Azure Cloud Engineer (LATAM, Remote)
Remote - Canada \| Contract
Client: Azure-exclusive consultancy helping mature startups migrate to Azure and get enterprise-ready
Location: Remote within Latin America
Language: English B2+ or higher
Engagement: Full-time, long-term contract
Responsibilities
Build and run Azure landing zones and workloads aligned to Microsoft Cloud Adoption Framework: subscriptions, RBAC, policies, networks, and baseline services.
Execute migrations from AWS/GCP to Azure using Azure Migrate, Database Migration Service, Storage Mover, and targeted refactors to PaaS where appropriate.
Implement Infrastructure as Code with Terraform and/or Bicep; standardize modules, variables, and environment conventions.
Create and maintain CI/CD for infra and app deploys using GitHub Actions or Azure DevOps; handle approvals, artifacts, and environment promotion.
Stand up core platform services: vNETs (hub-spoke or vWAN), private endpoints, Private DNS, Application Gateway/Front Door, Key Vault, Azure Monitor/Log Analytics/App Insights.
Provision and harden compute and data services: VM/VMSS, App Service/Container Apps, AKS (nice-to-have), SQL MI, Postgres Flexible Server, Azure Files/Blob, Redis, Service Bus/Event Hubs.
Implement security and governance controls: Azure Policy (policy-as-code), Defender for Cloud, MDM/Tagging/Budgets, Just-in-Time access, PIM, workload identities.
Build observability: metrics/logs/traces, useful dashboards, actionable alerts, and basic runbooks for common incidents.
Troubleshoot infra/app deployment issues, perform root-cause analysis, and contribute fixes to modules and pipelines.
Document architectures, runbooks, and "how we operate" notes for handover to client teams.
Mandatory Requirements
4+ years hands-on with Microsoft Azure building and operating production workloads.
Strong IaC with Terraform and/or Bicep; comfortable reviewing ARM output and enforcing standards through code review.
Proficiency with networking on Azure: hub-spoke or vWAN patterns, NSGs, UDRs, Private Endpoints, Private DNS, inbound/outbound controls.
CI/CD experience with GitHub Actions or Azure DevOps for infra and app releases.
Practical security/governance: Azure Policy, RBAC, Key Vault, Defender for Cloud, tagging/budgets; understands least privilege and workload identity patterns.
Monitoring/observability: Azure Monitor, Log Analytics, App Insights; knows how to create alerts that humans can act on.
Migration experience from AWS and/or GCP to Azure including identity mapping, data movement, and low-downtime cutovers.
Scripting ability in PowerShell and/or Python; solid Git discipline and code review habits.
Clear written and verbal communication in English; comfortable collaborating directly with client engineers.
Nice-to-Have
AZ-104 or AZ-305; CKA or AKS experience; FinOps Certified Practitioner.
Experience with App Gateway WAF, Front Door, Azure Firewall, ExpressRoute/S2S VPN.
Supply-chain hardening: GitHub Advanced Security, image signing, SBOM basics.
Data-plane migrations (SQL MI, Postgres Flexible, Cosmos DB) and DMS cutover playbooks.
Reusable landing-zone and platform modules published for team use.
Of Note:
You will be required to provide your own laptop and basic software tools.
Completed background checks will be required before the start date if you are selected as a winning candidate.
While we strive to respond to all applicants, please understand that due to the high volume of applications we receive, providing individual feedback or responses to every candidate may not be feasible. Rest assured that your application will be carefully reviewed and considered. We appreciate your understanding and interest in joining our team.