, and legal / compliance. Often required for cloud security architect roles.
CNCF CKS (Certified Kubernetes Security Specialist)
Specialty
Hands-on, performance-based Kubernetes security cert. Requires CKA as a prerequisite. The credential for engineers who own platform security on Kubernetes.
Microsoft AZ-800 / AZ-801 (WSA path)
Foundation to Mid
Hybrid Windows Server administration. AZ-800 covers core hybrid admin, AZ-801 covers advanced hybrid scenarios (security, high availability, disaster recovery, migration). The cert pair the WSA course in this house maps to.