Microsoft Azure Engineer

About The Position

Requirements

• Strong hands-on experience engineering solutions in Microsoft Azure (typically 3+ years Azure-focused, depending on level).
• Demonstrated experience implementing or operating Azure Landing Zones / enterprise Azure foundations.
• Strong IaC experience with Terraform and/or Bicep/ARM (modules, standards, environments, pipelines).
• Solid DevOps experience building CI/CD workflows using Azure DevOps and/or GitHub Actions.
• Migration experience supporting cloud adoption and workload transitions to Azure.
• Working knowledge of core Azure services, including: Azure Networking (VNets, peering, routing, DNS, Private Endpoints) Identity & Access (Entra ID, RBAC, PIM concepts) Compute and platform services (VMs, App Service, Storage, AKS basics) Monitoring (Azure Monitor, Log Analytics)
• Scripting and automation skills with PowerShell, Azure CLI, Bash, and/or Python.
• Ability to write clear documentation and collaborate across engineering, infrastructure, and security teams.

Nice To Haves

• Experience with the Azure CAF methodology and enterprise-scale architecture patterns.
• Strong background in cloud security architecture and operations, including: Defender for Cloud, Sentinel, vulnerability management, secure workload patterns
• Experience with Kubernetes/containers (AKS, ACR, container security concepts).
• Knowledge of FinOps practices (cost allocation, tagging policies, budgets, optimization).
• Experience with hybrid connectivity and enterprise networking: ExpressRoute, VPN Gateway, vWAN.
• Familiarity with SRE/operational best practices (SLIs/SLOs, error budgets, postmortems).
• Certifications (Preferred) AZ-104 (Azure Administrator) AZ-305 (Azure Solutions Architect) AZ-400 (DevOps Engineer) Security: SC-100 / SC-200 (or equivalent experience) Terraform certification (HashiCorp) is a plus
• Key Skills & Tools Azure: Landing Zones, Policy, Management Groups, Networking, Key Vault, Monitor, Defender for Cloud IaC: Terraform, Bicep/ARM (Pulumi optional) DevOps: Azure DevOps, GitHub Actions, Git, CI/CD Scripting: PowerShell, Azure CLI, Bash, Python Security: RBAC, PIM concepts, Private Link, Firewall/WAF, logging/SIEM patterns Migration: Azure Migrate, ASR, DMS (as applicable)

Responsibilities

• Cloud Landing Zones & Platform Engineering Design and implement Azure Cloud Landing Zones aligned to the Microsoft Cloud Adoption Framework (CAF) and enterprise best practices.
• Build and manage core platform components, including: Management groups, subscriptions, and resource organization Standardized networking (hub-spoke or vWAN patterns), DNS, routing, and segmentation Identity integration (Microsoft Entra ID), RBAC, and privileged access approaches
• Implement and maintain governance guardrails using Azure Policy/Initiatives, management group hierarchy, tagging standards, and compliance baselines.
• Define standard patterns for workload onboarding, including subscription vending, baseline monitoring, and security controls.
• DevOps & Automation Build and maintain CI/CD pipelines and automation workflows using Azure DevOps and/or GitHub Actions.
• Enable “platform as a product” capabilities, providing reusable templates and self-service provisioning for engineering teams.
• Automate operational tasks using PowerShell, Azure CLI, Bash, or Python.
• Implement Git-based practices (branching strategy, code reviews, approvals, release management) to support safe, auditable deployments.
• Infrastructure as Code (IaC) Develop and maintain infrastructure using Terraform and/or Bicep (ARM) with modular, reusable design.
• Implement policy-as-code, configuration standards, and environment promotion strategies (dev/test/prod).
• Create and manage secure state handling, secrets management, and pipeline-integrated validations (linting, security scanning, drift detection).
• Document and version IaC modules to accelerate delivery and reduce operational risk.
• Cloud Migrations & Modernization Plan and execute migrations using tools such as Azure Migrate, Azure Site Recovery, and other migration frameworks.
• Support migration strategies including rehost, re-platform, refactor, retire, retain.
• Coordinate with application owners to migrate workloads such as: Virtual machines and VM estates Databases (using Azure Database Migration Service, where applicable) Web apps and APIs (App Service, container platforms, AKS)
• Establish cutover plans, rollback strategies, and post-migration stabilization processes.
• Securing the Cloud (Security & Compliance) Implement cloud security best practices across identity, network, data, and platform layers: Microsoft Defender for Cloud recommendations and secure score improvements Network security controls: NSGs, Azure Firewall, WAF, DDoS, Private Link/Private Endpoints Secrets and key management using Azure Key Vault and managed identities Logging/monitoring security integration using Azure Monitor, Log Analytics, and optionally Microsoft Sentinel
• Partner with security stakeholders to enforce security standards and support audits/compliance requirements (e.g., CIS guidance, internal baselines).