Key Responsibilities
Operations & Support
Perform day-to-day support for Azure services (e.g., VMs, VNets, Load Balancers, App Service, AKS, Storage, Key Vault, Azure SQL/MI, Backup/ASR)
Monitor platform health and alerts via Azure Monitor, Log Analytics, Application Insights, and Sentinel; triage incidents and escalate per runbooks.
Execute standard changes (e.g., access requests, tagging, policy compliance fixes) and maintain documentation/runbooks.
Provisioning & Automation
Provision resources using ARM/Bicep or Terraform under guidance; maintain parameter files and environment configs.
Contribute to CI/CD pipelines (Azure DevOps/GitHub Actions) for infrastructure and application deployment.
Assist with image management and baseline configurations (e.g., hardened images, extensions, diagnostic profiles).
Governance, Security & Compliance
Apply RBAC, PIM (Just-in-Time), Azure Policy, management groups, subscriptions, and resource group standards.
Enforce tagging, naming, backup/DR, and identity controls (via Entra ID).
Support security tooling (Defender for Cloud, vulnerability remediation, baseline compliance) and participate in change management and audits.
Help maintain artefacts for compliance (e.g., configuration baselines, access reviews, patching evidence, cost reports).
Networking & Connectivity
Support VNets, subnets, NSGs, Azure Firewall, Private Endpoints, and diagnostics.
Assist with connectivity patterns (e.g., ExpressRoute/VPN, Private Link, service endpoints) in line with landing zone design.
Cost & Performance
Support cost allocation (tagging), reserved instance/savings plan recommendations, and right‑sizing.
Participate in performance troubleshooting and basic capacity planning.
Collaboration & Continuous Improvement
Work with application teams, security, and operations to meet SLAs.
Contribute to Knowledge Base (KB) articles, SOPs, and automation to reduce toil.
Required Qualifications & Skills
3 years in cloud/infrastructure/operations
Azure fundamentals: resource groups, VNets, subnets, NSGs, storage, VMs, IAM/RBAC, Key Vault, monitoring.
Basic scripting: PowerShell and/or Python.
Familiar with IaC (ARM/Bicep or Terraform) and Git-based workflows.
Understanding of identity & access concepts (Entra ID), security baselines, and least privilege.
Strong troubleshooting skills; able to follow runbooks and document findings.
Excellent communication and a service-oriented mindset.
Terraform Associate (HashiCorp) – nice to have.
Exposure to landing zones/CAF, subscription management, Azure Policy at scale.
Familiarity with log analytics KQL, Sentinel, Defender for Cloud.
Awareness of public sector IT governance (e.g., change windows, segregation of duties, audit traceability, access reviews).
Experience with Containers/AKS, App Gateway/WAF, Private Link, ASR, and Backup.
Understanding of cost management (tags, budgets, showback/chargeback).
Preferred Certifications
Microsoft Certified: Azure Fundamentals (AZ‑900)
Azure Administrator (AZ‑104) or Azure Security Engineer (SC‑200/SC‑300).
Operations & Support
Perform day-to-day support for Azure services (e.g., VMs, VNets, Load Balancers, App Service, AKS, Storage, Key Vault, Azure SQL/MI, Backup/ASR)
Monitor platform health and alerts via Azure Monitor, Log Analytics, Application Insights, and Sentinel; triage incidents and escalate per runbooks.
Execute standard changes (e.g., access requests, tagging, policy compliance fixes) and maintain documentation/runbooks.
Provisioning & Automation
Provision resources using ARM/Bicep or Terraform under guidance; maintain parameter files and environment configs.
Contribute to CI/CD pipelines (Azure DevOps/GitHub Actions) for infrastructure and application deployment.
Assist with image management and baseline configurations (e.g., hardened images, extensions, diagnostic profiles).
Governance, Security & Compliance
Apply RBAC, PIM (Just-in-Time), Azure Policy, management groups, subscriptions, and resource group standards.
Enforce tagging, naming, backup/DR, and identity controls (via Entra ID).
Support security tooling (Defender for Cloud, vulnerability remediation, baseline compliance) and participate in change management and audits.
Help maintain artefacts for compliance (e.g., configuration baselines, access reviews, patching evidence, cost reports).
Networking & Connectivity
Support VNets, subnets, NSGs, Azure Firewall, Private Endpoints, and diagnostics.
Assist with connectivity patterns (e.g., ExpressRoute/VPN, Private Link, service endpoints) in line with landing zone design.
Cost & Performance
Support cost allocation (tagging), reserved instance/savings plan recommendations, and right‑sizing.
Participate in performance troubleshooting and basic capacity planning.
Collaboration & Continuous Improvement
Work with application teams, security, and operations to meet SLAs.
Contribute to Knowledge Base (KB) articles, SOPs, and automation to reduce toil.
Required Qualifications & Skills
3 years in cloud/infrastructure/operations
Azure fundamentals: resource groups, VNets, subnets, NSGs, storage, VMs, IAM/RBAC, Key Vault, monitoring.
Basic scripting: PowerShell and/or Python.
Familiar with IaC (ARM/Bicep or Terraform) and Git-based workflows.
Understanding of identity & access concepts (Entra ID), security baselines, and least privilege.
Strong troubleshooting skills; able to follow runbooks and document findings.
Excellent communication and a service-oriented mindset.
Terraform Associate (HashiCorp) – nice to have.
Exposure to landing zones/CAF, subscription management, Azure Policy at scale.
Familiarity with log analytics KQL, Sentinel, Defender for Cloud.
Awareness of public sector IT governance (e.g., change windows, segregation of duties, audit traceability, access reviews).
Experience with Containers/AKS, App Gateway/WAF, Private Link, ASR, and Backup.
Understanding of cost management (tags, budgets, showback/chargeback).
Preferred Certifications
Microsoft Certified: Azure Fundamentals (AZ‑900)
Azure Administrator (AZ‑104) or Azure Security Engineer (SC‑200/SC‑300).