Senior Azure & M365 Cloud Engineer

We are seeking a skilled and experienced Azure & M365 Cloud Engineer to manage and enhance our cloud infrastructure. The ideal candidate will bring expertise in Azure, M365, and related cloud technologies, driving adoption of best practices, enforcing compliance, and enabling seamless operations. This role requires a proactive approach to identity and access management, role-based access control (RBAC), security configurations, and system monitoring. The role is pivotal in ensuring alignment with well-architected frameworks and improving the maturity of our cloud adoption journey. The candidate will contribute to creating scalable, secure, and efficient cloud environments. Role & Responsibilities Azure Infrastructure & Management

• Review and manage Infrastructure and Root Management Groups in Azure.
• Design and implement a Role-Based Access Control (RBAC) strategy.
+ Assess existing permissions and apply RBAC at appropriate levels (Management Groups, Subscriptions, Resource Groups). + Collaborate with SecOps and Cloud & Hosting Teams to revise RBAC in line with the principle of least privilege (including Job Roles, Just-In-Time (JIT) roles, and authorization flows). + Document and support the revised strategy and processes.
• Create and manage methods for tracking resource and subscription creation.
+ Set up alerting for new subscriptions and significant increases in spend rates.
• Conduct a top-level assessment of Azure resources for adherence to the Well Architected Framework, and list deviations with recommended actions.
• Perform housekeeping tasks, including:
+ Review and catalog resources, identifying obsolete or duplicate resources. + Remove obsolete resources and consolidate remaining resources to optimize cost. + Document conventions and practices for resource management to ensure consistency and cost control. Azure Advisor Recommendations
• Review Azure Advisor recommendations, prioritizing actions with the most significant impact on security and cost.
• Assess implementation costs and execute recommendations authorized by SecOps and Cloud & Hosting Teams.
• Develop and enforce a tagging scheme and policy for cost allocation, ownership, and contact information.
Conditional Access Policies
• Assess and consolidate existing Conditional Access (CA) policies for effectiveness.
• Implement new CA rules as required by SecOps, including the removal of BYOD usage and enforcement of Multi-Factor Authentication (MFA).
• Assess the impact of Microsoft Threat Optimization (MTO) on existing CA rules and document changes upon completion.
Azure Subscriptions (R&D) - Assessment
• Assess the use of RBAC within R&D subscriptions.
+ Evaluate job roles vs. privileged roles, and identify areas where JIT can be applied with minimal operational impact. + Review permission levels at Management Groups, Subscriptions, and Resource Groups.
• Perform top-level assessment on adherence to the Well Architected Framework.
• Assess current cost management practices in R&D subscriptions and suggest improvements.
• Evaluate the impact of enforcing a tagging policy across R&D subscriptions, considering co-existence with existing requirements.
• Create an impact assessment report with recommendations, focusing on risks, mitigation strategies, and effects on subscription users.
M365 RBAC Strategy
• Review the existing RBAC strategy for M365 and recommend areas for improvement.
• Utilize PIM activation logs to assess whether custom roles can replace existing privileged roles, specifically for Service Desk and SecOps tasks.
• Recommend and implement more granular RBAC for SecOps, including JIT roles and approval flows.
Arc Server Onboarding & Monitoring
• Create automated exception reports for Servers not onboarded to Arc and for onboarded Servers not sending logs.
• Review and update existing alerts to optimize effectiveness and minimize false alarms.
• Create a PowerBI dashboard to provide a consolidated view of IT system health.
+ Monitor Real Time data (eg, CPU, memory, disk usage) for top Servers. + Track and report Azure File Sync stats and errors.


• Proven experience in Azure Administration and M365 Engineer roles.
• Deep expertise in Azure RBAC (Role-Based Access Control), with a proven track record in designing and implementing least-privilege models across Azure and Microsoft 365 environments.
• Solid understanding and experience with identity and access management (IAM) in cloud environments, specifically Microsoft Azure and Office 365.
• Experience in DevSecOps environments, with a focus on automation and secure deployments.
• Familiarity with cloud adoption maturity models and strategies for mid-to-late stage adoption.
• Certification in Azure Architect, Azure Administrator, or similar credentials.
• Familiarity with the Well-Architected Framework and its practical application in cloud governance.
• Strong experience with Conditional Access Policies, including auditing, reviewing, and implementing policies aligned with security and compliance requirements.
Desirable Skills
• Familiarity with Azure Arc, Purview, and related monitoring tools.
• Ability to work collaboratively with internal teams, like cloud security specialists, to develop detailed deliverables.
• Strong problem-solving skills and the ability to work independently in a high-pressure environment.
• Exceptional communication skills, both written and verbal, to document processes and engage with stakeholders.
• Strong organizational skills to handle competing priorities and ensure timely delivery of tasks.
  
  Thebes, a seasoned IT Managed Service provider with a 19-year track record, offers fast, flexible, and value-driven solutions, tailored to propel your organization into the next phase of its IT journey. Our unique Assured Outcome Provider (AOP) methodology prioritizes quality service, industry-leading solutions, and tangible ROI over conventional metrics like headcount and price lists. In our commitment to putting your needs first, we specialize in strategic IT consultancy, efficient project execution, ITaaS management, and staffing augmentation with our network of skilled professionals.
What sets us apart is our proficiency in harnessing cutting-edge AI and Cloud technologies for cost optimization, ensuring that your IT infrastructure not only meets but exceeds expectations. We don't just deliver services; we curate digital solutions that align seamlessly with your business objectives. With a relentless focus on delivering outcomes, we do things for you, not to you, constantly adding value to your operations. Trust Thebes to be your partner in achieving IT excellence, where innovation and efficiency converge for unparalleled success.