We are seeking a Cloud Network DevOps Engineer with a strong background in network engineering who has transitioned into cloud infrastructure, DevOps, and network automation. This role involves designing, building, and maintaining scalable cloud networking solutions while leveraging automation to enhance efficiency and reliability.
Key Responsibilities
Cloud Networking & Hybrid Connectivity
- Design, deploy, and maintain secure, scalable network infrastructure using Azure Virtual Network (VNet), peering, routing, and Private Endpoints / Private Link.
- Plan and implement Azure Virtual WAN, including hubs, VPN gateways, BGP routing, and branch-to-cloud connectivity.
- Configure and manage Azure-native firewalls, including Azure Firewall, Firewall Manager, and Web Application Firewall (WAF) via Application Gateway or Front Door.
- Integrate Azure networks with on-prem Meraki LANs and Palo Alto firewalls using VPN Gateway and routing best practices.
- Deploy and manage Network Security Groups (NSGs), Load Balancers, Azure Bastion, and Traffic Manager as needed.
DNS Architecture & Migration
- Lead the migration of legacy DNS infrastructure to Azure DNS and Azure DNS Resolver.
- Configure forwarding rulesets, resolution policies, and DNS endpoints to support hybrid name resolution.
- Ensure DNS services are scalable, secure, and aligned with enterprise architecture standards.
Automation & Infrastructure as Code
- Develop and maintain Terraform-based infrastructure-as-code (IaC) modules for network provisioning and lifecycle automation.
- Proficient in coding Python or PowerShell scripts to support monitoring, diagnostics, and operational tasks.
- Build and maintain GitLab CI/CD pipelines to test and deploy infrastructure changes using GitOps workflows.
- Apply policy-as-code and Azure governance tools where appropriate.
Cross-Functional Collaboration
- Work closely with platform engineering and security to ensure secure, performant, and policy-compliant network designs.
- Collaborate with IAM engineers to integrate Microsoft Entra ID and Conditional Access into networking strategies and ZTNA architectures.
- Provide documentation and knowledge transfer to operational and support teams.
Required Qualifications
- Strong experience with Azure Virtual WAN and hybrid connectivity models; familiarity with VPN Gateway is a plus for legacy or fallback scenarios.
- Deep understanding of DNS architecture, including Azure DNS, DNS Resolver, forwarding rulesets, and resolution policies.
- Proficiency with Terraform for infrastructure automation; familiarity with Ansible or other IaC tools is a plus.
- Proficient in Python and PowerShell for network scripting and automation.
- Solid understanding of core networking concepts: TCP/IP, BGP, DNS, DHCP, routing, load balancing, and firewalling.
- Experience supporting production systems in enterprise IT environments.
Preferred Qualifications
- Azure certifications (e.g., Azure Network Engineer Associate).
- Familiarity with Microsoft Entra ID, Conditional Access, and Security Service Edge (SSE) principles.
- Experience managing cloud firewalls and WAF services, with a focus on deployment and configuration.
- Experience in hybrid or multi-cloud environments.
- Knowledge of Azure Network Watcher, Datadog, and other monitoring/logging and diagnostic tools.
- Understanding of security frameworks and governance (e.g., NIST, CIS Benchmarks).
