virtusa
Azure Landing
Job description
We are seeking a Senior Azure Infrastructure Engineer to design, deploy, and harden the foundational cloud environment for an enterprise-grade Agentic AI Platform. In this role you will own the Azure Landing Zone - from subscription topology and hub-spoke networking through to Private Link integration, state backends, and Terraform module libraries that the rest of the platform team will consume.
The ideal candidate has delivered production Azure Landing Zones, maintains a strong infrastructure-as-code discipline, and has proven experience building fully private, compliance-ready network architectures on Azure. Key Responsibilities Landing Zone Architecture Design and implement the Azure Landing Zone using a hub-spoke topology with management groups, subscription vending, and Azure Policy baselines. Stand up the foundational networking (VNets, subnets, peering, DNS). Network Isolation & Private Link Provision Private Endpoints for all platform services - Microsoft Foundry (Agent Service), Azure OpenAI, AI Search, Cosmos DB, Key Vault, Storage, and API Management. Ensure zero public endpoints in production. Configure NSGs per subnet with least-privilege rules. Terraform Module Library Author reusable, versioned Terraform modules for every infrastructure component (networking, compute, data, security). Establish module registry, CI-based validation (terraform validate, tflint, checkov), and a pull-request review workflow. Category Required Expertise Infrastructure as Code Terraform (advanced module authoring, workspaces, remote state). Bicep familiarity is a plus. Networking & Security Hub-spoke VNet design, Private Link / Private Endpoints, NSG/ASG, Azure Firewall Premium, DNS Private Zones, S2S VPN or ExpressRoute. Azure DevOps Pipelines (YAML), Git branching strategies, automated IaC testing (checkov, tflint, terraform plan in CI).
Preferred Qualifications Experience 6+ years in IT infrastructure, with at least 3 years focused on Azure. Prior experience delivering an Azure Landing Zone from scratch is strongly preferred. Must have managed Terraform at scale (50+ modules, multi-environment state). Certifications Microsoft Certified Azure Solutions Architect Expert (AZ-305), Azure Administrator Associate (AZ-104), or Terraform Associate.


