DevSecOps Engineer IRC274128

Description

Deliverables
• Azure Landing Zone architecture documentation
• Terraform modules and CI/CD pipeline configurations
• Subscription vending automation workflows
• Security and compliance policy sets
• Logging and monitoring dashboards
• DR/HA implementation plans
• Migration playbooks for identified workloads

Evaluation Criteria
• Proven experience with Azure Landing Zone deployments
• Expertise in Terraform, GitLab, and Azure DevOps
• Familiarity with financial services compliance and security standards
• Ability to deliver automated, scalable, and secure cloud infrastructure
• References from similar enterprise-scale cloud transformation projects

Azure Services Highlighted
The following Azure services have been identified as potential key components in the migration from Google Cloud Platform (GCP) to Microsoft Azure. These services are proposed as direct or functional replacements for existing GCP infrastructure components:
• Azure App Service and Azure Static Web Apps: Proposed replacements for GCP App Engine.
• Azure API Management: As a counterpart to Apigee.
• Azure Kubernetes Service (AKS): To replace GKE.
• Azure Key Vault: For secrets management, replacing GCP Secret Manager.
• Azure Service Bus: As an alternative to Pub/Sub Lite.
• Azure Cache for Redis: For caching needs.
• Azure Front Door and Azure Application Gateway: For web application firewall and traffic routing.

Requirements

Deliverables
• Azure Landing Zone architecture documentation
• Terraform modules and CI/CD pipeline configurations
• Subscription vending automation workflows
• Security and compliance policy sets
• Logging and monitoring dashboards
• DR/HA implementation plans
• Migration playbooks for identified workloads

Evaluation Criteria
• Proven experience with Azure Landing Zone deployments
• Expertise in Terraform, GitLab, and Azure DevOps
• Familiarity with financial services compliance and security standards
• Ability to deliver automated, scalable, and secure cloud infrastructure
• References from similar enterprise-scale cloud transformation projects

Azure Services Highlighted
The following Azure services have been identified as potential key components in the migration from Google Cloud Platform (GCP) to Microsoft Azure. These services are proposed as direct or functional replacements for existing GCP infrastructure components:
• Azure App Service and Azure Static Web Apps: Proposed replacements for GCP App Engine.
• Azure API Management: As a counterpart to Apigee.
• Azure Kubernetes Service (AKS): To replace GKE.
• Azure Key Vault: For secrets management, replacing GCP Secret Manager.
• Azure Service Bus: As an alternative to Pub/Sub Lite.
• Azure Cache for Redis: For caching needs.
• Azure Front Door and Azure Application Gateway: For web application firewall and traffic routing.

Job responsibilities

Objectives
• Design and deploy a production-ready Azure Landing Zone across multiple regions.
• Automate subscription provisioning, resource deployment, and policy enforcement.
• Integrate DevSecOps, observability, and identity governance into the cloud platform.
• Migrate and modernize workloads such as LedgerScan from GCP to Azure.

Scope of Work
Organization Structure & Governance
• Define and implement a management group hierarchy (Options A–C evaluated).
• Standardize naming conventions and tagging strategies.
• Automate subscription vending using Terraform and ServiceNow integration.
• Enforce Azure Policies via Infrastructure as Code (IaC).

Networking
• Deploy a dual-region Azure Virtual WAN (vWAN) hub-and-spoke architecture.
• Implement Cloud NGFW (Palo Alto) and Azure Firewall Premium.
• Design DNS resolution using Infoblox and/or Azure DNS Private Resolver.
• Enable hybrid connectivity via ExpressRoute, Site-to-Site VPN, and SD-WAN.

Security & Identity
• Implement Privileged Identity Management (PIM) and Conditional Access.
• Automate RBAC assignments and access reviews.
• Manage secrets using Azure Key Vault with automated rotation.
• Enforce policy-as-code and integrate with Terraform pipelines.

DevSecOps & Observability
• Standardize CI/CD pipelines using GitLab, Terraform Enterprise, and Jenkins.
• Integrate security tools (tfsec, Checkov, TFLint) into pipelines.
• Deploy centralized logging via Azure Log Analytics with RBAC and retention policies.
• Enable monitoring and alerting using Azure Monitor, Sentinel, and Grafana.

Disaster Recovery & High Availability
• Design DR strategies (Active-Passive, Hot Standby, Active-Active) based on workload tiers.
• Implement Azure Site Recovery (ASR) for failover automation.
• Define Recovery Time Objective (RTO)/ Recovery Point Objective (RPO) targets and validate through testing.

Workload Migration
• Rehost and modernize applications like LedgerScan from GCP to Azure.
• Assess performance, compliance, and DR requirements for each workload.

What we offer

Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. 

Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally.

Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today.

Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way!

High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do.

About GlobalLogic

GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.