Azure Infrastructure Engineer (Hybrid- Baltimore MD)

About The Position

Requirements

• 3–5+ years of hands-on Azure infrastructure engineering experience in an MSP or enterprise environment.
• Deep expertise in Azure networking, compute, storage, and identity services.
• Strong working knowledge of Microsoft Entra ID / Azure AD, Conditional Access, and hybrid identity.
• Proficiency with PowerShell and Azure CLI for automation and administration.
• Solid on-premises networking skills: routing, switching, VLANs, VPNs, and firewalls (Fortinet, Cisco, or OPNsense preferred).
• Experience with Windows Server, Active Directory, and Linux server administration.
• Strong troubleshooting, documentation, and communication skills.

Nice To Haves

• Microsoft certifications: AZ-104, AZ-305, SC-300, MS-102, or equivalent.
• Experience with Azure Virtual Desktop (AVD) or Windows 365 Cloud PC.
• Familiarity with Terraform, Bicep, or ARM templates for IaC.
• Background with XCP-ng, VMware, or Hyper-V virtualization.
• Exposure to Datto RMM, Autotask PSA, or similar MSP tooling

Responsibilities

• Design, deploy, and manage Azure environments including subscriptions, resource groups, VNets, subnets, NSGs, and route tables.
• Build and maintain Azure Virtual Desktop (AVD), Windows 365 Cloud PC, and Azure Virtual Machines.
• Architect and manage Azure networking: VNet Peering, ExpressRoute, Azure VPN Gateway (including P2S and S2S with Entra ID auth), and Private Endpoints.
• Configure and manage Azure Load Balancers, Application Gateways, Azure Firewall, and Front Door.
• Implement and manage Azure Storage (Blob, File, Table, Queue) and Azure Backup / Azure Site Recovery.
• Work with Azure Monitor, Log Analytics, and Defender for Cloud to ensure operational visibility and security posture.
• Administer Microsoft Entra ID (Azure AD): users, groups, roles, Conditional Access, MFA, and PIM.
• Manage hybrid identity: AD Connect, password hash sync, seamless SSO, and Entra ID join scenarios.
• Configure enterprise app registrations, OAuth/OIDC integrations, and admin consent policies.
• Implement and enforce RBAC across Azure subscriptions and resource scopes.
• Support Microsoft 365 tenant administration including Exchange Online, SharePoint, and Teams governance.
• Design and support site-to-site connectivity (IPsec, WireGuard, SD-WAN) between on-prem and Azure.
• Configure routing, switching, VLANs, trunking, and network segmentation on Fortinet, Cisco/Meraki, and OPNsense platforms.
• Manage DNS (split-brain, Azure Private DNS Zones), DHCP, and certificate services in hybrid environments.
• Troubleshoot complex hybrid networking issues: MTU mismatches, asymmetric routing, latency, and firewall policy conflicts.
• Support UniFi and enterprise wireless infrastructure in conjunction with WAN and cloud connectivity.
• Administer Windows Server and Linux environments (on-prem and IaaS).
• Manage virtualization platforms: VMware, Hyper-V, XCP-ng, or equivalent.
• Handle VM lifecycle: provisioning, migrations (including cloud lift-and-shift), snapshots, and capacity planning.
• Support shared storage platforms: SAN, NAS, NFS, iSCSI, and Azure File Sync.
• Manage on-prem Active Directory, Group Policy, and directory-integrated services alongside Entra ID.
• Lead and execute cloud migration projects including M365 tenant consolidations, email migrations (MigrationWiz/BitTitan), and infrastructure lift-and-shift.
• Build and maintain Infrastructure as Code (IaC) using Bicep, ARM templates, or Terraform for repeatable deployments.
• Automate operational tasks using PowerShell, Azure CLI, and Logic Apps/Automation Runbooks.
• Participate in client onboarding, scoping, and technical discovery for cloud transformation engagements.
• Implement and manage Azure security controls: Defender for Cloud, Defender for Endpoint, Sentinel (SIEM), and Key Vault.
• Perform vulnerability remediation, security hardening, and patch management across cloud and hybrid workloads.
• Respond to security incidents in coordination with SOC and security teams.
• Provide Tier 3 escalation support for cloud and hybrid infrastructure incidents.
• Maintain and respond to Azure Monitor alerts, Log Analytics queries, and Defender recommendations.
• Participate in on-call rotations and critical incident response.
• Collaborate with Field Services, NOC, Help Desk, and Project teams on complex cross-functional issues.
• Identify recurring patterns and recommend architectural improvements or automation to prevent recurrence.
• Maintain accurate Azure architecture diagrams, runbooks, and configuration documentation.
• Document incident resolutions, post-mortems, and lessons learned.
• Contribute to and enforce cloud governance standards, naming conventions, tagging policies, and change management practices.
• Develop and maintain SOPs for repeatable cloud deployment and management tasks.

Benefits

• Competitive compensation, career growth path, and investment in certifications and professional development.