Senior Azure Cloud Engineer

As aSr. Azure Cloud Engineer youcan expect to…

• Design and implement enterprise-scale Azure Landing Zones aligned to Microsoft Cloud Adoption Framework (CAF) and Well-Architected principles (management groups, subscriptions, RBAC, Policy/Initiatives, tags, monitoring, automation).
• Build core services: Compute (VMs/Scale Sets), Storage, Key Vault, Container Registry, and PaaS (e.g., App Service, Functions, AKS integrations) as appropriate.
• Engineer network topologies (hub-and-spoke or Virtual WAN); configure Azure Firewall, Application Gateway/WAF, Private Link, Private DNS, NAT Gateway, DDoS Protection; integrate ExpressRoute/VPN as needed.
• Plan & deploy Azure Virtual Desktop within the broader platform (host pools, app groups, workspaces) using FSLogix profiles on Azure Files/Azure NetApp Files; implement MSIX app attach and Scaling Plans; optimize performance (e.g., RDP Shortpath, GPU SKUs) and instrument with Azure Monitor/Log Analytics/AVD Insights.
• Implement Zero Trust controls with Microsoft Entra ID (Conditional Access, MFA, Privileged Identity Management, app registrations, enterprise apps, SCIM provisioning).
• Apply defense-in-depth using Azure Policy/Initiatives, secure baseline images, Defender for Cloud, Defender for Cloud Apps, Microsoft Defender XDR integrations, and Microsoft Sentinel for SIEM use cases.
• Manage secrets/keys with Key Vault; enforce least-privilege access and compliance controls (e.g., ISO 27001, SOC 2, HIPAA, PCI-DSS, as applicable).
• Build repeatable environments with Terraform and/or Bicep (and ARM where required); codify guardrails, policies, and landing zone modules.
• Integrate with Azure DevOps or GitHub Actions for CI/CD, including validation, testing, linting, and drift detection; use PowerShell/Azure CLI/Python for orchestration and tooling.
• Implement Azure Monitor, Log Analytics, Workbooks, Alerts, and Diagnostics across services; enable Defender and workload insights.
• Engineer backup and disaster recovery with Azure Backup, Site Recovery, cross-region architectures, and recovery runbooks; validate RTO/RPO.
• Drive cost governance using tagging standards, budgets, anomaly alerts, right-sizing, reservations, and Savings Plans via Cost Management + Billing and FinOps best practices.
• Run technical working sessions and pair with client engineers to build, troubleshoot, and unblock deployments.
• Produce operational artifacts: runbooks/SOPs, automation scripts, CI/CD, KQL alerts/dashboards, and handover docs.
• Assess environments and implement remediations for policy/security baselines, patching, DR, and cost optimization.
• Stabilize operations post‑go‑live: incident response/RCA, performance tuning, capacity planning, and change implementation.
• Build reusable modules/templates and contribute to internal repos and standards; provide estimates/status in Azure DevOps/Jira.

Sound interesting? If so, you'll have…

• 5+ years of hands-on experience engineering on Microsoft Azure across networking, compute, storage, identity, and security.
• Proven delivery of enterprise landing zones with Azure Policy, management groups, RBAC, and guardrails.
• Strong Infrastructure as Code (Terraform and/or Bicep) with Azure DevOps or GitHub Actions CI/CD workflows.
• AVD implementation experience: deploy host pools/app groups, configure FSLogix profiles on Azure Files or Azure NetApp Files (shares, NTFS/ACLs, performance tiers), set up scaling plans and AVD Insights monitoring.
• Expertise in Microsoft Entra ID (Conditional Access, PIM, app registrations) and Azure security services (Defender for Cloud, Sentinel, Key Vault).
• Strong proficiency in PowerShell and Azure CLI for automation and deployment; Python experience is a plus.
• Excellent troubleshooting across networking, identity, and platform services; strong written and verbal communication in client-facing contexts.
• Preferred qualifications, but not required:
• Microsoft 365 (Intune, Exchange Online, SharePoint/OneDrive, Teams) and Purview.
• Copilot readiness/governance, Copilot Studio development, Microsoft Foundry experience.
• AKS/Kubernetes, App Service/Functions, or cloud data stores (SQL MI/Cosmos DB).
• Preferred certifications, but not required:
• Microsoft Certified: Azure Solutions Architect Expert
• Microsoft Certified: Azure Administrator Associate
• Microsoft Certified: Azure Security Engineer Associate (or SC-200/SC-300/SC-100)
• Microsoft Certified: DevOps Engineer Expert
• Microsoft 365 Certified (e.g., Enterprise Administrator Expert)

The Perks

We offer competitive pay with and performance-based bonus. Our employees also enjoy generous paid time off and a flexible and affordable benefits program designed to help you be and stay well, including: medical, dental & vision coverage, flexible spending accounts, health reimbursement account, and a 401(k) plan with a company match. Additionally, you'll have the benefit of working alongside enthusiastic and energetic teammates in a dynamic and thriving environment.

HSO is an Equal Opportunity Employer.