Role Description We are seeking a Senior Cloud Infrastructure Engineer (Azure) with 10+ years of experience in enterprise cloud architecture, security, networking, and automation. This role is infrastructure-centric but modernization-focused, with a strong emphasis on the Azure Well-Architected Framework, Defender for Cloud posture management, and compliance (e.g., CIS Benchmarks, ISO/NIST). You will act as a technical driver to design and operate secure-by-design Azure environments based on Zero Trust principles, lead the architectural transition of legacy applications to modern standards, and implement robust network segmentation. You should have expert-level IaC (Terraform), deep knowledge of Azure networking and identity, and hands-on experience with Azure API Management (APIM), private endpoints, private DNS zones, and migrating legacy authentication to OAuth2 workflows. This is a role for a self-driven engineer who thrives in a fast-changing, fast-paced environment, can handle multiple projects at once, manage stressful situations, meet tight timelines, and deliver on time. Key Responsibilities - Infrastructure Design & Management - Architect and deploy Azure infrastructure aligned with the Azure Well-Architected Framework and Zero Trust security-first architecture principles. - Drive the infrastructure refactoring of .NET applications, including implementing Azure API Management to wrap legacy monoliths with modern security (OAuth2) and throttling policies. - Design hub-and-spoke network topologies, implement Private Endpoints, Private DNS Zones, and configure NSGs, route tables, and firewall rules to strictly isolate production workloads. - Architect the transition from legacy SMTP dependencies to modern, API-driven transactional email services (e.g., SendGrid integration) to ensure high deliverability and reliability. - Ensure robust network connectivity and performance, including Azure Load Balancer and Application Gateway for high availability. - Design and maintain disaster recovery strategies, multi-region failover, and backup solutions. - Security & Compliance - Implement and maintain security measures to protect data and infrastructure from threats, specifically focusing on PaaS hardening (SQL TDE, Storage Account Firewalls). - Apply Defender for Cloud and CIS Benchmarks to strengthen security posture and automate compliance reporting. - Configure Azure Entra ID, Azure AD B2C (Azure Entra External ID), Privileged Identity Management (PIM), and Just-In-Time (JIT) access controls to enforce least-privilege access. - Ensure compliance with ISO 27001, NIST, and familiarity with ISO 42001 for AI governance. - Automation & IaC - Drive pragmatic Terraform practices for infrastructure-as-code, creating modular, reusable code that prioritizes speed of delivery and maintainability over complexity. - Automate manual processes to improve efficiency and reduce errors across provisioning and configuration management. - Monitoring, Incident Management & On-Call - Implement centralized logging and monitoring solutions using Azure Monitor, Log Analytics, Application Insights, and New Relic to provide end-to-end visibility. - Integrate logs with Microsoft Sentinel and other SIEM platforms for real-time security and compliance visibility. - Lead incident management, root cause analysis, and preventive actions for critical infrastructure outages. - Participate in escalation and on-call rotations for product support, ensuring timely resolution of critical infrastructure issues. - Collaboration, Documentation & Knowledge Management - Collaborate with development and operations teams to bridge the gap between legacy code requirements and modern infrastructure standards. - Maintain comprehensive documentation, runbooks, and knowledge articles to support continuity and compliance. - Provide training and mentorship, leveraging 10–15 years of experience in knowledge management and best practices for enterprise-scale environments. Qualifications - Bachelor’s degree in Computer Science, IT, or equivalent experience. - 10+ years in cloud infrastructure engineering with expert-level Azure experience. - Expert-level proficiency in architecting enterprise-scale Azure Networking using Hub-and-Spoke topology, including advanced configuration of Azure Firewall/WAF, VNET peering, Hybrid Connection (VPN/ExpressRoute) and implementing Zero Trust connectivity for PaaS resources via Private Link, Private Endpoint and Private DNS Zones. - Proven expertise in Modernization: Demonstrated ability to implement Azure API Management, refactor legacy authentication flows (OAuth2), and modernize database security (TDE/Private Link). - Strong experience with Terraform (IaC) and automation frameworks. - Familiarity with Defender for Cloud, CIS Benchmarks, and centralized logging solutions. - Experience handling escalations and on-call responsibilities for critical infrastructure. Technical Skills - Azure services: Azure API Management (APIM), VMs, App Services (Containers), Azure SQL, Storage, Private Link, Private DNS, Azure Load Balancer, Application Gateway. - Networking: Hub-and-spoke, NSGs, route tables, Azure Firewall, VNET Peering. - Identity & Security: Azure Entra ID, Azure AD B2C, PIM/JIT, OAuth2/OIDC, Key Vault, SQL TDE. - Monitoring & Logging: Azure Monitor, Log Analytics, Application Insights, SIEM (Sentinel) integration. - Compliance: CIS Benchmarks, ISO/NIST frameworks. - Tooling: Terraform, Azure DevOps, Git, PowerShell/Az CLI. Soft Skills - Self-driven Finisher: Adaptable to fast-changing environments with a focus on closing tickets and delivering projects. - Ability to handle multiple projects, manage stress, and deliver on time. - Strong communication and documentation skills. Preferred Certifications - Microsoft Certified: Azure Solutions Architect Expert (AZ-305) - Microsoft Certified: Azure Administrator (AZ-104) - HashiCorp Certified: Terraform Associate Our core values: - Make sound decisions: We put ourselves in our customer's shoes, always ensuring we have the right facts and focus on solving the right problems. - Act like an owner: No matter the challenge, we overcome hurdles, seek out solutions, and follow through on commitments to consistently exceed expectations. - Get better every day: With our growth mindset and positive attitude, we apply our passion for innovation not just to our products, but also to ourselves. - We before me: Our collaborative spirit pushes us to act without ego, to communicate openly and honestly, and to win as a team. Benefits - Competitive salary and discretionary bonus - Flexible work environment - Career growth - Monthly team events - Industry-leading benefits plan