Senior Azure Platform Engineer

This is a fully remote position, open to applicants in Latin America.

📋 Description

• Take charge of and manage our Azure production platform, ensuring secure and dependable application delivery across both Production and Non-Production environments.

• Develop and maintain enterprise Azure foundations, including Landing Zone, networking, and identity/governance.

• Manage production AKS and facilitate secure API ingress along with CI/CD release controls, ensuring robust observability and incident ownership.

• Create and sustain reusable, production-quality Infrastructure as Code (IaC) modules that encompass networking, security, AKS, APIM, Key Vault, monitoring, storage, and application services.

• Assist with hub-and-spoke architectures, environment segmentation, RBAC, Azure Policy, tagging standards, and governance controls across both Prod and Non-Prod.

• Design and troubleshoot VNets, subnets, NSGs, UDRs/route tables, Load Balancers, NAT Gateway, Private Endpoints, Private DNS, and secure traffic patterns for inbound and outbound.

• Implement secure API delivery and ingress using APIM, Application Gateway, Front Door, and WAF, which includes TLS, OAuth2/OIDC/JWT validation, rate limiting/throttling, IP filtering, and private backend connectivity.

• Support Azure Event Hubs (Kafka-compatible) for event-driven services, focusing on throughput planning, monitoring, partitions/consumer groups, and secure access methods.

• Develop multi-stage Azure DevOps YAML pipelines for Dev/QA/Staging/Prod environments, incorporating approvals, validation gates, deployment controls, and rollback strategies for both infrastructure and applications.

• Ensure reliability through the use of Azure Monitor, Log Analytics, Application Insights, and Container Insights; lead incident response and root cause analysis (RCA) with documented remediation and preventive measures.

• Collaborate with engineering teams on deployment strategies, pipeline integration, and operational best practices.

⛳️ Requirements

• 6+ years of experience in DevOps/Cloud/Platform/Infrastructure Engineering within the Azure environment, with practical production experience.

• Strong background in Azure Landing Zone principles: hub-and-spoke architecture, segmentation, governance, RBAC, Azure Policy, tagging, and private connectivity.

• Demonstrated proficiency with Bicep and pull request-based IaC workflows (validation/linting/scanning, controlled changes, drift detection).

• In-depth understanding of Azure networking components: VNets, NSGs, UDRs/route tables, Private Endpoints/DNS, Load Balancers, NAT Gateway, and secure outbound connectivity patterns.

• Hands-on experience operating AKS in production, including private clusters, upgrades, ingress, Helm, autoscaling, and troubleshooting with kubectl (logs/events/probes/DNS/network).

• Familiarity with APIM / App Gateway / Front Door / WAF and API security practices (TLS, OAuth2/OIDC, JWT validation, throttling/rate limiting, IP filtering).

• Experience with Azure DevOps YAML pipelines across various environments, including approvals/gates and rollback strategies.

• Solid understanding of security fundamentals: Entra ID RBAC, managed identities/workload identity, Key Vault, secret rotation, and certificate lifecycle management.

• Proficient in using Azure CLI, PowerShell, and/or Python for automation and operational tools.

• Bonus skills: Experience with Terraform, troubleshooting hybrid connectivity (VPN/ExpressRoute), Azure Firewall, DNS/routing, private service access, GitOps (Flux/ArgoCD), service mesh (Istio), Prometheus/Grafana. Azure certifications (e.g., AZ-400, AZ-305, AZ-104, AZ-500) and experience in FinOps/cost optimization.

🏝️ Benefits

• Over 20 days of paid time off.