Track Lead - Azure DevOps, Terraform

Job Summary

seeking a skilled Infrastructure as Code (IaC) Engineer with deep expertise in Azure Bicep and strong proficiency in Terraform to design, develop, and maintain cloud infrastructure at enterprise scale. As our organization standardizes on Azure-native tooling, Bicep is our primary IaC language for new deployments, while Terraform remains essential for managing existing infrastructure and multi-provider scenarios. You will work closely with the GenAI Centre of Excellence (CoE), platform engineering, and application teams to deliver secure, repeatable, and auditable infrastructure automation.

Key Responsibilities

Azure Bicep Development (Primary) • Serve as a subject matter expert on Azure Bicep, driving adoption as the primary IaC language for all new Azure deployments • Design and build enterprise Bicep module libraries with well-defined parameters, outputs, user-defined types, and comprehensive documentation • Implement Bicep template specs and module registries (Azure Container Registry) for centralized module versioning and distribution across teams • Author Bicep parameter files (.bicepparam) for environment-specific configurations with type safety and validation • Develop subscription-scope and management-group-scope deployments for Azure Policy, RBAC, and resource group provisioning • Build deployment stacks to manage lifecycle of resources, prevent accidental deletion, and enforce deny settings • Perform ARM template decompilation (az bicep decompile) to migrate legacy JSON templates to Bicep • Implement what-if deployments (az deployment group what-if) and preflight validation before production rollouts • Leverage Bicep extensibility features including user-defined types, functions, and import statements for modular design • Create reusable patterns for common Azure topologies: hub-spoke networking, landing zones, and spoke deployments • Integrate Bicep linter rules and custom linter configurations to enforce coding standards across teams • Build CI/CD pipelines for Bicep using GitHub Actions / Azure DevOps with automated validate, what-if, and deploy stages • Develop Bicep-based Azure Verified Modules (AVM) patterns for organizational standards • Apply conditional deployments, loops, and batch sizing for complex multi-resource provisioning Terraform Development & Operations (Secondary) • Maintain and enhance existing Terraform modules following DRY principles and enterprise standards • Implement multi-environment deployments (dev, test, UAT, prod) using workspaces, backend configs, and .tfvars files • Manage Terraform state securely using Azure Storage backends with state locking and encryption • Develop and enforce naming conventions, tagging strategies, and variable management patterns • Build CI/CD pipelines (GitHub Actions / Azure DevOps) for automated plan, validate, and apply workflows • Conduct code reviews for Terraform pull requests ensuring quality, security, and compliance • Support migration efforts from Terraform to Bicep where strategically appropriate • Leverage Terraform for multi-cloud or hybrid scenarios where Azure-native Bicep is not applicable Cloud Infrastructure & Architecture • Provision and manage Azure resources including: o 🖥️ Compute: Virtual Machines, VM Scale Sets, App Services, Container Apps, AKS o 🌐 Networking: VNets, Subnets, NSGs, Application Gateways, Private Endpoints, DNS o 🗄️ Storage: Storage Accounts, Blob, File Shares, Data Lake o 🗃️ Databases: Azure SQL, Cosmos DB, PostgreSQL Flexible Server o 🔗 Integration: Logic Apps, API Management, Service Bus, Event Grid o 📊 Monitoring: Application Insights, Log Analytics, Azure Monitor, Dashboards, Workbooks o 🔐 Security: Key Vault, Managed Identity, RBAC, Azure Policy, Defender for Cloud • Design infrastructure that aligns with the Azure Well-Architected Framework (reliability, security, cost optimization, operational excellence, performance efficiency) Governance, Security & Compliance • Implement Azure Policy as Code for guardrails and compliance enforcement • Apply least-privilege RBAC role assignments using managed identities • Ensure secrets management via Azure Key Vault with zero hardcoded credentials • Support audit and compliance requirements through infrastructure documentation and drift detection • Integrate security scanning (tfsec, checkov, trivy) into CI/CD pipelines Collaboration & Documentation • Maintain comprehensive module docum

Skill Requirements

IaC Tools Azure Bicep (primary), Terraform (v1.5+), ARM Templates Cloud Platform Microsoft Azure (multi-subscription, hub-spoke topologies) CI/CD GitHub Actions, Azure DevOps Pipelines, YAML-based workflows Version Control Git, GitHub (branching strategies, PR workflows, code reviews) Scripting PowerShell, Bash, Python Security Azure Policy, RBAC, Key Vault, Managed Identity, Private Endpoints Networking VNets, Subnets, NSGs, DNS, Load Balancers, Application Gateways Monitoring Azure Monitor, Application Insights, Log Analytics, KQL Containers Docker, AKS (Kubernetes fundamentals) Testing Bicep linter, Bicep what-if, PSRule for Azure, Terraform validate, tflint, tfsec, checkov

Other Requirements

Azure Bicep │ Bicep Registry (ACR) │ Template Specs │ Deployment Stacks Terraform │ ARM Templates │ GitHub Actions │ Azure DevOps PowerShell │ Azure CLI │ Bash │ Python │ Git │ Docker │ Kubernetes (AKS) Azure Monitor │ Application Insights │ Log Analytics │ KQL Azure Policy │ Key Vault │ Managed Identity │ Microsoft Entra ID PSRule for Azure │ Bicep Linter │ tflint │ tfsec │ checkov │ trivy VS Code │ Bicep Extension │ Terraform Extension │ pre-commit hooks