Lead Software Engineer (Azure DevOps)
As a Lead DevOps Engineer on the CRC DevOps team, you will design, develop, and maintain the automation frameworks that provision, configure, and manage Azure-hosted Windows infrastructure for SimCorps Client Reporting clients. You will work across the full infrastructure lifecycle -- from initial environment builds through ongoing configuration management, security compliance, and operational automation.
This is a hands-on engineering role with significant ownership over infrastructure tooling and automation. You will contribute to an active migration from legacy imperative scripting to declarative Desired State Configuration (DSC) patterns, develop and maintain Terraform-based infrastructure deployments, and build PowerShell modules and CI/CD pipelines that enable repeatable, consistent operations across all client environments.
As a lead member of the team, you will help drive technical strategy and architectural decisions, mentor other engineers through design reviews and best-practice sharing, and be proactive in seeking out opportunities to increase the level of automation in the service.
WHAT YOU WILL BE RESPONSIBLE FOR
Infrastructure as Code Development
- Develop and maintain Terraform configurations for multi-stage Azure infrastructure deployments (networking, key vaults, platform resources, VMs, automation accounts, and SSO)
- Build and enhance PowerShell-driven Terraform generation pipelines that transform client XML configurations into deployment-ready Terraform JSON
- Manage Terraform state across 20+ client subscriptions
Configuration Management and DSC Migration
- Drive the ongoing migration from legacy imperative PowerShell build scripts to declarative PowerShell Desired State Configuration (DSC)
- Develop custom DSC resource modules for Windows OS, SQL Server, IIS, Active Directory Group Policy, and application-specific configurations
- Build and maintain DSC "Merge" functions that transform client XML configuration data into structured inputs for DSC compilation
- Create role-based DSC configurations for server types including Domain Controllers, SQL Servers, IIS Servers, BPM Servers, and Application Servers
PowerShell Module and Automation Development
- Design and develop modular PowerShell modules following established conventions (public/private function directories, manifest files, Allman brace style)
- Build Azure Automation runbooks for operational tasks such as health checks, credential rotation, backup management, and user provisioning
- Create and maintain Pester (v5) unit tests for modules, merge functions, and DSC configurations
- Enforce code quality through PSScriptAnalyzer rules and peer code review
CI/CD Pipeline Engineering
- Develop and maintain Azure DevOps YAML pipelines for module builds, runbook publishing, Terraform deployments, DSC deployments, and client configuration processing
- Implement multi-stage deployment pipelines with approval gates and change detection
- Manage Azure DevOps Artifacts feeds for internal PowerShell module and runbook distribution
- Build automated testing and validation into pipeline workflows
- Investigate and resolve incidents impacting the code pipeline; implement and deploy fixes to recover from delivery issues
Security and Compliance
- Manage Azure Key Vault configurations for credential storage, certificate management, and encryption key rotation (BitLocker, SQL TDE)
- Implement and maintain security controls including NSG rules, Check Point firewall policies, and SSL/TLS hardening
- Support SOC2 audit evidence collection and compliance requirements
- Manage cryptographic asset lifecycles including LetsEncrypt certificate automation and SQL asymmetric key rotation
- Implement data loss prevention policies and Windows security hardening via Group Policy
Networking and Connectivity
- Manage hub-and-spoke VNet architecture with management network peering across all client subscriptions
- Configure and troubleshoot site-to-site VPN connections with client networks
- Work with Check Point firewall appliances for security policy, URL filtering, and intrusion prevention
- Manage Azure DNS zones and client AD-internal DNS configurations
Collaboration and Knowledge Transfer
- Mentor and guide other engineers through design reviews, code reviews, and best-practice sharing
- Develop documentation and conduct training sessions to hand over new features to the SRE team
- Build trust and rapport with SREs through close collaboration and a shared understanding of operational challenges
- Participate in sprint ceremonies and contribute to backlog refinement
- Support incident escalations from SRE when coding expertise or deep infrastructure knowledge is required
- Assist with project planning and provide input to project management decisions
- Contribute to process documentation and knowledge base articles
Skills & Competencies:
Technical Skills
Must Have:
- 5+ years of experience in DevOps, infrastructure engineering, or a closely related role
- Strong proficiency in PowerShell scripting, module development, and automation (this is the primary development language)
- Hands-on experience with Terraform for Azure infrastructure provisioning and state management
- Solid working knowledge of Microsoft Azure services: VMs, VNets, Key Vault, Automation Accounts, Entra ID, Storage, DNS, and NSGs
- Experience with Azure DevOps (Repos, Pipelines, Boards, Artifacts) or equivalent CI/CD platforms
- Strong understanding of Windows Server administration including Active Directory, Group Policy, DNS, and IIS
- Experience with Windows SQL Server administration (configuration, backup strategies, security features such as TDE)
- Familiarity with Infrastructure-as-Code principles, idempotent deployments, and configuration drift management
- Understanding of security best practices: least-privilege access, credential management, encryption at rest and in transit
Nice to Have:
- Experience with PowerShell Desired State Configuration (DSC) -- authoring configurations, custom resources, and MOF compilation
- Experience with Pester testing framework for PowerShell
- Familiarity with Citrix technologies (ADC/NetScaler, StoreFront, Cloud)
- Experience with Check Point firewall management and security policies
- Hands-on experience with Packer for VM image builds and Azure Compute Gallery
- Familiarity with Rapid7 InsightVM/InsightIDR for vulnerability management and SIEM
- Experience with Datadog or similar monitoring and observability platforms
- Knowledge of SAML SSO configuration and identity federation
- Experience supporting SOC2 or similar compliance frameworks
- Exposure to Azure Site Recovery (ASR) for disaster recovery
- Familiarity with ITIL IT Service Management processes
WHAT WE VALUE
Leading the development of software components and features, ensuring alignment with business and technical goals
Collaborating with cross-functional teams to implement and optimize software solutions
Mentoring junior engineers and driving continuous improvement in software development practices
Troubleshooting complex issues and implementing solutions to enhance software performance and scalability.