We're seeking a hands-on Senior Azure Cloud Engineer to design, build, and operate secure, scalable platforms on Microsoft Azure. You'll lead infrastructure-as-code delivery with Terraform and Bicep, own CI/CD pipelines, run Kubernetes workloads on AKS, and implement data governance using Microsoft Purview. Strong scripting (PowerShell) and application integration experience (C#/.NET) are essential.
Key Responsibilities
Platform Engineering (Azure):
Design and implement secure Azure landing zones (Hub/Spoke, network, identity, policy, monitoring) with enterprise guardrails.
Infrastructure as Code
: Author reusable Terraform modules and Bicep templates; establish versioning, promotions, and automated compliance (Policy, Blueprints/Definitions).
CI/CD:
Build and maintain multi-stage pipelines (Azure DevOps/GitHub Actions) for both infra (plan/apply, drift detection) and apps (build/test/release), including approvals and environment protections.
Kubernetes (AKS):
Provision and operate AKS clusters; implement RBAC, Pod/Node security, ingress (AGIC/Nginx), secrets (Key Vault CSI), autoscaling, and rolling/blue-green deployments (Helm/Kustomize).
Data Governance (Purview):
Stand up and integrate Purview with Data Lake/Synapse/Databricks; configure collections, scans, lineage, business glossary, access controls, and automate via IaC/SDK.
Automation & Scripting
: Develop PowerShell tooling (Az, Az.KeyVault, Graph), CLI wrappers, and internal modules; write Terratest/Pester tests for quality gates.
App & Integration
: Partner with C#/.NET teams to containerise workloads, design 12-factor services, integrate APIM/Event Grid/Service Bus, and implement identity (Managed Identity, Entra ID).
Security & Compliance
: Enforce least privilege, Managed Identity, private endpoints, Defender for Cloud, vulnerability scanning, and secrets rotation; embed security checks in pipelines.
Observability & Reliability
: Configure Azure Monitor, Log Analytics, App Insights, and Prometheus/Grafana; define SLOs, alerts, and runbooks; drive incident post-mortems and reliability improvements.
Cost & Performance
: Right-size resources, use savings plans/reserved instances, enable tagging/FinOps reporting; optimise storage/compute and AKS node pools.
Documentation & Enablement
: Produce runbooks, architecture diagrams, and how-to guides; mentor engineers and champion DevOps culture.