Azure Network Cloud Engineer

About The Position

Requirements

• 4+ years of hands-on experience designing and managing enterprise Azure networking environments
• Deep expertise in the following Azure networking services:
• Virtual Networks, Subnetting, Peering, UDRs
• ExpressRoute (circuits, gateways, private/Microsoft peering)
• Virtual Network Gateways (VPN, high-availability)
• Azure Virtual WAN (vWAN)
• Azure Firewall & Firewall Manager
• Private Endpoints & Private Link
• Azure Private DNS Resolver
• Load Balancer (Standard SKU preferred)
• Application Gateway (v2 preferred, with WAF)
• NAT Gateway
• Strong understanding of networking fundamentals: TCP/IP, BGP, OSPF (if applicable), subnetting, routing protocols, DNS, firewalls, NAT, load balancing (L3/L4 vs L7)
• Experience with hybrid connectivity scenarios (on-premises to Azure integration)
• Proficiency with Azure management tools: Azure Portal, Azure CLI, PowerShell, ARM/Bicep templates, Terraform (preferred)
• Familiarity with monitoring and logging: Azure Monitor, Network Watcher, Log Analytics, NSG flow logs
• Microsoft Certified: Azure Network Engineer Associate (AZ-700) certification strongly preferred (or willingness to obtain within 6 months)

Nice To Haves

• Experience with Azure Virtual Network Manager for large-scale VNet governance
• Knowledge of Azure Route Server, Azure Bastion, or DDoS Protection Standard
• Exposure to SD-WAN integrations with Azure Virtual WAN
• Scripting/automation experience (PowerShell, Python, or similar) for networking tasks
• Understanding of zero-trust networking and modern security practices

Responsibilities

• Design and implement complex Azure virtual network architectures, including hub-and-spoke models, virtual network peering, and user-defined routes (UDRs) for custom routing scenarios
• Configure and manage routing solutions, including route tables, BGP propagation, route servers (where applicable), and effective route troubleshooting
• Design, deploy, and maintain Azure ExpressRoute circuits — including private and Microsoft peering, ExpressRoute Direct, circuit SKUs/tiers, gateway configurations, and connectivity troubleshooting
• Implement and administer Virtual Network Gateways (VPN Gateways) for site-to-site, point-to-site, and VNet-to-VNet connectivity, including high-availability configurations and policy-based vs. route-based VPNs
• Deploy and manage Azure Virtual WAN (vWAN) deployments, including hub creation, virtual hub routing, secured hubs with Azure Firewall integration, and branch connectivity (VPN/ExpressRoute)
• Configure Azure Firewall (including Firewall Manager, policy rules, DNAT, application rules, network rules, threat intelligence, and IDPS) for centralized network security
• Implement Private Endpoints and Azure Private Link to enable secure, private access to PaaS services without public internet exposure
• Design and manage Azure Private DNS Resolver (inbound/outbound endpoints) for hybrid and multi-VNet DNS resolution scenarios, including conditional forwarding and custom DNS forwarding rules Configure and optimize load balancing solutions:
• Azure Load Balancer (Basic/Standard, internal/external, high-availability ports, backend pools, health probes)
• Azure Application Gateway (v1/v2, WAF-enabled, URL-based routing, SSL termination, multi-site hosting, autoscaling)
• Deploy and manage NAT Gateways for scalable outbound internet connectivity with static public IPs, zone redundancy, and subnet associations
• Implement and maintain other key Azure networking components, including Network Security Groups (NSGs), Azure DDoS Protection, Azure Front Door (where relevant), Traffic Manager, and Network Watcher for monitoring and diagnostics
• Perform network performance tuning, latency optimization, cost analysis, and capacity planning for networking resources
• Troubleshoot complex connectivity, routing, and security issues using tools such as Azure Network Watcher, NSG flow logs, packet capture, IP flow verify, VPN diagnostics, and ExpressRoute monitoring
• Ensure compliance with security standards, least-privilege access, and zero-trust principles in all network designs
• Document network designs, configurations, runbooks, and incident response procedures

Benefits

• Medical with wellness incentives, dental, and vision
• HSA with company match
• Maternity and parental leave
• Tuition reimbursement
• Mentor program
• 401(k) with 6% match