Key skills
AzureCloudDNSFluxGrafanaKafkaPrometheusPythonTerraformVaultPowerShellAnalyticsAKSHelmArgoCDAzure DevOpsAzure MonitorEntra IDJWTGitOpsIstioService MeshCI/CDWAFFirewall
About this role
Role Overview
- Own and operate our Azure production platform, enabling secure, reliable application delivery across Production and Non-Production environments.
- Build and run enterprise Azure foundations (Landing Zone, networking, identity/governance).
- Operate production AKS and deliver secure API ingress and CI/CD release controls with strong observability and incident ownership.
- Build and maintain reusable, production-grade IaC modules covering networking, security, AKS, APIM, Key Vault, monitoring, storage, and application services.
- Support hub-spoke patterns, environment segmentation, RBAC, Azure Policy, tagging standards, and governance controls across Prod/Non-Prod.
- Design and troubleshoot VNets, subnets, NSGs, UDRs/route tables, Load Balancers, NAT Gateway, Private Endpoints, Private DNS, and secure inbound/outbound traffic patterns.
- Implement secure ingress and API delivery using APIM, Application Gateway, Front Door, and WAF, including TLS, OAuth2/OIDC/JWT validation, rate limiting/throttling, IP filtering, and private backend connectivity.
- Support Azure Event Hubs (Kafka-compatible) for event-driven services, including throughput planning, monitoring, partitions/consumer groups, and secure access patterns.
- Build multi-stage Azure DevOps YAML pipelines for Dev/QA/Staging/Prod with approvals, validation gates, deployment controls, and rollback strategies for both infrastructure and applications.
- Maintain reliability using Azure Monitor, Log Analytics, Application Insights, and Container Insights; lead incident response and RCA with documented remediation and preventive controls.
- Partner with engineering teams on deployment patterns, pipeline integration, and operational best practices.
Requirements
- 6+ years in DevOps/Cloud/Platform/Infrastructure Engineering within the Azure ecosystem, with hands-on production experience.
- Strong experience with Azure Landing Zone concepts: hub-spoke, segmentation, governance, RBAC, Azure Policy, tagging, and private connectivity.
- Proven expertise with Bicep and PR-based IaC workflows (validation/linting/scanning, controlled change, drift awareness).
- Deep knowledge of Azure networking: VNets, NSGs, UDRs/route tables, Private Endpoints/DNS, Load Balancers, NAT Gateway, and secure outbound patterns.
- Production experience operating AKS, including private clusters, upgrades, ingress, Helm, autoscaling, and troubleshooting using kubectl (logs/events/probes/DNS/network).
- Experience with APIM / App Gateway / Front Door / WAF and API security patterns (TLS, OAuth2/OIDC, JWT validation, throttling/rate limiting, IP filtering).
- Experience with Azure DevOps YAML pipelines across environments, including approvals/gates and rollback strategy.
- Strong security fundamentals: Entra ID RBAC, managed identities/workload identity, Key Vault, secret rotation, and certificate lifecycle management.
- Proficiency with Azure CLI, PowerShell, and/or Python for automation and operational tooling.
- Bonus skills: Terraform experience. Hybrid connectivity troubleshooting (VPN/ExpressRoute), Azure Firewall, DNS/routing, private service access. GitOps (Flux/ArgoCD), service mesh (Istio), Prometheus/Grafana. Azure certifications (e.g., AZ-400, AZ-305, AZ-104, AZ-500) and FinOps/cost optimization experience.
Tech Stack
- Azure
- Cloud
- DNS
- Flux
- Grafana
- Kafka
- Prometheus
- Python
- Terraform
- Vault
Benefits
- 20+ Paid time off days