473965 - Senior Azure Consultant

473965 - Senior Azure Consultant

Posted Today by Experis

Apply
Negotiable
Undetermined
Undetermined
Bristol
Apply
Cloud Computing Cloud Technology Cyber Incident Response Firewall Microsoft 365 Microsoft Azure Microsoft Windows Network Address Translation Network Security Routing Protocols Terraform Verification And Validation Wide Area Networks

Summary: This senior role involves leading the design and delivery of migrating FortiGate virtual firewalls to Azure Firewall across multiple global regions. The Senior Azure Consultant will act as the technical design authority, overseeing architecture, security, routing patterns, and migration strategies while ensuring compliance with security governance and operational requirements. The position requires collaboration across teams to execute migration plans and provide mentorship to engineers. Strong documentation and governance of Infrastructure-as-Code practices are also key components of the role.

Key Responsibilities:

  • Own technical discovery and solution definition: inventory current FortiGate policies, NAT, routing (UDRs/BGP), traffic flows and dependencies per region; drive requirements workshops and obtain design sign-off.
  • Act as design authority for the target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.
  • Define and implement a global base firewall policy and regional child policies, including governance model, recertification approach, and rule lifecycle.
  • Lead translation and rationalisation of FortiGate rules (network, application, DNAT/SNAT, proxy requirements) into Azure Firewall Policy, managing feature gaps (e.g., TLS inspection, threat profiles) through agreed compensating controls.
  • Own routing design and change execution (UDRs, vWAN routing, BGP/ExpressRoute considerations) to steer traffic through regional firewalls with minimal disruption.
  • Lead public IP planning, SNAT port capacity analysis, and SKU sizing (Standard vs Premium) based on throughput, connection counts, and inspection requirements.
  • Define logging, monitoring, and SOC integration with Log Analytics and Microsoft Sentinel, including retention, alerting, and operational dashboards aligned to incident response requirements.
  • Lead integration design and validation with Zscaler (e.g., cloud connectors), Azure Front Door, and Application Gateway, including defined bypass vs inspection flows.
  • Deliver and govern Infrastructure-as-Code (Terraform preferred): reusable modules, environment promotion, and Git-based change control; ensure changes are auditable and repeatable across regions.
  • Develop and drive the migration strategy and runbooks per region, including sequencing, maintenance windows, validation plans, and clearly defined success/fail and rollback criteria.
  • Lead migration execution and hypercare, coordinating application testing/validation and troubleshooting across teams and time zones.
  • Mentor engineers and lead knowledge transfer; produce high-quality documentation (architecture, policy model, operations procedures) and support the transition to BAU operations.
  • Design target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.
  • Define and implement a global base firewall policy and regional child policies, including governance model and rule lifecycle.

Key Skills:

  • Extensive experience with Azure Firewall and FortiGate firewalls.
  • Strong knowledge of Azure Virtual WAN, routing protocols (UDRs/BGP), and network security.
  • Proficiency in Infrastructure-as-Code, particularly with Terraform.
  • Experience in designing and implementing security policies and governance models.
  • Ability to lead cross-functional teams and manage complex migration projects.
  • Excellent documentation and communication skills.
  • Experience with logging and monitoring tools such as Log Analytics and Microsoft Sentinel.
  • Strong analytical and problem-solving skills.

Salary (Rate): undetermined

City: Bristol

Country: undetermined

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:
This senior role is responsible for leading the end-to-end design and delivery of the migration of existing FortiGate virtual firewalls to Azure Firewall across multiple global Azure regions. The Senior Azure Consultant acts as technical design authority, owning the target-state architecture, security and routing patterns, policy governance model, and migration approach. The role will lead discovery, rule and routing translation, Infrastructure-as-Code delivery, cutover/rollback execution, and operational handover ensuring alignment with security governance, SOC/logging requirements, and dependent services such as Azure Virtual WAN, ExpressRoute, Zscaler, Azure Front Door, and Application Gateway.
Key responsibilities:
  • Own technical discovery and solution definition: inventory current FortiGate policies, NAT, routing (UDRs/BGP), traffic flows and dependencies per region; drive requirements workshops and obtain design sign-off.
  • Act as design authority for the target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.
  • Define and implement a global base firewall policy and regional child policies, including governance model, recertification approach, and rule lifecycle.
  • Lead translation and rationalisation of FortiGate rules (network, application, DNAT/SNAT, proxy requirements) into Azure Firewall Policy, managing feature gaps (e.g., TLS inspection, threat profiles) through agreed compensating controls.
  • Own routing design and change execution (UDRs, vWAN routing, BGP/ExpressRoute considerations) to steer traffic through regional firewalls with minimal disruption.
  • Lead public IP planning, SNAT port capacity analysis, and SKU sizing (Standard vs Premium) based on throughput, connection counts, and inspection requirements.
  • Define logging, monitoring, and SOC integration with Log Analytics and Microsoft Sentinel, including retention, alerting, and operational dashboards aligned to incident response requirements.
  • Lead integration design and validation with Zscaler (e.g., cloud connectors), Azure Front Door, and Application Gateway, including defined bypass vs inspection flows.
  • Deliver and govern Infrastructure-as-Code (Terraform preferred): reusable modules, environment promotion, and Git-based change control; ensure changes are auditable and repeatable across regions.
  • Develop and drive the migration strategy and runbooks per region, including sequencing, maintenance windows, validation plans, and clearly defined success/fail and rollback criteria.
  • Lead migration execution and hypercare, coordinating application testing/validation and troubleshooting across teams and time zones.
  • Mentor engineers and lead knowledge transfer; produce high-quality documentation (architecture, policy model, operations procedures) and support the transition to BAU operations.
  • Design target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.
  • Define and implement a global base firewall policy and regional child policies, including governance model and rule lifecycle.

If you receive suspicious outreach claiming to be from us, please contact us via the ManpowerGroup website.

Apply
Similar Jobs
Loading data...