Cloud Infrastructure Engineer

About Inovatec:

Inovatec is an exciting growth company based in Vancouver, BC, established in 2006. We are North America’s leading provider of cloud-based software solutions for the automotive, motorcycle, powersports, and equipment financing industries. Our solutions are used by some of the largest banks, credit unions, and finance companies in Canada and the U.S.

At Inovatec, we foster a diverse and inclusive environment that encourages collaboration where we grow together and win as a team. It’s important that we live up to our four core values: make sound decisions, get better every day, act like an owner, and we before me. We thrive by challenging the status quo to push the industry forward, and we know when to have fun! With team members across North America and Europe, we’re committed to investing in the development of our team, no matter where they’re located.

Job Summary

We are seeking a Senior Cloud Infrastructure Engineer (Azure) with 10+ years of experience in enterprise cloud architecture, security, networking, and automation. This role is infrastructure-centric but modernization-focused, with a strong emphasis on the Azure Well-Architected Framework, Defender for Cloud posture management, and compliance (e.g., CIS Benchmarks, ISO/NIST). You will act as a technical driver to design and operate secure-by-design Azure environments based on Zero Trust principles, lead the architectural transition of legacy applications to modern standards, and implement robust network segmentation.

You should have expert-level IaC (Terraform), deep knowledge of Azure networking and identity, and hands-on experience with Azure API Management (APIM), private endpoints, private DNS zones, and migrating legacy authentication to OAuth2 workflows. This is a role for a self-driven engineer who thrives in a fast-changing, fast-paced environment, can handle multiple projects at once, manage stressful situations, meet tight timelines, and deliver on time.

Key Responsibilities

Infrastructure Design & Management

• Architect and deploy Azure infrastructure aligned with the Azure Well-Architected Framework and Zero Trust security-first architecture principles.
• Drive the infrastructure refactoring of .NET applications, including implementingAzure API Managementto wrap legacy monoliths with modern security (OAuth2) and throttling policies.
• Design hub-and-spoke network topologies, implement Private Endpoints, Private DNS Zones, and configure NSGs, route tables, andfirewallrules to strictly isolate production workloads.
• Architect the transition from legacy SMTP dependencies to modern, API-driven transactional email services (e.g., SendGrid integration) to ensure high deliverability and reliability.
• Ensure robust network connectivity and performance, including Azure Load Balancer and Application Gateway for high availability.
• Design andmaintaindisaster recovery strategies, multi-region failover, and backup solutions.

Security & Compliance

• Implement andmaintainsecurity measures to protect data and infrastructure from threats, specifically focusing onPaaS hardening(SQL TDE, Storage Account Firewalls).
• Apply Defender for Cloud and CIS Benchmarks to strengthen security posture and automate compliance reporting.
• Configure Azure Entra ID, Azure AD B2C (Azure Entra Extremal ID), Privileged Identity Management (PIM), and Just-In-Time (JIT) access controls to enforce least-privilege access.
• Ensure compliance with ISO 27001, NIST, and familiarity with ISO 42001 for AI governance.

Automation & IaC

• DrivepragmaticTerraform practices for infrastructure-as-code, creating modular, reusable code that prioritizes speed of delivery and maintainability over complexity.
• Automate manual processes to improve efficiency and reduce errors across provisioning and configuration management.

Monitoring, Incident Management & On-Call

• Implement centralized logging and monitoring solutions using Azure Monitor, Log Analytics, Application Insights, and New Relic to provide end-to-end visibility.
• Integrate logs withMicrosoft Sentineland other SIEM platforms for real-time security and compliance visibility.
• Lead incident management, root cause analysis, and preventive actions for critical infrastructure outages.
• Participate in escalation and on-call rotations for product support, ensuringtimelyresolution of critical infrastructure issues.

Collaboration, Documentation & Knowledge Management

• Collaborate with development and operations teams to bridge the gap between legacy code requirements and modern infrastructure standards.
• Maintain comprehensive documentation, runbooks, andknowledgearticles to support continuity and compliance.
• Provide training and mentorship,leveraging10–15 years of experience in knowledge management and best practices for enterprise-scale environments.

Qualifications

Education & Experience

• Bachelor’s degree in Computer Science, IT, or equivalent experience.
• 10+ years in cloud infrastructure engineering with expert-level Azure experience.
• Expert-levelproficiencyinarchitecturingenterprise-scale Azure Networking using Hub-and-Spoke topology, including advanced configuration of Azure Firewall/WAF, VNET peering, Hybrid Connection (VPN/ExpressRoute) and implementing Zero Trust connectivity for PaaS resources via Private Link, Private Endpoint and Private DNS Zones.
• Provenexpertisein Modernization:Demonstratedability to implement Azure API Management, refactor legacy authentication flows (OAuth2), and modernize database security (TDE/Private Link).
• Strong experience with Terraform (IaC) and automation frameworks.
• Familiarity with Defender for Cloud, CIS Benchmarks, and centralized logging solutions.
• Experience handling escalations and on-call responsibilities for critical infrastructure.

Technical Skills

• Azure services:Azure API Management (APIM), VMs, App Services (Containers), Azure SQL, Storage, Private Link, Private DNS, Azure Load Balancer, Application Gateway.
• Networking:Hub-and-spoke, NSGs, route tables, Azure Firewall, VNET Peering.
• Identity & Security:Azure Entra ID, Azure AD B2C, PIM/JIT, OAuth2/OIDC, Key Vault, SQL TDE.
• Monitoring & Logging:Azure Monitor, Log Analytics, Application Insights, SIEM (Sentinel) integration.
• Compliance:CIS Benchmarks, ISO/NIST frameworks.
• Tooling:Terraform, Azure DevOps, Git, PowerShell/Az CLI.

Soft Skills

• Self-driven Finisher:Adaptable to fast-changing environments with a focus on closing tickets and delivering projects.
• Ability to handle multiple projects, manage stress, and deliver on time.
• Strong communicationand documentation skills.

Preferred Certifications

• Microsoft Certified: Azure Solutions Architect Expert (AZ-305)
• Microsoft Certified: Azure Administrator (AZ-104)
• HashiCorpCertified: Terraform Associate

Our core values:

Make sound decisions: We put ourselves in our customer's shoes, always ensuring we have the right facts and focus on solving the right problems.

Act like an owner: No matter the challenge, we overcome hurdles, seek out solutions, and follow through on commitments to consistently exceed expectations.

Get better every day: With our growth mindset and positive attitude, we apply our passion for innovation not just to our products, but also to ourselves.

We before me: Our collaborative spirit pushes us to act without ego, to communicate openly and honestly, and to win as a team.

What we offer:

• Competitive salary and discretionary bonus
• Flexible work environment
• Career growth
• Monthly team events
• Industry-leading benefits plan