Cloud Engineer

NewWave Computing Pvt Ltd

Website: newwavecomputing.com
Job details:

Key Responsibilities

Architecture & Delivery

• Design and deploy Azure Landing Zone aligned to Well-Architected Framework: management groups, RBAC, policy, tags, subscriptions.
• Build secure networks: Hub-Spoke, Azure Firewall, NSG/ASG, Private Endpoints, P2S/S2S/ER.
• Implement compute (VMSS, Images, AVD), storage (BLOB/Files), and data protection (Backup/ASR).
• Automate infra with IaC (Terraform/Bicep/ARM) and pipeline it via Azure DevOps/GitHub Actions.
• Implement monitoring/observability: Azure Monitor, Log Analytics, Sentinel; SLO/SLA dashboards and alerting.
• Deliver migration projects (on‑prem/AWS → Azure), including discovery, wave planning, cutover, and stabilization.
• Enable Zero Trust guardrails: Entra ID, Conditional Access, PIM, Defender for Cloud, baseline policies.

Operations & Reliability

• Ownership for incidents, capacity/performance tuning, and RCA.
• Cost governance: budgets, anomaly detection, RI/Savings Plans, rightsizing; monthly FinOps reviews.
• Create runbooks and automate maintenance, patching, backups, and drift remediation.

Presales & Consulting

• Discovery, assessments (CAF, WAF, security posture), TCO/ROI analysis, and solution proposals with clear BoM/Effort.
• Conduct PoCs (e.g., AVD, App Services, AKS baseline), and migration pilots.
• Present architecture and risk/assumption matrices to customer architects and security teams.

People & Practice

• Mentor engineers; review designs/PRs; contribute to standards, patterns, and accelerators.
• Create reusable IaC modules, policy packs, and landing zone blueprints.

Required Skills & Experience

• Strong hands-on across Core Azure: subscriptions/landing zones, networking, compute, storage, identity.
• Security & Governance: Azure Policy/Blueprints, RBAC, Key Vault, Defender for Cloud, Sentinel basics.
• IaC & Automation: Terraform or Bicep (must), Git, pipelines (ADO/GitHub), PowerShell/Bash.
• Networking: vNET peering, vWAN, Private Link, ExpressRoute, DNS, routing/UDR.
• Resiliency: ASR, Backup, Availability Zones, scaling patterns, HA/DR design.
• Observability: Azure Monitor, LA Workspaces, Workbooks, Action Groups; KQL fundamentals.
• Migration: Discovery tooling (Migrate, ASR), dependency mapping, wave plans, cutover orchestration.

Nice to Have

• AKS baseline admin (networking, node pools, secrets, policy), or PaaS (App Service, Functions).
• Data services (Azure SQL/MI, PostgreSQL, Storage lifecycle mgmt) and backup strategies.
• Windows/Linux admin depth; Ansible integration.
• FinOps Practitioner exposure; Cost Management APIs.
• DevSecOps practices; SAST/DAST integration for infra pipelines.

Certifications (Preferred)

• AZ‑104 (Administrator), AZ‑305 (Solutions Architect), AZ‑500 (Security)
• Optional: AZ‑700 (Network), AZ‑400 (DevOps), SC‑200 (SecOps), HashiCorp Terraform Associate
• ITIL Foundation

Click on Apply to know more.