This job has closed.

Sapphire Software Solutions Inc · 1 day ago

Senior Azure DevOps Engineer

Alpharetta, GA

Contract

Hybrid

Senior Level

Sapphire Software Solutions Inc is seeking a Senior Azure DevOps Engineer to join their team. The role involves maintaining and enhancing Azure environments, developing CI/CD pipelines, and automating infrastructure using Terraform in a hybrid work setting.

Cyber SecurityInformation TechnologyNetwork SecuritySoftware

No H1B

Hiring Manager

Naresh Kumar

Responsibilities

Developing CICD Pipelines for Building Infrastructure using Terraform Scripts automation for Microsoft Azure Cloud

Onboarding and Upgrading applications with highly oriented structures by providing Infrastructure Diagrams, Architecture Diagrams with end-to-end pipeline explanation

Designed and automated Azure infrastructure using Terraform/Bicep, including VNets, Subnets, NSGs, Route Tables, Private Endpoints, Load Balancers, Application Gateways, and platform services

Implemented enterprise-grade Azure Landing Zones with policies, RBAC, Blueprints, cost controls, and governance baselines for multi-subscription environments

Built secure and scalable Hub-Spoke network architectures, including shared services hubs, firewall integration, VNet peering, ExpressRoute connectivity, and Private DNS zones

Automated provisioning of Azure resources leveraging Terraform remote state, workspaces, reusable modules, and CI/CD pipelines via GitHub Actions/GitLab Cl

Defined and enforced enterprise standards for naming, tagging, monitoring, secrets management, identity, and network segmentation across Azure workloads

Designed and implemented Azure Hub-Spoke network topologies to centralize core services (DNS, Firewall, Bastion, Private Link services) and isolate application spokes

Automated VNet and subnet provisioning with Terraform modules, enforced IPAM controls, and configured VNet peering with proper routing and security controls

Integrated Hub-Spoke architecture with ExpressRoute/VPN, designing routes, UDRs, firewall inspection paths, and shared connectivity patterns

Enabled secure Private Link connectivity for AKS, App Services, Databases, Storage Accounts, and API services using centralized Private DNS zones hosted in the Hub

Automated AKS version upgrades across multiple clusters using Terraform + GitHub Actions pipelines, ensuring minimal downtime and controlled rollout windows

Built governance scripts for detecting AKS version drift, unsupported versions, node pool inconsistencies, and enforcing upgrade schedules

Partnered with security and SRE teams to enforce best practices for identity, logging, monitoring, cost governance, and zero-trust networking across Azure workloads

Implemented automated health checks using kubectl, Azure CLI, and Prometheus metrics to validate cluster readiness after upgrades

Designed private AKS clusters with API server VNet integration, private DNS, NAT routing, and role-based Kubernetes access via Azure AD Workload Identity

Configured secure inbound/outbound flows using Azure Firewall, Application Gateway Ingress Controller (AGIC), and NGINX ingress for internal-only applications

Built public AKS clusters for internet-facing applications using WAF-enabled Application Gateway, centralized SSL management, DNS zones, and automated certificate renewals

Hardened clusters with Pod Security Standards, Network Policies, managed identities, Key Vault CSI integration, and image scanning tools

Standardized Kubernetes deployment patterns using Helm for Deployments, StatefulSets, Services, HPAs, ConfigMaps, Secrets, Ingress rules, and service mesh integration

Architected enterprise-scale Azure landing zones and automated provisioning of critical infrastructure (VNets, Private Endpoints, App Gateway, AKS, Redis, Cosmos DB) using reusable Terraform modules and governance frameworks

Led modernization of CI/CD pipelines using GitHub Actions and GitLab CI, enabling predictable and secure provisioning of both infrastructure and application workloads

Qualification

Azure DevOpsTerraformCI/CD PipelinesKubernetesAzure InfrastructureData LakesData BricksAzure Data FactoryGitHub ActionsSoft Skills

Required

Local to Alpharetta or Atlanta GA (hybrid onsite 3x a week)-Need only locals

12mo + contract-Only W2

Azure Devops/SRE experience

Experience with Terraform or Terragrunt for CICD Pipelines

Experience with Data Lakes and Data bricks

Developing CICD Pipelines for Building Infrastructure using Terraform Scripts automation for Microsoft Azure Cloud

Experience with Azure resources such as Resource groups, Storage accounts, keyvault, container registry, App services, AKS, Redis cache, Cosmos DB, DNS, Active Directory, APIM, Azure monitor, App insights

Onboarding and Upgrading applications with highly oriented structures by providing Infrastructure Diagrams, Architecture Diagrams with end-to-end pipeline explanation

Designed and automated Azure infrastructure using Terraform/Bicep, including VNets, Subnets, NSGs, Route Tables, Private Endpoints, Load Balancers, Application Gateways, and platform services

Implemented enterprise-grade Azure Landing Zones with policies, RBAC, Blueprints, cost controls, and governance baselines for multi-subscription environments

Built secure and scalable Hub-Spoke network architectures, including shared services hubs, firewall integration, VNet peering, ExpressRoute connectivity, and Private DNS zones

Automated provisioning of Azure resources leveraging Terraform remote state, workspaces, reusable modules, and CI/CD pipelines via GitHub Actions/GitLab CI