Job Description
Lead Azure Infra Apps Engineer
Location: Offshore
Function: Cloud Run Service Operations
Type: Permanent, Full‑time
Reports to: Service Ops Lead – Platform Services
KPMG Overview
Joining KPMG means joining a talented team of exceptional colleagues who bring innovative thoughts and a natural curiosity to the work they do each day. No one type of person succeeds at KPMG; a diverse business requires diverse personalities, characters and perspectives. There really is a place for you here.You will be working within Group Digital Platform Services Operations man services the broader Firm through delivery of core technology and managed services capabilities, collaboration and innovation development services and building our Alliances network.
Responsibilities
Key Responsibilities
Cloud Platform Support
- Design, implement, and manage Azure IaaS/PaaS workloads, ensuring best‑practice configuration and high availability.
- Lead the modernisation of legacy Wintel services into cloud-native or hybrid-cloud solutions.
- Optimise Azure resources for cost efficiency, performance, and scalability.
Wintel Platform Engineering
- Own the engineering lifecycle for Windows Server platforms (2016–2022), Active Directory, DNS, DHCP, Group Policy, ADFS and related services.
- Provide expert-level troubleshooting and root cause analysis for complex Wintel and cloud incidents.
- Drive OS hardening, patching compliance, and platform security posture improvements.
- Lead upgrades, migrations, and lifecycle management across the Wintel estate.
- Implement security baselines, CIS/Benchmarks, least privilege RBAC, JIT/JEA, Credential Guard, LAPS, and secure RDP patterns.
- Integrate with Sentinel for detection/response; support vulnerability remediation and compliance reporting (ISO 27001, SOC 2, Cyber Essentials Plus, GDPR).
- Manage certificates/PKI, TLS hardening, and secrets management (Key Vault) for Windows workloads.
Security & Compliance
Collaboration Leadership
- Serve as subject-matter expert for Azure and Wintel capabilities, engineering standards, and enterprise patterns.
- Mentor engineers and contribute to skills development across the platform team.
- Act as technical lead on strategic infrastructure projects and major incident resolution.
- Work with Architecture to define cloud and Wintel roadmaps and ensure alignment to enterprise strategies.
Governance, Risk & Compliance
- Ensure solutions comply with security, regulatory, data protection, and audit requirements.
- Maintain documentation, runbooks, and operational knowledge articles.
- Support internal and external audits related to cloud and Wintel services.
Qualifications
Required Skills & Experience
- Deep expertise in Microsoft Azure, including IaaS, PaaS, virtual networks, landing zones, security, and governance.
- Extensive experience managing enterprise Windows Server environments and core infrastructure services.
- Strong scripting/automation experience with PowerShell and infrastructure-as-code tools (ARM, Bicep, Terraform).
- Proven track record of leading technical engineering teams or acting as technical authority.
- Strong understanding of identity (Azure AD/Entra ID), RBAC, conditional access, and security baselines.
- Hands-on experience with monitoring tools (Azure Monitor, Log Analytics, SCOM, etc.).
- Excellent troubleshooting, incident management, and problem-solving skills.
Preferred Qualifications
- Microsoft certifications (AZ-104, AZ-305, or equivalent expert-level).
- Experience with hybrid-cloud environments and migration methodologies.
- Familiarity with DevOps tooling: GitHub, Azure DevOps, CI/CD pipelines.
- Knowledge of ITIL practices, service design, and operational excellence.
Tools & Technologies
- Azure: Compute (VMs/VMSS), Storage (Disks, Files), Networking, ASR, Backup, Key Vault, Monitor, Log Analytics, Defender for Cloud, Sentinel, Policy, Blueprints, Update Manager.
- Windows: Server 2016/2019/2022, AD DS, DNS/DHCP, GPO, AD CS/PKI, Failover Clustering, IIS, SMB.
- Automation/DevOps: PowerShell, DSC, Bicep/ARM (Terraform desirable), Azure DevOps/GitHub Actions, Azure Automation/Functions, Desired State, Pester.
- Mgmt/Config: MECM/SCCM, WSUS, Intune (desirable).
- Observability/SecOps: KQL, Sentinel, Defender for Cloud, MDE, SCOM (legacy familiarity a plus).
#KGS
