Azure Engineering / Administration

About CGI

Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com.

Job Title: Azure Engineering / Administration

Position: Azure Engineering / Administration
Experience: 8+ Years
Category: IT Infrastructure
Main location: Bangalore / Chennai
Position ID: J0426-0067
Employment Type: Full Time
Qualification: Bachelor's degree in Computer Science or related field or higher with minimum 3 years of relevant experience.

Job Description Summary

We are seeking an experienced Azure Engineering and Administration Specialist with over 8 years of strong experience in Azure networking, security, and Infrastructure as Code. The role involves designing, implementing, and supporting complex cloud and hybrid network architectures, ensuring security, performance, and compliance.

Key Responsibilities

Architecture & Design

• Design cloud and hybrid network topologies (hub and spoke/vWAN), IP addressing, UDRs/route tables, and peering aligned to zero trust principles.
• Design, implement, and support hybrid/cloud network architectures with Cisco routing (BGP, OSPF, route redistribution, ECMP, VRFs).
• Define egress/ingress patterns with Azure Firewall, NSGs, and route control; standardize segmentation and inspection points.
• Build/Maintain Azure networking: VNets, subnets, route tables, UDRs, NSGs/ASGs, Private Links, Load Balancers, and ExpressRoute/SD-WAN connectivity.
• Architect Azure Front Door for global load balancing, path-based routing, health probes, origin groups, and custom domains; align Azure CDN caching strategies (TTL, rules engine, compression) to app patterns.
• Establish secure internet access patterns via Skyhigh Proxy (SWG) including SSL inspection, category policies, PAC files, and exceptions.

Implementation & Operations

• Configure advanced Cisco routing (BGP/OSPF, redistribution, filtering, ECMP) across cloud edge and hybrid connectivity (VPN/ExpressRoute).
• Deploy/manage Azure Firewall (policy, rule collection groups, DNAT/SNAT, Threat Intelligence, IDPS/TLS inspection where applicable) with logging to Azure Monitor/Log Analytics.
• Build Azure Front Door endpoints, routing rules, and custom domain bindings; integrate Azure CDN profiles/endpoints and caching rules for performance.
• Implement Skyhigh SWG and Squid Proxy for SSL inspection, caching, and category-based filtering, caching, ACLs, PAC files).
• Design, deploy, and maintain Azure virtual networks (VNets), subnets, network security groups (NSGs), and route tables.
• Design and implement application delivery services (traffic manager, load balancer etc).
• Design and implement Azure Application Gateway (rewrite sets, conf. TLS, HTTP settings etc).
• Implement, design, and maintain Azure Firewall, WAF, and Azure Firewall Manager.
• Configure and manage VPN gateways, ExpressRoute, and Azure Virtual WAN for hybrid connectivity.
• Implement Azure Firewall, Application Gateway, Front Door, and Load Balancers for high availability and security.
• Troubleshoot connectivity, routing, and latency issues in Azure and hybrid networks.
• Manage DNS zones, Private Endpoints, and Network Peering in Azure.
• Monitor and optimize network performance using Azure Monitor, Network Watcher, and Traffic Analytics.
• Collaborate with cloud architects, security, and DevOps teams to ensure secure and scalable network designs.
• Ensure compliance with security standards and implement network segmentation and zero-trust policies.
• Participate in incident response, root-cause analysis, and documentation of solutions.
• Govern allow/deny (whitelist/blacklist) for URLs, FQDNs, IPs, and categories across Firewall, SWG, and WAF—ensuring approvals, audit trails, and rollback.
• Own TLS certificate lifecycle for edge (Front Door/CDN custom domains), proxies, and inspection devices: inventory, monitoring, renewals, rotations, and outage free deployment.
• Plan and execute AMI/image upgrades (firewalls, WAFs, proxies, virtual appliances): evaluate release notes/CVEs, bake golden images, test in non prod, blue/green or canary rollout, and rollback.
• Troubleshoot L3–L7 issues using packet captures, flow logs, WAF/Firewall/Front Door/CDN telemetry, and SIEM dashboards.

Automation & IaC

• Develop Terraform modules for VNets/vWAN, subnets, NSGs, UDRs, Azure Firewall, Azure Front Door, Azure CDN (and API automations for SWG/WAF where supported).
• Implement CI/CD (Azure DevOps/GitHub Actions) for terraform fmt/validate/plan/apply, policy guardrails (OPA/Conftest/Azure Policy), and drift detection.
• Script (PowerShell/Python/Bash) bulk allow/deny updates, certificate renewals (request, bind, verify), AMI/image pipelines, config compliance, and reporting.
• Integrate observability (Azure Monitor, Log Analytics, Sentinel/Splunk/Grafana) with SLOs for availability, latency, cache hit ratio, and security KPIs.

Governance, Security & Compliance

• Enforce baseline configs, least privilege (RBAC), secrets/cert management, and change control (ITIL).
• Drive vulnerability remediation and coordinate pen test findings for edge/network components.
• Maintain runbooks, diagrams, inventories, and deliver L3 support and knowledge transfer.

Life at CGI

It is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

• You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
• Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
• You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our team—one of the largest IT and business consulting services firms in the world.

Key skills/competency

• Azure Networking
• Azure Firewall
• Terraform
• Cisco Routing and Switching
• Network Security
• Azure Front Door
• Azure CDN
• Infrastructure as Code
• Hybrid Cloud
• Network Architecture