iLocatum
Senior DevOps & Security Engineer (Azure)
Job description:
Foundation.
- Stand up and own the Azure landing zone: subscriptions, resource organisation, networking (private endpoints, VNets), and the Malaysia West region setup for in-country data residency.
Identity & access.
- Own identity and access end-to-end: Entra ID for SSO with the Group, role-based access control, MFA, conditional access, and break-glass procedures.
CI/CD & IaC
- Build and run CI/CD (Azure DevOps or GitHub Actions) and infrastructure-as-code (Bicep or Terraform) so every environment dev, test, staging, production is reproducible and promotion is controlled.
Security
- Implement the security posture:
- Microsoft Defender for Cloud, Azure Policy, Key Vault for secrets, data classification, encryption, and the immutable audit trail the platform’s governance and regulatory requirements depend on.
Sovereignty
- Ensure confidential data and AI workloads never leave the approved in-region deployment; partner with the AI engineer on secure, in-region Azure OpenAI / model hosting.
Observability
- Stand up observability Azure Monitor, Application Insights, centralised logging and own incident response and platform reliability.
Cost
- Own FinOps: cost guardrails, budgets and alerts across Azure PaaS consumption (compute, Fabric capacity, Azure OpenAI, AI Search), and keep spend predictable.
Qualifications:
- Bachelors degree in Computer Science, Information Technology, Software Engineering, Cybersecurity, or a related field.
- Minimum 710 years of experience in cloud infrastructure, DevOps, or security engineering with hands-on production Azure environments.
- Strong hands-on Azure experience operating production workloads not just certifications.
- Infrastructure-as-code (Bicep and/or Terraform) and CI/CD pipeline ownership.
- Container orchestration on Azure (AKS and/or Azure Container Apps).
- Practical cloud security:
- Entra ID, RBAC, Key Vault, Defender for Cloud, Azure Policy, network isolation.
- A security-first mindset and comfort working to audit, data-residency and least-privilege requirements.
- Azure certifications (AZ-400 DevOps, AZ-500 Security).
- Experience in a regulated or data-sensitive domain (financial services, healthcare, government).
- Exposure to FinOps practices and Azure cost management.
- Familiarity with Microsoft Fabric / data-platform governance (Purview).
Why is This a Great Opportunity:
- End-to-end ownership of a modern Azure foundationThe role provides full accountability for designing and operating a complete Azure landing zone, including networking, subscriptions, identity, and governance, offering deep exposure to enterprise-grade cloud architecture.
- Strong focus on cloud security and regulatory-grade environmentsThe position involves implementing advanced security controls such as Entra ID, RBAC, Defender for Cloud, and Azure Policy, within a highly regulated, data-sensitive context requiring strict compliance and audit readiness.
- Hands-on experience with enterprise DevOps and Infrastructure as CodeThe role emphasizes building scalable CI/CD pipelines and IaC using tools like Azure DevOps, GitHub Actions, Bicep, or Terraform, ensuring strong engineering maturity and automation-driven delivery practices.
- Exposure to sovereign cloud and in-region AI workloadsThe scope includes ensuring data residency compliance in Malaysia West and collaborating on secure Azure OpenAI and AI workloads, providing valuable experience in emerging sovereign AI and regulated cloud deployments.
- Ownership of platform reliability, cost governance, and operational excellence
Responsibilities span observability, incident response, FinOps, and cost control across Azure services, enabling a well-rounded leadership role across performance, stability, and financial efficiency of the platform.
Other Jobs
Ready to take
the next step?
Submit your resume and join a realm of unparalleled opportunities at iLocatum. We’re dedicated to connecting exceptional talent with impactful roles. Start your journey towards success by sharing your expertise with us.