Azure Cloud DevOps Engineer

MatchPoint Solutions is a fast-growing young energetic global IT-Engineering services company with clients across the US. We provide technology solutions to various clients like Uber Robinhood Netflix Airbnb Google Sephora and more! More recently we have expanded to working internationally in Canada China Ireland UK Brazil and India. Through our culture of innovation we inspire build and deliver business results from idea to outcome. We keep our clients on the cutting edge of the latest technologies and provide

Azure Cloud DevOps Engineer

S o Paulo Brazil

6 Months

Pay rate: $25 - $30/hr on W2

Key Responsibilities

Discovery Ownership & Dependency Mapping

• Identify workload owners: Partner with application platform and network teams to identify and confirm owners for workloads and VNets in scope; ensure contact lists and escalation paths are maintained.
• Map application dependencies: Identify east/west and north/south dependencies for applications owning VNets in scope by leveraging cloud-native tools (e.g. Azure Network Watcher NSG flow logs Connection Monitor Log Analytics Traffic Analytics) and coordinating with app SMEs.
• Capture migration constraints: Document environment-specific requirements including acceptable downtime production vs non-production change windows and validation criteria; incorporate findings into wave planning and runbooks.
• Azure-only scope: Focus on Azure-native services and tooling to support migration readiness (monitoring logging CI/CD IaC); identify any external dependencies that could impact cutovers and rollback decisions.
• Research and evidence-based analysis: Use Azure-native telemetry and documentation to validate assumptions (effective routes next hops NSG evaluation DNS resolution Private Link paths) and produce concise findings that de-risk cutovers.
• Automation & Cutover Engineering
• Review and improve existing automation: Assess current scripts/runbooks used for Azure VNet cutovers; identify failure modes timing issues and opportunities to reduce outage duration.
• Develop new automation (Azure): Write and maintain automation using Python Ansible PowerShell and Azure CLI to improve repeatability and safety of VNet migrations including pre-checks batching/validation logic and post-cutover verification.
• Runbooks for firewall and routing changes: Author step-by-step implementation plans for vWAN/hub route updates and firewall coordination (including batching guidance to avoid repeated full rewrites) timing expectations and decision points; support the network/firewall team during execution.

Migration Execution Validation & Operations

• Execute cloud-side cutover steps: During scheduled change windows execute all Azure cloud activities required for the migration (automation runs configuration updates within scope readiness checks and verification). Coordinate real-time with network/firewall teams as they execute firewall and shared routing changes.
• Network cutover readiness (cloud-side): Validate Azure-side networking readiness before each change (effective routes UDR associations peering status DNS/Private Link resolution required firewall rule requests) and produce the implementation notes the network/firewall team needs to execute routing/firewall steps safely.
• Downtime planning and app validation: Set and communicate realistic downtime expectations; coordinate with app teams to validate critical paths post-migration and obtain sign-off before closing change records.
• Rollback readiness: Create test and execute rollback plans as a first-class workflow with clear decision points (rollback vs fix-forward) prioritizing service stability and customer impact mitigation.

Qualifications

Mandatory Requirements

1. Experience: 3 7 years of hands-on experience supporting production Azure environments in a Cloud/DevOps SRE or infrastructure engineering role.
2. Azure networking (advanced): Strong hands-on expertise with VNets/subnets VNet peering UDRs/route tables and effective routes Azure Virtual WAN (hubs connections route tables) hub-and-spoke design BGP concepts DNS (including Private DNS) Private Link/Private Endpoints and network security patterns including Azure Firewall and NSGs.
3. Automation skills: Proficiency with Python and Ansible plus PowerShell and Azure CLI to automate operational tasks and migration workflows.
4. Infrastructure as Code: Experience with Terraform (preferred) and/or Bicep/ARM for repeatable deployments and configuration management.
5. Operational change execution: Experience performing cutovers/migrations in controlled change windows including stakeholder coordination validation steps and documentation.
6. Troubleshooting: Ability to triage complex connectivity issues using logs/metrics and cloud-native tools (Network Watcher flow logs packet capture where approved).
7. Research skills (Azure cloud networking): Strong ability to investigate ambiguous connectivity and routing problems by combining Azure documentation with real environment evidence (Network Watcher effective routes flow logs Connection Monitor Log Analytics) then documenting conclusions and next actions.
8. Collaboration: Demonstrated ability to work across network security and application teams to identify owners capture dependencies and drive migrations to completion.
9. Monitoring & logging: Experience with Azure Monitor Log Analytics and alerting practices to support pre/post migration verification.
10. On-site requirement (S o Paulo): Contract role requiring daily on-site presence at the customer site in S o Paulo Brazil with flexibility to work scheduled change windows (including occasional off-hours/weekends).
11. Communication: Strong written/verbal communication skills to produce runbooks change plans and concise status updates for technical and non-technical stakeholders.
12. Night cutovers may happen bi weekly/monthly

Additional Qualifications (Preferred)

1. Certifications: Microsoft Certified: Azure Administrator Azure Network Engineer Associate and/or Azure DevOps Engineer Expert.
2. vWAN / hub routing: Experience operating Azure Virtual WAN hub route tables BGP and designing safe route change sequences.
3. Azure Firewall & Security Connectivity: Experience working with Azure Firewall/Azure Firewall Policy (or comparable NVAs) and translating application requirements into firewall rule requests and validation tests.
4. CI/CD & source control: Experience with Git-based workflows and pipelines (Azure DevOps GitHub Actions Jenkins) for infrastructure and automation code.
5. Network visibility / modeling tools: Nice to have experience with Selector AI and/or Forward Networks for network telemetry topology insights and dependency analysis.
6. Migration factory mindset: Experience standardizing repeatable runbooks measurement (downtime duration) and continuous improvement across multiple migrations.
7. Regulated environments: Experience working under change management and security requirements in regulated or high-compliance environments.

Equal Opportunity Employer Minorities/Women/Veterans/Disabled

MatchPoint Solutions provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race color religion age sex national origin disability status genetics protected veteran status sexual orientation gender identity or expression or any other characteristic protected by federal state or local laws.

This policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training.