Description and Requirements
Key Responsibilities
Operations & Support
- Perform day-to-day support for Azure services (e.g., VMs, VNets, Load Balancers, App Service, AKS, Storage, Key Vault, Azure SQL/MI, Backup/ASR)
- Monitor platform health and alerts via Azure Monitor, Log Analytics, Application Insights, and Sentinel triage incidents and escalate per runbooks.
- Execute standard changes (e.g., access requests, tagging, policy compliance fixes) and maintain documentation/runbooks.
Provisioning & Automation
- Provision resources using ARM/Bicep or Terraform under guidance maintain parameter files and environment configs.
- Contribute to CI/CD pipelines (Azure DevOps/GitHub Actions) for infrastructure and application deployment.
- Assist with image management and baseline configurations (e.g., hardened images, extensions, diagnostic profiles).
Governance, Security & Compliance
- Apply RBAC, PIM (Just-in-Time), Azure Policy, management groups, subscriptions, and resource group standards.
- Enforce tagging, naming, backup/DR, and identity controls (via Entra ID).
- Support security tooling (Defender for Cloud, vulnerability remediation, baseline compliance) and participate in change management and audits.
- Help maintain artefacts for compliance (e.g., configuration baselines, access reviews, patching evidence, cost reports).
Networking & Connectivity
- Support VNets, subnets, NSGs, Azure Firewall, Private Endpoints, and diagnostics.
- Assist with connectivity patterns (e.g., ExpressRoute/VPN, Private Link, service endpoints) in line with landing zone design.
Cost & Performance
- Support cost allocation (tagging), reserved instance/savings plan recommendations, and right‑sizing.
- Participate in performance troubleshooting and basic capacity planning.
Collaboration & Continuous Improvement
- Work with application teams, security, and operations to meet SLAs.
- Contribute to Knowledge Base (KB) articles, SOPs, and automation to reduce toil.
Required Qualifications & Skills
- 3 years in cloud/infrastructure/operations
- Azure fundamentals: resource groups, VNets, subnets, NSGs, storage, VMs, IAM/RBAC, Key Vault, monitoring.
- Basic scripting: PowerShell and/or Python.
- Familiar with IaC (ARM/Bicep or Terraform) and Git-based workflows.
- Understanding of identity & access concepts (Entra ID), security baselines, and least privilege.
- Strong troubleshooting skills able to follow runbooks and document findings.
- Excellent communication and a service-oriented mindset.
- Terraform Associate (HashiCorp) - nice to have.
- Exposure to landing zones/CAF, subscription management, Azure Policy at scale.
- Familiarity with log analytics KQL, Sentinel, Defender for Cloud.
- Awareness of public sector IT governance (e.g., change windows, segregation of duties, audit traceability, access reviews).
- Experience with Containers/AKS, App Gateway/WAF, Private Link, ASR, and Backup.
- Understanding of cost management (tags, budgets, showback/chargeback).
Preferred Certifications
- Microsoft Certified: Azure Fundamentals (AZ‑900)
- Azure Administrator (AZ‑104) or Azure Security Engineer (SC‑200/SC‑300).
