Azure Infra Support Engineer

About The Position

Requirements

• Minimum 5-7 years of experience in IT administration, with at least 3 years focused on complex Microsoft Azure environments at a senior level
• Proven hands-on experience deploying and managing Azure Defender for Cloud (formerly Security Center), including configuring security policies, monitoring Secure Score, and managing regulatory compliance dashboards
• Expert knowledge of Microsoft Entra ID (Azure AD), specifically including Conditional Access, PIM, MFA deployment, and hybrid identity synchronization (Azure AD Connect)
• Strong experience with Microsoft Intune for device enrollment, configuration profiles, compliance policies, and application deployment
• Deep working knowledge of Windows Server OS and services (Active Directory, patching, hardening, and troubleshooting) in a production setting
• Demonstrated knowledge and understanding of HIPAA Security Rule and HITECH requirements as they apply to cloud infrastructure, data handling, and administrative controls

Nice To Haves

• Microsoft Certified: Azure Administrator Associate (AZ-104)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500) - Highly Preferred
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)

Responsibilities

• Manage, monitor, and configure the full capabilities of Azure Defender for Cloud (now part of Microsoft Defender for Cloud), including securing servers, databases, storage accounts, and Kubernetes clusters
• Implement, audit, and enforce Azure Policy and Azure Blueprints to ensure continuous compliance with healthcare regulations (HIPAA, HITECH, etc.) and organizational security standards
• Drive the vulnerability management program by leveraging the security posture management (CSPM) and threat detection (CWPP) features within Azure Defender for Cloud
• Serve as the primary point of contact for security incidents related to Azure infrastructure, utilizing Microsoft Sentinel (or other SIEM) data integrated with Defender for Cloud alerts for rapid triage and containment
• Design, deploy, and manage advanced features of Microsoft Entra ID (formerly Azure AD), including Conditional Access Policies, Privileged Identity Management (PIM) for Just-in-Time (JIT) access, and Identity Protection
• Manage and troubleshoot identity federation (e.g., SAML, OAuth) for both cloud-native and SaaS applications
• Implement Azure Role-Based Access Control (RBAC) across management groups, subscriptions, and resource groups to enforce the principle of least privilege
• Administer and optimize core Azure services including Virtual Machines (VMs), Virtual Networks (VNets), Network Security Groups (NSGs), Azure Firewalls, Azure Load Balancers/Application Gateways, and Azure Storage Accounts
• Manage and support the mobile device management (MDM) and mobile application management (MAM) policies via Microsoft Intune to secure endpoints and mobile devices accessing protected health information (PHI)
• Maintain expert-level skills in Windows Server administration (patching, group policy, Active Directory, DNS/DHCP) in both Azure IaaS and traditional on-premises/hybrid environments
• Utilize PowerShell, Azure CLI, and Infrastructure as Code (IaC) tools (e.g., Terraform, Bicep) to automate provisioning, configuration, and maintenance tasks
• Advanced ability to diagnose and resolve complex, multi-layered cloud issues spanning identity, network, and security services
• Excellent written and verbal communication skills, with the ability to convey complex technical issues to non-technical staff and executive leadership
• Ability to create and maintain high-quality documentation, runbooks, and disaster recovery plans for regulated environments
• A strong commitment to security best practices and a proactive approach to identifying and mitigating risks before they become incidents