Azure Infra Support Engineer

Job ID: Con-Eng-Pun-1291

Location: Pune

This role is for a senior-level administrator with deep expertise in Microsoft Azure cloud infrastructure, traditional server administration, and specialized security knowledge of Microsoft’s security suite, particularly Azure Defender for Cloud. The candidate will be critical in maintaining a secure, highly available, and compliant cloud environment for sensitive healthcare data.

Key Responsibilities

• Cloud Security and Compliance:
• Azure Defender for Cloud (Security Center): Manage, monitor, and configure the full capabilities of Azure Defender for Cloud (now part of Microsoft Defender for Cloud), including securing servers, databases, storage accounts, and Kubernetes clusters
• Compliance & Audit: Implement, audit, and enforce Azure Policy and Azure Blueprints to ensure continuous compliance with healthcare regulations (HIPAA, HITECH, etc.) and organizational security standards
• Threat & Vulnerability Management: Drive the vulnerability management program by leveraging the security posture management (CSPM) and threat detection (CWPP) features within Azure Defender for Cloud
• Incident Response: Serve as the primary point of contact for security incidents related to Azure infrastructure, utilizing Microsoft Sentinel (or other SIEM) data integrated with Defender for Cloud alerts for rapid triage and containment
• Microsoft Entra ID (Identity & Access Management):
• Identity Management: Design, deploy, and manage advanced features of Microsoft Entra ID (formerly Azure AD), including Conditional Access Policies, Privileged Identity Management (PIM) for Just-in-Time (JIT) access, and Identity Protection
• Federation & SSO: Manage and troubleshoot identity federation (e.g., SAML, OAuth) for both cloud-native and SaaS applications
• Access Control: Implement Azure Role-Based Access Control (RBAC) across management groups, subscriptions, and resource groups to enforce the principle of least privilege
• Infrastructure & Server Administration:
• Azure Infrastructure: Administer and optimize core Azure services including Virtual Machines (VMs), Virtual Networks (VNets), Network Security Groups (NSGs), Azure Firewalls, Azure Load Balancers/Application Gateways, and Azure Storage Accounts
• Microsoft Intune (Endpoint Management): Manage and support the mobile device management (MDM) and mobile application management (MAM) policies via Microsoft Intune to secure endpoints and mobile devices accessing protected health information (PHI)
• OS & Server Administration: Maintain expert-level skills in Windows Server administration (patching, group policy, Active Directory, DNS/DHCP) in both Azure IaaS and traditional on-premises/hybrid environments
• Automation: Utilize PowerShell, Azure CLI, and Infrastructure as Code (IaC) tools (e.g., Terraform, Bicep) to automate provisioning, configuration, and maintenance tasks
  
  

• Minimum 5-7 years of experience in IT administration, with at least 3 years focused on complex Microsoft Azure environments at a senior level
• Cloud Security Expertise: Proven hands-on experience deploying and managing Azure Defender for Cloud (formerly Security Center), including configuring security policies, monitoring Secure Score, and managing regulatory compliance dashboards
• Identity Expertise: Expert knowledge of Microsoft Entra ID (Azure AD), specifically including Conditional Access, PIM, MFA deployment, and hybrid identity synchronization (Azure AD Connect)
• Endpoint Management: Strong experience with Microsoft Intune for device enrollment, configuration profiles, compliance policies, and application deployment
• Server Administration: Deep working knowledge of Windows Server OS and services (Active Directory, patching, hardening, and troubleshooting) in a production setting
• Healthcare Compliance: Demonstrated knowledge and understanding of HIPAA Security Rule and HITECH requirements as they apply to cloud infrastructure, data handling, and administrative controls
  
  

• Microsoft Certified: Azure Administrator Associate (AZ-104)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500) – Highly Preferred
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
  
  

• Troubleshooting: Advanced ability to diagnose and resolve complex, multi-layered cloud issues spanning identity, network, and security services
• Communication: Excellent written and verbal communication skills, with the ability to convey complex technical issues to non-technical staff and executive leadership
• Documentation: Ability to create and maintain high-quality documentation, runbooks, and disaster recovery plans for regulated environments
• Proactive Mindset: A strong commitment to security best practices and a proactive approach to identifying and mitigating risks before they become incidents