You will be a senior member of the Azure Cloud Team, responsible for designing, building, and operating the CI/CD and Infrastructure‑as‑Code (IaC) layer that underpins Dymon’s Azure cloud platform. You’ll own the Terraform + GitLab toolchain for management groups, subscriptions, networks, shared services, and application landing zones, and help embed DevSecOps practices into every pipeline.
Key responsibilities
1. Terraform & environment automation
- Design and implement Terraform modules for Azure:
- Management groups, subscriptions, RBAC.Hub‑and‑spoke VNets, firewalls, private endpoints.Shared services: Key Vault, Log Analytics/Grafana, storage, container apps, data platform components.
- Manage remote state, workspaces, module versioning, and promote changes safely across dev/qa/prod.
2. GitLab CI/CD for infrastructure
- Build and maintain GitLab CI pipelines for infra:
- Stages for fmt / validate / plan / apply (non‑prod and gated prod).MR‑driven workflows with terraform plan comments, approvals, and controlled apply.
- Create reusable CI templates so app/data teams can easily consume standard jobs (infra, deploy, smoke tests).
3. Application CI/CD enablement
- Work with app and data teams to:
- Integrate their repos with GitLab CI templates (build, test, deploy).Wire deployments into Azure landing zones (App Service / Container Apps / Functions / Databricks, etc.).
- Implement environment patterns (Dev/QA/UAT/Prod) aligned to the new subscription and VNet structure.
4. DevSecOps integration
- Integrate security scanning tools into CI pipelines (e.g. Jfrog Advanced Security, SAST/SCA/IaC scanners).
- Help define policies and thresholds for blocking promotions based on vulnerability severity.
- Collaborate with Security/Infra to ensure that pipelines enforce guardrails by default (e.g. policy checks, image/IaC scans).
5. Reliability, observability & optimization
- Integrate pipelines with monitoring/alerting (Azure Monitor, Log Analytics, Grafana) for both infra and apps.
- Contribute to cost optimization:
- Patterns for auto‑shutdown of non‑prod.Standardized scaling and sizing parameters in Terraform modules.
- Participate in incident response and post‑mortems, improving pipeline resilience and roll‑back strategies.
6. Standards, coaching & documentation
- Document CI/CD patterns, Terraform module usage, and “how‑to” guides for engineers.
- Coach developers and other engineers on:
- Using GitLab pipelines and templates.Writing safe Terraform changes and reading plan outputs.
- Promote an “infra‑as‑code only” mindset (no manual portal changes for platform resources).
Requirements
- 5–8 years in DevOps / Platform Engineering, with significant time on Azure.
- Strong hands‑on experience with Terraform on Azure (modules, multi‑env setups, state backends).Proven track record building CI/CD pipelines in GitLab (or similar) for both infra and applications.
- Comfortable reviewing and improving others’ Terraform and CI configurations via MRs.
- Strong debugging and troubleshooting skills across infra, pipelines, and cloud services.Clear written and verbal communication; able to work with infra, security, and application teams.
Technical skills
Solid understanding of Azure basics
- VNets, NSGs, private endpoints, VPN/ExpressRoute
- RBAC, managed identities, Key Vault, Log Analytics.
Competent in at least one scripting language (e.g. Python, PowerShell, Bash) for automation/glue code.
Familiarity with DevSecOps practices
- Integrating SAST, SCA/OSS, secret scanning, and/or container/IaC scanning into pipelines.