Azure Cloud Engineer

• Design and implement solutions using Azure VMs, VMSS, Availability Sets/Zones, VNet/Peering, NSGs/ASGs, Load Balancers, Application Gateway/WAF, Private Endpoints, and Azure Storage.
• Implement hybrid connectivity (VPN/ExpressRoute), name resolution (Azure DNS/Private DNS), and landing zones aligned with the Azure WellArchitected Framework.
• Infrastructure as Code & Automation
• Build reproducible environments using Bicep/ARM or Terraform; pipelines via Azure DevOps/YAML (multistage, approvals, environments).
• Automate ops with PowerShell / Az CLI / Python; implement GitOps workflows and standard modules.
• Security & Compliance
• Enforce least privilege and Zero Trust with Azure AD/Microsoft Entra ID, PIM, Conditional Access, Managed Identities, RBAC, Key Vault, and CustomerManaged Keys.
• Configure Defender for Cloud, Secure Score, regulatory compliance initiatives, and JustinTime (JIT) access for VMs.
• Implement network security (WAF, NSG/ASG strategies, DDoS Protection), logging (Sentinel/Log Analytics), and data protection (encryption at rest/in transit).
• DevOps & Delivery
• Create CI/CD pipelines for infrastructure and applications (containers, .NET/Java/Node, etc.); integrate quality gates, security scans, approvals, and artifact versioning.
• Containerize and orchestrate workloads with AKS (if applicable): node pools, autoscaling, ingress, secrets, network policies, Azure CNI.
• Reliability, Monitoring & DR
• Implement backup/restore (Azure Backup), DR/BCP with Azure Site Recovery, update management, and patch baselines.
• Build observability with Azure Monitor, Log Analytics, Application Insights, custom KQL queries, alerts, dashboards, and SLOs.
• Governance
• Apply Azure Policy, Blueprints, management groups, tags, practices rightsizing, reservations, savings plans.
• Collaboration & Enablement
• Partner with security, networking, and application teams; produce HLD/LLD, runbooks, and knowledge transfers; mentor juniors.

We're looking for an Azure Cloud Engineer with deep expertise in Azure IaaS (compute, networking, storage), handson experience with Azure DevOps (CI/CD, IaC), and strong cloud security skills. You'll design, build, secure, and automate enterprisegrade workloads on Azure, ensuring high availability, scalability, cost efficiency, and compliance., * Hands-on expertise with Azure IaaS: VMs/VMSS, VNets, Subnets, NSGs/ASGs, Load Balancer/App Gateway, Private Link/Endpoints, Storage.

• Infrastructure as Code: Bicep/ARM or Terraform (modules, workspaces, remote state, pipelines).
• Azure DevOps: Repos, Boards, Pipelines (YAML), Artifacts; creating secure multistage pipelines with approvals.
• Security: Microsoft Entra ID (Azure AD), RBAC, PIM, Key Vault, Managed Identities, Defender for Cloud, Secure Score, Conditional Access (in partnership with IAM).
• Networking: VNet peering, ExpressRoute/VPN, DNS, WAF, DDoS, routing and firewalling concepts.
• Scripting: PowerShell and Az CLI (Python is a plus).
• Monitoring & Logs: Azure Monitor, Log Analytics/KQL, alerting.
• Operational excellence: Change management, incident response, documentation., * AKS: Ingress, network policies, Azure CNI, Cluster Autoscaler, ACR, GitOps (Flux/ArgoCD).
• PaaS: App Service, Functions, Service Bus/Event Grid, Storage Queues.
• Data & Identity: Private endpoints for PaaS, SQL MI/SQL DB security (TDE, AAD auth), Managed Identities across services.
• Security Ops: Microsoft Sentinel (KQL analytics, hunting, workbooks), Defender for Endpoint/Identity, MDE integration into pipelines.
• Governance: Landing zones, CAF alignment, Policy as Code.
• Compliance: ISO 27001, SOC 2, PCIDSS, HIPAA (as applicable).
• Linux/Windows administration; DSC/Desired State, Packer images.