Job Purpose:
The Senior Cloud Engineer will architect, optimize, and operate the organization’s Microsoft Azure environment to advance a cloud-first strategy. This role leads technical design, drives cost optimization and security posture improvements, and serves as the escalation point for Azure Virtual Desktop (AVD) and core platform services. The ideal candidate combines hands-on engineering excellence with strategic leadership, mentoring, and cross-functional collaboration.
Key Responsibilities:
Azure Cloud Architecture & Platform Engineering
Lead the design, deployment, and lifecycle management of Azure services (compute, storage, networking, identity, data, and PaaS).
Engineer scalable landing zones using Azure Landing Zone (ALZ) patterns, hub-spoke or vWAN architectures, Azure Policy, and RBAC.
Define standards for image management, golden configurations, and module-based IaC patterns for repeatable environments (dev/test/prod).
Partner with architects to make build vs. buy decisions, evaluate new Azure services, and establish platform roadmaps.
Virtual Desktop Infrastructure (AVD)
Own the design and operation of Azure Virtual Desktop, including host pools, scaling plans, FSLogix profiles, and image pipelines.
Implement secure access patterns (e.g., Entra ID Conditional Access) and performance tuning for user experience at scale.
Lead troubleshooting and serve as final escalation for AVD performance, reliability, and connectivity issues.
Cost Optimization & FinOps
Drive FinOps practices: budgets, alerts, showback/chargeback, and unit-cost KPIs.
Implement right-sizing, autoscaling, commitment-based savings (Reservations, Savings Plans), lifecycle policies, and storage tiering.
Use Azure Cost Management, Azure Advisor, and custom dashboards to track, forecast, and report savings to leadership.
Security & Compliance
Improve Secure Score and harden the environment with Microsoft Defender for Cloud, Azure Policy, and Zero Trust principles.
Implement encryption, key management (Azure Key Vault), secret rotation, and least-privilege RBAC.
Partner with Security to integrate Microsoft Sentinel and vulnerability management, and map controls to compliance frameworks.
Automation, CI/CD & Infrastructure as Code
Build and maintain IaC with Terraform and/or Bicep; establish modules, state management, and drift detection.
Integrate platform provisioning into CI/CD (Azure DevOps Pipelines or GitHub Actions) with automated testing and gates.
Automate operational runbooks (PowerShell/Python) for patching, scaling, backups, and disaster recovery drills.
Observability, Monitoring & Reporting
Implement end-to-end observability with Azure Monitor, Log Analytics, Application Insights, and KQL-driven dashboards.
Integrate or federate signals to Grafana/Prometheus/ELK where appropriate; define actionable alerts and SLOs.
Produce executive-ready reports on cost, security posture, reliability, and AVD performance.
Reliability Engineering & Operations
Lead capacity planning, performance tuning, and incident/problem management; participate in and improve on-call rotations.
Design and test backup, disaster recovery, and business continuity (RTO/RPO) strategies.
Establish operational runbooks, post-incident reviews, and continuous improvement mechanisms.
Collaboration, Leadership & Knowledge Sharing
Collaborate with IT, Security, Networking, and App/DevOps teams to align platform capabilities with business objectives.
Mentor engineers, conduct design reviews, and elevate engineering practices through standards and documentation.
Communicate clearly with technical and non-technical stakeholders; influence decisions with data and trade-off analyses.
Key Skills, Qualifications & Experience
Bachelor’s degree in Computer Science, Information Technology, or related field (or equivalent experience).
7–10+ years in infrastructure or cloud engineering, including 5+ years focused on Azure.
Proven experience leading Azure platform initiatives and landing zone implementations at scale.
Hands-on ownership of AVD or similar enterprise VDI solutions in production.
Azure services: Compute (VMs, VMSS), Storage, Networking (vNet, vWAN, ExpressRoute, VPN), AKS, Azure SQL/Managed Instance, App Services, Functions, Event/Grid/Hubs.
Identity & Access: Microsoft Entra ID (Azure AD), Conditional Access, PIM, RBAC.
Security: Microsoft Defender for Cloud, Azure Policy, Key Vault; exposure to Microsoft Sentinel.
IaC & Automation: Terraform and/or Bicep (ARM), PowerShell, Python; GitHub Actions or Azure DevOps.
Observability: Azure Monitor, Log Analytics, Application Insights; Grafana/Prometheus/ELK familiarity.
Cost Management: Azure Cost Management, Advisor, Reservations/Savings Plans; FinOps practices.
Certifications (Preferred): Microsoft Certified: Azure Solutions Architect Expert (AZ-305), Azure Security Engineer (AZ-500), Azure Administrator (AZ-104), Azure Network Engineer (AZ-700), Azure DevOps (AZ-400). HashiCorp Terraform Associate or equivalent. FinOps Certified Practitioner (nice to have).
Show more
Show less