Tower Lead - Windows Azure IaaS, Terraform

Job Summary

We are seeking a highly skilled Windows Subject Matter Expert (SME) with deep hands-on experience migrating Windows-based workloads and applications to Google Cloud Platform (GCP). This is a senior, end-to-end role where the individual will serve as the single point of contact (SPOC) for all Windows-related migration activities within the GCP Migration Programme.

The successful candidate will own the full migration lifecycle — from initial discovery and assessment of Windows environments through to architecture design, infrastructure provisioning via Terraform, CI/CD pipeline setup, cutover, and post-migration operational handover. This role requires a rare combination of deep Windows platform expertise, GCP cloud proficiency, Infrastructure as Code skills, and DevOps engineering capability.

Key Responsibilities

Single Point of Contact – Windows Migration Programme Act as the primary technical SPOC for all Windows workload migrations within the GCP Migration Programme. Own and manage end-to-end migration of Windows-based applications, services, and infrastructure to GCP. Serve as the escalation point for Windows-related technical issues throughout the migration lifecycle. Liaise with application owners, business stakeholders, GCP architects, and project managers to ensure alignment and smooth delivery. Provide regular status updates, risk flags, and migration progress reports to programme leadership. Discovery & Assessment Conduct thorough discovery of existing Windows estate: Active Directory, DNS, DHCP, IIS, SQL Server, .NET applications, file servers, print servers, and Windows-based middleware. Use tools such as Migrate for Compute Engine, Strato Zone, and custom scripts to assess workload compatibility and migration readiness. Identify dependencies between Windows workloads and produce dependency maps. Define migration groupings (waves), prioritisation, and risk ratings for all Windows workloads. Produce a comprehensive Migration Assessment Report and Wave Plan. Architecture & Design Design target GCP architectures for Windows workloads: Compute Engine (Windows Server VMs), Managed Instance Groups, Cloud SQL for SQL Server, Cloud Filestore, Active Directory on GCP. Produce High-Level Design (HLD) and Low-Level Design (LLD) documents for all Windows migration streams. Design hybrid connectivity between on-premises Windows environments and GCP via Cloud Interconnect or Cloud VPN. Architect Windows-specific security controls: Windows Defender, OS Config, patch management via OS Config or WSUS, Group Policy migration strategy. Design licensing strategy for Windows workloads on GCP (BYOL vs. GCP-provided licences, licence mobility). GCP Migration Execution – Windows Workloads Execute Lift & Shift migrations of Windows VMs using Migrate for Compute Engine (formerly Velostrata). Migrate Microsoft SQL Server databases to GCP using Database Migration Service (DMS) or native backup/restore methods. Migrate Active Directory to GCP: extend on-prem AD to GCP or deploy Managed Microsoft AD. Migrate IIS-based web applications (.NET Framework / .NET Core) to Compute Engine or Cloud Run. Perform application modernisation where feasible: containerise Windows workloads using Windows Containers on GKE. Manage DNS cutover, IP re-addressing, and firewall rule migrations. Execute and validate cutover events, including rollback procedures and post-migration smoke testing. Infrastructure as Code – Terraform Develop and maintain Terraform modules for all Windows-related GCP resources: Compute Engine Windows VMs, Managed Microsoft AD, Cloud SQL for SQL Server, Cloud Filestore, firewall rules, and IAM. Implement remote state management using GCS backend with state locking. Create Terraform variable files and environment-specific configurations for dev, UAT, and production. Enforce IaC code quality standards through automated linting (tflint), security scanning (tfsec/Checkov), and peer review. Maintain Terraform documentation including module READMEs, input/output definitions, and usage examples. CI/CD Pipelines & DevOps Design and implement CI/CD pipelines for Windows application deployments using Cloud Build, GitHub Actions, or

Skill Requirements

Skill Area Technologies / Tools Experience Required Windows Platform

Windows Server 2012–2022, AD, DNS, DHCP, IIS, Group Policy, WSUS, PKI, Print Services

8+ years

GCP Core Services

Compute Engine, GKE, Cloud SQL, Cloud Filestore, VPC, Managed Microsoft AD, Cloud DNS, Cloud Build

4+ years

Windows Migration to GCP

Migrate for Compute Engine, DMS, Strato Zone, VPN/Interconnect, DNS cutover

3+ years

SQL Server on GCP

Cloud SQL for SQL Server, Always On AG, DMS, backup/restore, failover clustering

5+ years

Terraform / IaC

Terraform modules, GCS remote state, tflint, tfsec, Checkov, Terragrunt

4+ years

CI/CD & DevOps

Cloud Build, GitHub Actions, Azure DevOps, ArgoCD, Git Ops workflows

4+ years

Automation & Scripting

PowerShell, PowerShell DSC, Ansible, Python, Bash, OS Config

6+ years

.NET / IIS Applications

.NET Framework, .NET Core, IIS, Windows Containers, Cloud Run

4+ years

Windows Security

CIS Benchmarks, Windows Defender, PAM, Beyond Corp, patch management

5+ years

Monitoring

Cloud Monitoring, Cloud Logging, Windows Event Logs, Prometheus, Grafana

3+ years

Other Requirements

Architecture & Design

• High-Level Design (HLD) – Windows target architecture on GCP, network topology, AD design, connectivity.

• Low-Level Design (LLD) – VM specs, IP addressing, firewall rules, AD OU structure, SQL Server configuration.

• Windows Migration Playbook – Repeatable migration patterns, tooling decisions, and lessons learned.

• Licensing Strategy Document – BYOL vs. GCP-provided licence analysis and compliance approach.

Migration Documentation

• Migration Assessment Report – Windows estate discovery findings, readiness scores, and risk register.

• Wave Plan – Workload groupings, migration sequence, timelines, dependencies, and owners.

• Cutover Plan – Detailed step-by-step cutover runbook with rollback procedures and communication plan.

• Post-Migration Validation Report – Test results, performance benchmarks, and sign-off checklist.

Operational Runbooks

• Windows VM Runbook – Start/stop, snapshot, patching, and scaling procedures.

• Active Directory Runbook – AD replication, user provisioning, GPO management, and break-glass access.

• SQL Server Runbook – Backup/restore, failover, Always On AG management, and DR procedures.

• Patch Management Runbook – Patching schedule, OS Config policy management, and remediation steps.

• Incident Response Runbook – Windows-specific incident triage, escalation, and resolution procedures.

Ia

C & Pipeline Documentation:

• Terraform Module Documentation – Module READMEs, input/output variables, usage examples.

• CI/CD Pipeline Design Document – Pipeline stages, branching strategy, approvals, and deployment gates.

• Automation Scripts Library – Documented PowerShell, Ansible, and Python scripts with usage guides.

• Git Ops Workflow Document – Branch policies, PR process, environment promotion strategy.

Security & Compliance

• Windows Security Hardening Guide – CIS benchmark controls applied to GCP Windows VMs.

• IAM & Privileged Access Document – Role definitions, service account design, and PAM approach.

• Compliance Evidence Pack – Control evidence for applicable frameworks (ISO 27001, SOC 2).