Scope of Responsibility
The IT Infrastructure & Security Engineer (Azure / M365) works within the IT team and closely with infrastructure colleagues, collaborating daily with the IT Service Desk, Developers, and Business Applications Support teams. The role administers and continuously improves Microsoft Azure infrastructure and supports Microsoft 365 administration. It ensures stable and secure networking, internet connectivity, and perimeter security, including hands-on configuration and ongoing management of Fortinet security solutions.
Main tasks:
- Ensure high standards of IT security across infrastructure, implementing security best practices (hardening, least privilege, monitoring, incident support) across Azure, Microsoft 365, networking, and perimeter environments
- Administer and maintain Microsoft Azure infrastructure (subscriptions, resource groups, compute, storage, backups, monitoring, identities).
- Operate and optimize Azure networking (VNets/subnets, routing, security, VPN, DNS).
- Support Azure services (App Services, Function Apps) ensuring reliable deployments, monitoring, and troubleshooting.
- Administer Microsoft 365 (tenant configuration, Exchange Online, SharePoint/OneDrive, Teams) and manage service health.
- Manage identity and access in Microsoft Entra ID: RBAC, PIM, groups, and Conditional Access alignment with security policies.
- Configure and maintain Fortinet security: policies, NAT, site-to-site & remote access VPN, logging, upgrades and backups; ensure perimeter security and internet connectivity.
- Promote and implement the practical use of AI tools within IT operations, identifying opportunities to integrate AI-driven automation and assistance into infrastructure management to improve efficiency, monitoring, documentation, and incident response.
Qualifications & Competencies required
Education and Experience
- Bachelor's degree in IT, Computer Science, Engineering, or related field (or equivalent professional experience).
- Minimum 6-10 years of experience in infrastructure engineering with hands-on Microsoft Azure administration
- Strong networking fundamentals (TCP/IP, routing, DNS, VPNs, firewall concepts) and troubleshooting skills.
Core Competencies
- Microsoft Azure administration (compute, storage, networking, governance, monitoring).
- Microsoft 365 administration and service operations (Exchange Online, Teams, SharePoint/OneDrive).
- Network & security operations (firewalls, VPNs, segmentation, secure connectivity, incident handling).
- Fortinet administration (policies, NAT, VPN, logging, lifecycle management).
- Strong troubleshooting, root cause analysis, and documentation discipline.
Preferred Competencies
- Azure administration/scripting skills (PowerShell; ARM/Terraform is a plus).
- Knowledge of Microsoft Entra ID, M365 products, conditional access, and identity integrations.
- Experience with monitoring/logging platforms (Azure Monitor/Log Analytics; Microsoft Sentinel is a plus).
- Relevant certifications (e.g., AZ-104 is a plus, AZ-700; Fortinet NSE 4/FCP or equivalent).
Years of Experience:
6-10 years
IT Skills:
- Cloud: Microsoft Azure (VNets, NSGs, VPN, VMs, storage, backups, monitoring).
- PaaS: Azure App Service, Azure Functions (deployment support, monitoring, troubleshooting).
- Identity/Security: Microsoft Entra ID, RBAC, conditional access alignment, logging/alerting.
- Microsoft 365: Exchange Online, Teams, SharePoint/OneDrive, service health monitoring.
- Networking: TCP/IP, routing, DNS, DHCP, VPN, firewall policy concepts.
- Fortinet: FortiGate/FortiSwitch/FortiAnalyzer (policies, NAT, site-to-site VPN, remote access VPN, IPS/AV, logging).
- Automation: PowerShell (preferred); ARM/Terraform (nice to have).
- Methodology: ITIL / change management (nice to have).
Soft Skills:
- Proactive, analytical, and detail oriented.
- Adaptable and quick to learn new technologies.
- Strong communication and customer-service skills.
- Self-motivated with the ability to prioritize, meet deadlines and manage changing priorities
