Azure Cloud Engineer

Azure Cloud Engineer

About the role

We are hiring an Azure Cloud Engineer to own the design, deployment, security, and day-to-day operation of our Microsoft Azure environment. You will be the person who keeps our cloud secure, scalable, highly available, cost-efficient, and audit-ready — across ISO 27001, NIAF, CIS Benchmarks, and ITIL v4 governance.

This is a hands-on engineering role with end-to-end ownership. You will work alongside our cybersecurity, SOC, infrastructure, application, and business teams, and report into IT/Cloud operations.

What you'll do

Cloud infrastructure & architecture

• Design, provision, configure, and manage Azure cloud infrastructure, including virtual machines, virtual networks, storage accounts, databases, containers, backup services, and platform services.
• Manage Azure subscriptions, management groups, resource groups, policies, naming conventions, tagging standards, and landing zone components.
• Implement scalable and resilient cloud architectures aligned with business and technical requirements.
• Administer hybrid connectivity, including VPN, ExpressRoute, virtual network peering, private endpoints, DNS, and secure routing.
• Maintain cloud infrastructure documentation, diagrams, configuration baselines, and operational runbooks.

Security & governance

• Implement cloud security controls aligned with ISO 27001, NIAF, CIS Benchmarks, and internal security policies.
• Configure and enforce IAM, RBAC, Conditional Access, MFA, Privileged Identity Management, and least-privilege access.
• Enforce encryption for data at rest and in transit across cloud services.
• Configure Microsoft Defender for Cloud, Microsoft Defender Suite, Microsoft Sentinel, Azure Policy, and security baselines.
• Ensure cloud resources are configured securely and continuously monitored for misconfigurations, risks, and non-compliance.
• Manage Entra ID integration with Azure resources, applications, and hybrid identity services.
• Conduct periodic access reviews for privileged and standard cloud access.
• Monitor elevated access activities and investigate privilege misuse or access anomalies.

Monitoring & operations

• Configure Azure Monitor, Log Analytics, Application Insights, Network Watcher, and service health alerts.
• Integrate cloud logs and security events with Microsoft Sentinel and other SIEM/SOC monitoring platforms.
• Monitor cloud performance, availability, security events, resource utilization, and compliance status.
• Create operational dashboards, compliance reports, capacity reports, and security posture reports.
• Investigate cloud alerts related to suspicious activity, failed authentication, policy violations, network exposure, and configuration drift.
• Coordinate with the SOC team to respond to cloud security incidents and threat exposure findings.

Cost & resilience

• Monitor Azure consumption, resource utilization, reservations, and cost trends.
• Identify and remediate unused, underutilized, oversized, or non-compliant resources.
• Apply cost optimization strategies, including right-sizing, reserved instances, savings plans, storage tiering, automation, and lifecycle policies.
• Implement Azure Backup, Azure Site Recovery, Recovery Services Vaults, backup policies, and recovery testing procedures.

Compliance & change management

• Maintain cloud asset inventories, access review records, configuration baselines, vulnerability remediation records, and change documentation.
• Ensure all cloud changes are documented, approved, tested, and implemented through ITIL-aligned change management processes.
• Maintain policies, procedures, standards, runbooks, and compliance dashboards related to cloud operations.
• Work closely with application teams, developers, cybersecurity, infrastructure, SOC, and business units to deliver secure and reliable cloud services.

What you bring

Required

• 5+ years hands-on experience in cloud administration, engineering, or operations — strong focus on Microsoft Azure.
• Proven experience designing, deploying, and managing Azure infrastructure (compute, networking, storage, backup, monitoring, security).
• Solid grasp of Azure landing zones, subscriptions, management groups, Azure Policy, RBAC, and governance.
• Hands-on with Entra ID, Azure RBAC, Conditional Access, MFA, Entra PIM, and least-privilege models.
• Experience in environments governed by ISO 27001, NIAF, CIS Benchmarks, and ITIL v4.
• Hands-on with Microsoft Defender for Cloud, Defender Suite, Microsoft Sentinel, Azure Monitor, Log Analytics, Fortinet, and Freshservice.
• Strong knowledge of cloud security, IAM, PAM, encryption, secure networking, vulnerability management, and compliance reporting.
• Experience with backup, DR, replication, failover testing, and resilience planning.
• Solid understanding of hybrid connectivity, firewalls, VPNs, private endpoints, DNS, and NSGs.
• Strong troubleshooting, documentation, and stakeholder-communication skills.

Preferred

• Bachelor's degree in IT, Computer Science, Cloud Computing, or a related field.
• Microsoft certifications: AZ-104 (Azure Administrator), AZ-305 (Azure Solutions Architect), AZ-500 (Azure Security Engineer).
• ITIL v4 certification.
• Experience with infrastructure-as-code (Bicep, ARM, or Terraform).
• Prior work in a regulated or government-adjacent environment.

Pay: AED10,000.00 - AED16,000.00 per month

Application Question(s):

• What is your expected monthly base salary in AED? (Number)
• How many years of hands-on Azure experience do you have on an enterprise level?
• Do you currently live in, or are willing to relocate, to Dubai?

Work Location: In person