Overview
Skills
Job Details
Engineer focuses on hands-on implementation, deploying and testing Terraform modules, configuring Azure services, and supporting team adoption with technical tasks tracked in Jira.
Job Description: Cloud Engineer - Azure Golden Image and Auto-Patching
Position Title: Cloud Engineer - Azure Golden Image and Auto-PatchingDepartment: Cloud Center of Excellence (CCOE)Location: Remote (US-based, supporting US West 3 and US East 2 regions)Employment Type: Full-TimeReports To: Cloud Architect, CCOE
Job Summary:The Cloud Engineer - Azure Golden Image and Auto-Patching will implement and manage the CCOE s Azure golden image rollout and auto-patching solution as part of Phase 1 of the Azure Foundation Services Plan. The role focuses on deploying standardized virtual machine (VM) images and automated patching processes across US West 3 (primary) and US East 2 (secondary) regions using Terraform as the exclusive Infrastructure as Code (IaC) tool. The engineer will integrate solutions with the Security Adoption Framework (SAF), Palo Alto Networks Panorama, and multi-region DR configurations, while tracking tasks in Jira and supporting team adoption through documentation and training.
Key Responsibilities:
* Golden Image Rollout (50%):
* Deploy Azure Shared Image Gallery and Azure Image Builder using Terraform in US West 3 with replication to US East 2 for DR.
* Build golden images for common workloads (e.g., Windows Server 2022, Ubuntu 20.04) with SAF-compliant security baselines, Azure Monitor Agent, Log Analytics agent, Panorama-managed firewall rules, and required software (e.g., PowerShell, .NET, Node.js).
* Develop and test Terraform modules for image creation pipelines, Shared Image Gallery setup, and RBAC policies for team access.
* Enforce Azure Policy via Terraform to restrict VM deployments to golden images.
* Test golden image deployments in Dev/Test subscriptions across both regions, documenting results in Jira.
* Document golden image usage guidelines in Azure DevOps Wiki, tracked in Jira.
* Auto-Patching (30%):
* Deploy Azure Update Management via Terraform in US West 3 and US East 2, configuring patching schedules (e.g., monthly for Prod, weekly for Non-Prod).
* Define patch policies via Terraform for critical/security updates (automatic) and optional updates (CCOE approval via Jira).
* Integrate Update Management with Azure Monitor for compliance reporting and automate patch status notifications using Terraform-provisioned Azure Automation runbooks.
* Test patching processes in Dev/Test environments, validating reboot and application compatibility, tracked in Jira.
* Multi-Region DR and Integration (10%):
* Configure golden image replication to US East 2 via Terraform for DR readiness.
* Ensure Panorama HA synchronizes VM firewall policies across regions using Terraform.
* Integrate golden image deployment into Azure DevOps pipelines using Terraform, tracked in Jira.
* Stakeholder Enablement and Task Management (10%):
* Create and track tasks in Jira (e.g., CCOE-VMImages project) for image creation, patching, and team adoption, using Kanban workflows (To Do In Progress Testing Done).
* Support training delivery by preparing technical content for golden image access and auto-patching processes, tracked in Jira.
* Assist teams with self-service access to golden images via Shared Image Gallery, resolving issues tracked in Jira.
Qualifications:
* Bachelor s degree in Computer Science, Information Technology, or related field (or equivalent experience).
* 3+ years of experience with Azure cloud infrastructure, including VMs, Azure Shared Image Gallery, and Azure Update Management.
* 2+ years of experience with Terraform for IaC, including module development and pipeline integration.
* Proficiency with Azure DevOps, Azure Monitor, Azure Automation, and Jira for task management.
* Familiarity with SAF, Palo Alto Networks Panorama, and multi-region DR configurations.
* Strong scripting skills (e.g., PowerShell, Bash) for automation and image customization.
* Experience documenting technical processes in wikis or similar platforms.
* Excellent problem-solving skills and ability to work in a fast-paced, collaborative environment.
Preferred Skills:
* Azure certifications (e.g., AZ-104, AZ-400).
* Experience with Azure Policy and RBAC for governance.
* Knowledge of network security integration with Panorama.
Tools and Technologies:
* Terraform, Azure Shared Image Gallery, Azure Image Builder, Azure Update Management, Azure Monitor, Azure Automation, Azure DevOps, Jira, Azure DevOps Wiki, Palo Alto Networks Panorama.
Success Metrics:
* 100% of golden image deployments completed by Month 4, tracked in Jira.
* 95% patching compliance for critical/security updates, monitored via Azure Monitor and Jira.
* 100% of golden images replicated to US East 2 for DR, verified via Terraform.
* Positive stakeholder feedback on technical support and documentation, tracked in Jira.
Why Join Us?Join a forward-thinking CCOE driving secure, scalable cloud solutions for a global enterprise. Contribute to a critical Phase 1 initiative, leveraging cutting-edge Azure tools and Terraform to standardize VM management across regions.