Senior Azure Infrastructure Applications Platform Engineer

Senior Azure Infra Apps Platform Engineer - Consultant - MFT - KGS CH

Senior Azure Infra Apps Engineer

Location: Offshore Function: Cloud Run Service Operations Type: Permanent, Full‑time Reports to: Service Ops Lead – Platform Services

KPMG Overview

Joining KPMG means joining a talented team of exceptional colleagues who bring innovative thoughts and a natural curiosity to the work they do each day. No one type of person succeeds at KPMG; a diverse business requires diverse personalities, characters and perspectives. There really is a place for you here. You will be working within Group Digital Platform Services Operations which services the broader Firm through delivery of core technology and managed services capabilities, collaboration and innovation development services and building our Alliances network.

Key Responsibilities

Cloud Platform Support • Support and maintain highly available Windows Server workloads (2016/2019/2022) on Azure (VMs, VMSS, ASR, Azure Files, Azure Backup, Azure Site Recovery). • Engineer core Microsoft services: Active Directory, Azure AD, Group Policy, DNS/DHCP, ADFS PKI/Certificates, IIS etc

Operations & Reliability • Own the stability, performance, and capacity of Wintel platforms and drive SRE-style reliability practices. • Lead Major Incident technical bridge, perform root cause analysis (RCA), and implement problem management fixes. • Patch, backup, and DR strategy execution (Azure Update Manager, Azure Backup, ASR); regularly test restores and DR playbooks. • Monitoring/observability with Azure Monitor, Log Analytics, Microsoft Sentinel/Defender for Cloud.

Security & Compliance • Implement security baselines, CIS/Benchmarks, least privilege RBAC, JIT/JEA, Credential Guard, LAPS, and secure RDP patterns. • Integrate with Sentinel for detection/response; support vulnerability remediation and compliance reporting (ISO 27001, SOC 2, Cyber Essentials Plus, GDPR). • Manage certificates/PKI, TLS hardening, and secrets management (Key Vault) for Windows workloads.

Collaboration & Leadership • Act as a technical SME for projects; provide design reviews and sign‑off • Mentor engineers; conduct knowledge transfers, create runbooks, and uplift standards. • Partner with Networking, Security, and App teams on cross‑domain designs (e.g., hybrid connectivity, private endpoints, App Gateway/WAF, load balancers).

Required Skills & Experience • 8+ years administering Windows Server platforms; 3–5+ years hands‑on with Azure (IaaS and core PaaS for Windows workloads). • Deep expertise in Active Directory (sites & services, trusts, GPO design, AD CS/PKI) and Entra ID (sync, SSO, conditional access concepts). • Strong PowerShell (modules, functions, error handling), DSC, and infra automation (Bicep/ARM or Terraform). • Proven track record with Azure networking for VMs: VNets, peering, Private DNS, NSGs/ASGs, load balancers, Application Gateway/WAF, ExpressRoute/VPN. • Solid understanding of backup/DR patterns (RPO/RTO), clustering, and performance tuning for Windows workloads. • Experience with observability (Log Analytics/KQL), security tooling (Defender for Cloud, Sentinel), and vulnerability remediation. • Major Incident leadership, RCA/problem management, and stakeholder communication.

Nice to Have • SCCM/MECM, Azure Update Manager, WSUS at scale. • SQL Server on Windows (Ops basics), IIS advanced config, SMB/NFS (Azure Files). • Intune/Autopilot, conditional access, identity governance. • Containers on Windows Server, AKS fundamentals, or Azure Arc for Servers. • Scripting beyond PowerShell (Python) for tooling and data analysis. • Experience in regulated environments (Financial Services, Public Sector, Healthcare).

Certifications (Preferred) • Microsoft Certified: Azure Administrator Associate (AZ‑104) • Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ‑800/801) • Security: SC‑200/SC‑300 (nice to have)

Tools & Technologies • Azure: Compute (VMs/VMSS), Storage (Disks, Files), Networking, ASR, Backup, Key Vault, Monitor, Log Analytics, Defender for Cloud, Sentinel, Policy, Blueprints, Update Manager. • Windows: Server 2016/2019/2022, AD DS, DNS/DHCP, GPO, AD CS/PKI, Failover Clustering, IIS, SMB. • Automation/DevOps: PowerShell, DSC, Bicep/ARM (Terraform desirable), Azure DevOps/GitHub Actions, Azure Automation/Functions, Desired State, Pester. • Mgmt/Config: MECM/SCCM, WSUS, Intune (desirable). • Observability/SecOps: KQL, Sentinel, Defender for Cloud, MDE, SCOM (legacy familiarity a plus).

Experience Level Senior Level