Job Description Job Title Senior L3 Infrastructure & Azure Cloud Engineer Role Summary The L3 Infrastructure & Azure Cloud Engineer is a senior technical role responsible for designing, implementing, troubleshooting, and optimizing complex on‑premises and Microsoft Azure environments.
This role acts as the final escalation point (Level 3) for infrastructure, identity, messaging, virtualization, and cloud workloads, and plays a key role in architecture decisions, migrations, security hardening, and high‑availability designs.
The engineer is expected to work independently, lead critical incidents, mentor L1/L2 engineers, and collaborate with architects, security teams, and business stakeholders.
Key Responsibilities On‑Premises Infrastructure (L3 Ownership) · Design, deploy, and support Active Directory Domain Services (AD DS), including multi‑site forests, FSMO role management, replication, DNS, GPOs, and security hardening.
· Implement and maintain AD Federation Services (ADFS): farm design, WAP integration, certificate lifecycle management, claims, delegation, and authentication flows.
· Manage and troubleshoot Microsoft Exchange Server (2016/2019 / Subscription Edition): DAG design (HQ/DR), mail flow, hybrid deployments, CU upgrades, security, migrations and performance tuning.
· Administer SQL Server (2014–2022): Always On Availability Groups, backup and restore strategies, performance optimization, and security (TDE, logins, SIDs, permissions).
· Operate and optimize System Center components: SCCM (patching, deployments, client health), SCOM (monitoring and alert tuning), and SCVMM (virtualization and fabric management).
· Design and support Hyper‑V environments including clustering, Live Migration, storage and network optimization, and DR planning.
Cloud & Azure Technologies · Design and manage Microsoft Azure infrastructure: Virtual Machines, VNets, NSGs, Load Balancers, Azure Storage, Azure Backup, and Azure Site Recovery (ASR).
· Implement Hybrid Identity using Azure AD Connect, federation or cloud authentication models, Conditional Access, and MFA.
· Deploy and secure Azure security services including Microsoft Defender for Cloud, Defender for Endpoint, and Azure Update Manager.
· Plan and execute on‑premises to Azure migrations (P2V, VMware/Hyper‑V, SQL Server, and Exchange workloads).
· Ensure cost optimization and governance through Azure Reserved Instances, tagging strategies, RBAC, and policy enforcement.
Operations, Governance & Leadership · Act as the final escalation (L3) point for complex production issues.
· Lead root cause analysis (RCA) and implement preventive improvements.
· Design High Availability (HA) and Disaster Recovery (DR) solutions.
· Create and maintain technical runbooks, architecture diagrams (HLD/LLD), and operational documentation.
· Mentor L1/L2 engineers and review technical implementations.
· Participate in audits, security assessments, and compliance reviews.
· Support presales and technical proposal activities when required.
Required Technical Skills Core Technologies · Active Directory (AD DS, DNS, GPO, ADFS) · Exchange Server (On‑Prem & Hybrid) · SQL Server (Always On Availability Groups, HA/DR) · SCCM, SCOM, SCVMM · Hyper‑V & Failover Clustering · Windows Server (2016–2025) Cloud & Security · Microsoft Azure (IaaS & Hybrid) · Azure AD / Entra ID · Azure Backup & Azure Site Recovery · Microsoft Defender suite · Networking fundamentals (VPNs, firewalls, load balancing) Scripting & Automation · PowerShell (advanced) · T‑SQL · Automation for deployments, monitoring, and reporting Soft Skills & Professional Traits · Strong analytical and troubleshooting mindset · Ability to work under pressure during critical incidents · Excellent documentation and communication skills · High ownership and accountability · Ability to translate business requirements into technical solutions Experience & Qualifications · 7+ years of experience in enterprise Microsoft infrastructure roles · Proven L3 / senior escalation experience · Hands‑on experience with hybrid cloud environments · Relevant certifications (preferred but not mandatory): Microsoft Azure Administrator / Architect, Windows Server or Microsoft 365 certifications