Azure Cloud Administrator

Description:

We are seeking an experienced Azure Cloud Administrator/Architect with deep expertise in Azure networking and strong hands-on experience managing Azure Key Vault, Databricks, Blob Storage, and SQL Server (Azure SQL) environments. You will design, implement, and operate secure, scalable cloud infrastructure with a particular emphasis on networking, connectivity, and secure data access patterns.
Key Responsibilities : 

Network Design and Architecture
• Design and implement scalable, secure Azure network architectures including VNets, subnets, NSGs, UDRs, and VNet peering with zero trust
• Develop hub-and-spoke and landing zone network topologies for enterprise workloads.
• Architect and maintain hybrid connectivity using VPN Gateway, ExpressRoute, and Azure Virtual WAN.
• Design multi-region and high-availability network architectures including front-door/load-balancing strategies.
Cloud Infrastructure and Platform Management
• Deploy and manage Azure networking components: Application Gateway (incl. WAF), Azure Firewall, Azure Load Balancer, Azure Front Door, and Traffic Manager.
• Configure and optimize private endpoints, service endpoints, and Private Link services for PaaS resources (Key Vault, Storage, SQL, Databricks).
• Implement and manage Azure DNS and Private DNS zones for internal and external name resolution.
• Use Azure Monitor, Network Watcher, Log Analytics, and Connection Monitor for proactive network health monitoring and troubleshooting.
Security, Identity, and Compliance
• Design and implement network security controls: NSGs, ASGs, Azure Firewall policies, DDoS Protection, WAF policies, and just-in-time access.
• Secure access to Azure Key Vault with private endpoints, RBAC, and policies aligned with least-privilege principles.
• Implement secure connectivity patterns for Blob Storage, Azure SQL, and Databricks (e.g., no public access, private endpoints, trusted services).
• Ensure compliance with internal policies and external standards (e.g., ISO 27001, SOC 2, GDPR), and support audits and security assessments.
Key Vault Management
• Configure and manage Azure Key Vault for secrets, keys, and certificates.
• Implement network-restricted Key Vaults using private endpoints and firewall rules.
• Integrate Key Vault with Azure Databricks, App Services, Functions, and CI/CD pipelines for secure secret management.
• Establish backup, recovery, rotation policies, and monitoring/alerting for Key Vault usage and access anomalies.
Azure Databricks Management
• Design secure network architecture for Databricks workspaces including VNet injection, private endpoints, and secure connectivity to data sources.
• Configure NSGs, route tables, and subnets for Databricks clusters and data plane/control plane separation where applicable.
• Manage secure access from Databricks to Blob Storage, Data Lake, Azure SQL, and Key Vault.
• Collaborate with data engineering and analytics teams on cluster configuration, workspace governance, and cost-optimized architectures.
Blob Storage and Data Platform Management
• Design and manage Azure Storage accounts (Blob, ADLS Gen2) with network rules, private endpoints, and encryption options.
• Implement storage firewall policies, shared access signature (SAS) governance, and identity-based access (Azure AD / RBAC).
• Optimize performance, lifecycle management, and cost for storage accounts used by Databricks and SQL workloads.
• Ensure secure data transfer patterns (SFTP, VPN, ExpressRoute) and proper segregation between environments (dev/test/prod).
SQL Server / Azure SQL Management
• Configure and manage Azure SQL Database / SQL Managed Instance / SQL Server on Azure VMs with secure connectivity.
• Implement private endpoints, service endpoints, and firewall rules for SQL, avoiding public exposure where possible.
• Collaborate on backup, DR, high availability, and maintenance windows while ensuring network configurations support SLAs.
• Integrate SQL with on-premises systems via ExpressRoute/VPN and ensure secure access from application tiers and Databricks.
Automation and Infrastructure as Code
• Develop and maintain Infrastructure as Code (Terraform) for all network, Key Vault, Databricks, Storage, and SQL resources.
• Implement CI/CD pipelines (Azure DevOps or GitHub Actions) for repeatable, tested infrastructure deployments.
• Automate operational tasks such as provisioning, configuration, compliance checks, and tagging using PowerShell, Azure CLI, or Python.
• Maintain clear documentation, diagrams, and runbooks for deployed architectures and standard operating procedures.
Required Qualifications
Technical Skills
• 5-7+ years of experience in Azure cloud administration/architecture roles with professional grade certification
• Deep hands-on expertise with Azure networking (VNets, peering, VPN Gateway, ExpressRoute, Application Gateway, Azure Firewall, Load Balancer, Front Door, Traffic Manager).
• Strong understanding of TCP/IP, routing, DNS, VPNs, and network security concepts.
• Practical experience managing:
o Azure Key Vault (network-restricted vaults, policies, integrations).
o Azure Databricks (VNet injection, private endpoints, secure data access).
o Azure Blob Storage / ADLS (network rules, private endpoints, IAM).
o Azure SQL (private endpoints, firewalls, hybrid connectivity).
• Proficiency with Infrastructure as Code (Terraform strongly preferred; Bicep/ARM is a plus).
• Experience using Azure Monitor, Network Watcher, Log Analytics, and related tools for observability and troubleshooting.
• Scripting skills in PowerShell and/or Python; strong Azure CLI usage.
Certifications