DevOps Engineer
Indexed description
About the Role
We are seeking an experienced DevOps Engineer with deep expertise in Microsoft Azure to join our cloud infrastructure team. You will own the design, implementation, and operation of our cloud-native platform built on Azure Kubernetes Service (AKS), Azure Container Apps,
and modern CI/CD pipelines. Your work will directly impact the reliability, scalability, and security of production systems serving thousands of users.
This role is ideal for someone who breathes containers, thinks in pipelines, and has strong hands-on experience shipping production workloads on Azure using Kubernetes and Container Apps.
Key Responsibilities
Azure Cloud Infrastructure
• Architect, provision, and manage Azure infrastructure using Infrastructure as Code (Bicep, ARM templates, Terraform).
• Administer Azure subscriptions, resource groups, RBAC, policies, and cost management across environments (dev, staging, prod).
• Design and maintain Azure Virtual Networks, NSGs, Private Endpoints, DNS zones, and ExpressRoute/VPN connectivity.
• Manage Azure Key Vault, Managed Identities, and Azure AD integrations for secure service-to-service authentication.
• Monitor infrastructure health using Azure Monitor, Log Analytics Workspaces, and Application Insights dashboards.
Kubernetes & Azure Kubernetes Service (AKS)
• Design, deploy, and operate production-grade AKS clusters with node pools, autoscaling, and availability zone support.
n Configure Cluster Autoscaler and Horizontal Pod Autoscaler (HPA) for dynamic workload scaling.
n Manage node upgrades, blue-green cluster migrations, and maintenance windows with zero downtime.
• Implement and maintain Kubernetes networking using Azure CNI, Calico network policies, and Ingress controllers (NGINX / AGIC).
• Manage Kubernetes workloads: Deployments, StatefulSets, DaemonSets, CronJobs, and Custom Resources (CRDs).
• Enforce pod security standards, RBAC policies, and OPA/Gatekeeper admission controls across all namespaces.
• Set up and manage Helm chart repositories; version and deploy application releases using Helm or Kustomize.
• Integrate service mesh solutions (Istio / Linkerd / OSM) for traffic management, mutual TLS, and observability.
• Maintain persistent storage using Azure Disk CSI, Azure Files CSI, and persistent volume claim lifecycles.
Azure Container Apps
• Design and deploy microservices and event-driven workloads on Azure Container Apps (ACA) environments.
n Configure KEDA-based autoscaling rules driven by HTTP, Azure Service Bus, Event Hubs, and custom metrics.
n Manage Container Apps environments, Dapr sidecars, and service-to-service invocation patterns.
• Integrate Container Apps with Azure Container Registry (ACR), Key Vault references, and Managed Identity bindings.
• Design traffic splitting and revision management strategies for safe canary and blue-green deployments on ACA.
• Troubleshoot Container Apps console logs, system logs, and Dapr diagnostics using Log Analytics.
CI/CD Pipelines & Deployment
• Build and maintain end-to-end CI/CD pipelines using Azure DevOps Pipelines (YAML-based, multi-stage).
n Implement pipeline templates, variable groups, environments, and approval gates for release governance.
n Configure self-hosted agents on AKS and Azure VMSS agent pools for scalable pipeline execution.
• Implement GitOps workflows using Flux CD or Argo CD for declarative cluster state management.
n Manage GitOps repositories, Kustomize overlays, and automated drift detection/reconciliation.
• Integrate GitHub Actions and Azure DevOps for container image build, scan, push, and deploy workflows.
• Automate blue-green, canary, and rolling deployment strategies across AKS and Container Apps.
• Implement deployment verification using automated smoke tests, readiness checks, and rollback triggers.
• Manage artifact versioning, semantic release, and container image tagging conventions with ACR.
Containers & Image Management
• Write optimized, multi-stage Dockerfiles; enforce base image standards and vulnerability hygiene.
• Manage Azure Container Registry (ACR) with geo-replication, retention policies, and webhook triggers.
• Integrate container image scanning (Microsoft Defender for Containers, Trivy) into CI pipelines.
• Enforce image signing and supply chain security using Notary v2 / Cosign and ACR Trust Policies.
• Maintain a private Helm chart registry within ACR for internal service distribution.
Observability, Monitoring & SRE
• Design a full-stack observability solution: metrics (Azure Monitor / Prometheus), logs (Log Analytics), and traces (Jaeger / OpenTelemetry).
• Build Azure Monitor workbooks, Grafana dashboards, and alert rules for SLI/SLO tracking.
• Configure Prometheus + Alertmanager on AKS with PagerDuty / OpsGenie integrations for on-call workflows.
• Define and track SLOs, error budgets, and drive reliability improvements through blameless post-mortems.
• Perform capacity planning, load testing, and chaos engineering exercises (Azure Chaos Studio, LitmusChaos).
Security, Compliance & Governance
• Enforce Azure Security Center / Microsoft Defender for Cloud recommendations across subscriptions.
• Implement Azure Policy initiatives for compliance (CIS, SOC 2, ISO 27001) and auto-remediation.
• Manage secrets lifecycle with Azure Key Vault, CSI Secret Store Driver, and workload identity federation.
• Conduct regular vulnerability assessments, network penetration test support, and remediation tracking.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search