Azure Devops (NCS/Job/ 3800)

Role Summary:
Owns the CI/CD redesign and Azure platform modernisation for the — migrating from App Services to AKS, building multi-region deployment resilience, and authoring the Release Management documentation that closes the ITIL gap.

Key Responsibilities:

• Re-architect Bizwiz Platform/Main/Dialer pipelines from linear single-region build→deploy into parallel dual-lane CD deploying to both US-East and US-West AKS on every stage, with contained (non-blocking) failures.

• Migrate workloads from Azure App Services → AKS behind App Gateway / WAF; implement zone redundancy.

• Stand up Azure Container Registry (ACR) with East→West geo-replication.

• Build and maintain Terraform IaC and Docker images for repeatable multi-region provisioning.

• Convert public ingress (CloudFlare WAF + public IPs) to private endpoints only; integrate Zscaler App Connector and policy-analyzer brokering.

• Configure multi-region active DR (US-East + US-West), validate failover paths.

• Author Release Management documentation (the missing ITIL discipline) — deployment runbooks, promotion gates, rollback procedures — aligned to the existing Freshworks/ITIL framework.

• Support fleet cutover activities (Zscaler client rollout, image readiness) as needed.

Additional Skill-Based Responsibilities

• Kubernetes operations: author Helm charts / Kustomize overlays, configure horizontal pod autoscaling, resource limits, liveness/readiness probes, and namespace-level RBAC across both AKS clusters.

• Pipeline-as-code: build reusable Azure DevOps YAML templates, variable groups, and environment approval gates; integrate secrets via Azure Key Vault and managed identities.

• Observability integration: wire deployments into Datadog (BizWiz APM, Azure Monitoring, Synthetic checks) so every release emits deployment markers and health signals.

• Security & compliance in CI: embed container image scanning, SAST/dependency checks, and policy gates into the pipeline; enforce least-privilege service connections.

• Networking depth: configure AKS ingress controllers, internal load balancers, private DNS zones, and App Gateway/WAF routing rules for the private-endpoint topology.

• GitOps & branching strategy: define branch policies, PR validation builds, and (optionally) GitOps reconciliation for cluster state.

• Cost & performance tuning: right-size node pools, use spot/reserved capacity where safe, and tune build agent throughput to hold the fixed-price envelope.

• Knowledge transfer: produce runbooks and conduct handover sessions so Groundworks’ in-house team can operate the platform post-engagement.

Required Skills:
Azure DevOps pipelines, AKS/Kubernetes, ACR, Terraform, Docker, Azure networking (App Gateway/WAF, private endpoints), Zscaler, Datadog, Azure Key Vault, multi-region DR design.