[LPS] L2 Azure Cloud Engineer

We’re looking for a Cloud Engineer (Azure) to help operate, and support workloads deployed on the Azure Environment. You’ll work with senior engineers to provision and support Azure resources, enforce governance controls, maintain secure configurations, troubleshoot incidents, and assist with automation and cost optimization—aligned to security policies and project needs. This role will need to be on 24x7 shifts, onsite at customer premises.

Key ResponsibilitiesOperations & SupportPerform day-to-day support for Azure services (e.g., VMs, VNets, Load Balancers, App Service, AKS, Storage, Key Vault, Azure SQL/MI, Backup/ASR)Monitor platform health and alerts via Azure Monitor, Log Analytics, Application Insights, and Sentinel; triage incidents and escalate per runbooks.Execute standard changes (e.g., access requests, tagging, policy compliance fixes) and maintain documentation/runbooks.Provisioning & AutomationProvision resources using ARM/Bicep or Terraform under guidance; maintain parameter files and environment configs.Contribute to CI/CD pipelines (Azure DevOps/GitHub Actions) for infrastructure and application deployment.Assist with image management and baseline configurations (e.g., hardened images, extensions, diagnostic profiles).Governance, Security & ComplianceApply RBAC, PIM (Just-in-Time), Azure Policy, management groups, subscriptions, and resource group standards.Enforce tagging, naming, backup/DR, and identity controls (via Entra ID).Support security tooling (Defender for Cloud, vulnerability remediation, baseline compliance) and participate in change management and audits.Help maintain artefacts for compliance (e.g., configuration baselines, access reviews, patching evidence, cost reports).Networking & ConnectivitySupport VNets, subnets, NSGs, Azure Firewall, Private Endpoints, and diagnostics.Assist with connectivity patterns (e.g., ExpressRoute/VPN, Private Link, service endpoints) in line with landing zone design.Cost & PerformanceSupport cost allocation (tagging), reserved instance/savings plan recommendations, and right‑sizing.Participate in performance troubleshooting and basic capacity planning.Collaboration & Continuous ImprovementWork with application teams, security, and operations to meet SLAs.Contribute to Knowledge Base (KB) articles, SOPs, and automation to reduce toil.Required Qualifications & Skills3 years in cloud/infrastructure/operationsAzure fundamentals: resource groups, VNets, subnets, NSGs, storage, VMs, IAM/RBAC, Key Vault, monitoring.Basic scripting: PowerShell and/or Python.Familiar with IaC (ARM/Bicep or Terraform) and Git-based workflows.Understanding of identity & access concepts (Entra ID), security baselines, and least privilege.Strong troubleshooting skills; able to follow runbooks and document findings.Excellent communication and a service-oriented mindset.Terraform Associate (HashiCorp) – nice to have.Exposure to landing zones/CAF, subscription management, Azure Policy at scale.Familiarity with log analytics KQL, Sentinel, Defender for Cloud.Awareness of public sector IT governance (e.g., change windows, segregation of duties, audit traceability, access reviews).Experience with Containers/AKS, App Gateway/WAF, Private Link, ASR, and Backup.Understanding of cost management (tags, budgets, showback/chargeback).Preferred CertificationsMicrosoft Certified: Azure Fundamentals (AZ‑900)Azure Administrator (AZ‑104) or Azure Security Engineer (SC‑200/SC‑300).