Senior Azure Infra Apps Platform Engineer - Consultant - MFT - KGS CH

Senior Azure Infra Apps EngineerLocation: OffshoreFunction: Cloud Run Service OperationsType: Permanent, Full‑timeReports to: Service Ops Lead – Platform ServicesKPMG OverviewJoining KPMG means joining a talented team of exceptional colleagues who bring innovative thoughts and a natural curiosity to the work they do each day. No one type of person succeeds at KPMG; a diverse business requires diverse personalities, characters and perspectives. There really is a place for you here. You will be working within Group Digital Platform Services Operations which services the broader Firm through delivery of core technology and managed services capabilities, collaboration and innovation development services and building our Alliances network.ResponsibilitiesKey ResponsibilitiesCloud Platform SupportSupport and maintain highly available Windows Server workloads (2016/2019/2022) on Azure (VMs, VMSS, ASR, Azure Files, Azure Backup, Azure Site Recovery).Engineer core Microsoft services: Active Directory, Azure AD, Group Policy, DNS/DHCP, ADFS PKI/Certificates, IIS etcOperations & ReliabilityOwn the stability, performance, and capacity of Wintel platforms and drive SRE-style reliability practices.Lead Major Incident technical bridge, perform root cause analysis (RCA), and implement problem management fixes.Patch, backup, and DR strategy execution (Azure Update Manager, Azure Backup, ASR); regularly test restores and DR playbooks.Monitoring/observability with Azure Monitor, Log Analytics, Microsoft Sentinel/Defender for Cloud.Security & ComplianceImplement security baselines, CIS/Benchmarks, least privilege RBAC, JIT/JEA, Credential Guard, LAPS, and secure RDP patterns.Integrate with Sentinel for detection/response; support vulnerability remediation and compliance reporting (ISO 27001, SOC 2, Cyber Essentials Plus, GDPR).Manage certificates/PKI, TLS hardening, and secrets management (Key Vault) for Windows workloads.Collaboration & LeadershipAct as a technical SME for projects; provide design reviews and sign‑off Mentor engineers; conduct knowledge transfers, create runbooks, and uplift standards.Partner with Networking, Security, and App teams on cross‑domain designs (e.g., hybrid connectivity, private endpoints, App Gateway/WAF, load balancers).QualificationsRequired Skills & Experience8+ years administering Windows Server platforms; 3–5+ years hands‑on with Azure (IaaS and core PaaS for Windows workloads).Deep expertise in Active Directory (sites & services, trusts, GPO design, AD CS/PKI) and Entra ID (sync, SSO, conditional access concepts).Strong PowerShell (modules, functions, error handling), DSC, and infra automation (Bicep/ARM or Terraform).Proven track record with Azure networking for VMs: VNets, peering, Private DNS, NSGs/ASGs, load balancers, Application Gateway/WAF, ExpressRoute/VPN.Solid understanding of backup/DR patterns (RPO/RTO), clustering, and performance tuning for Windows workloads.Experience with observability (Log Analytics/KQL), security tooling (Defender for Cloud, Sentinel), and vulnerability remediation.Major Incident leadership, RCA/problem management, and stakeholder communication.Nice to HaveSCCM/MECM, Azure Update Manager, WSUS at scale.SQL Server on Windows (Ops basics), IIS advanced config, SMB/NFS (Azure Files).Intune/Autopilot, conditional access, identity governance.Containers on Windows Server, AKS fundamentals, or Azure Arc for Servers.Scripting beyond PowerShell (Python) for tooling and data analysis.Experience in regulated environments (Financial Services, Public Sector, Healthcare). Certifications (Preferred)Microsoft Certified: Azure Administrator Associate (AZ‑104)Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ‑800/801)Security: SC‑200/SC‑300 (nice to have)Tools & TechnologiesAzure: Compute (VMs/VMSS), Storage (Disks, Files), Networking, ASR, Backup, Key Vault, Monitor, Log Analytics, Defender for Cloud, Sentinel, Policy, Blueprints, Update Manager.Windows: Server 2016/2019/2022, AD DS, DNS/DHCP, GPO, AD CS/PKI, Failover Clustering, IIS, SMB.Automation/DevOps: PowerShell, DSC, Bicep/ARM (Terraform desirable), Azure DevOps/GitHub Actions, Azure Automation/Functions, Desired State, Pester.Mgmt/Config: MECM/SCCM, WSUS, Intune (desirable).Observability/SecOps: KQL, Sentinel, Defender for Cloud, MDE, SCOM (legacy familiarity a plus).

Apply Now