Azure Consultant

Working Pattern: Hybrid – predominantly remote, 2 days per week, Onsite in Bristol for the first month.

We are seeking an experienced Senior Azure Consultant to lead a large-scale cloud security transformation programme for a major enterprise organisation. This is a senior technical leadership role focused on the design, governance, and delivery of a strategic migration from third‑party virtual firewall platforms to Azure Firewall across multiple global Azure regions.

The successful consultant will act as the technical design authority, owning the target‑state architecture, security and routing strategy, policy governance framework, migration methodology, and operational handover. You will work closely with infrastructure, security, networking, and application teams to deliver a secure and scalable cloud networking solution.

• Lead technical discovery workshops and assess existing firewall policies, NAT configurations, routing, traffic flows, and regional dependencies.
• Own the end‑to‑end design of a global Azure Firewall architecture leveraging Azure Virtual WAN hub‑and‑spoke networking.
• Define security zoning, segmentation, and cross‑region traffic inspection patterns.
• Design and implement a global firewall governance model, including base and regional policies, rule lifecycle management, and recertification processes.
• Lead the translation and rationalisation of legacy firewall rules into Azure Firewall Policy, identifying and managing feature gaps through agreed compensating controls.
• Design and implement routing strategies including UDRs, Virtual WAN routing, BGP, and Express Route integration.
• Conduct public IP planning, SNAT capacity assessments, and Azure Firewall SKU selection based on business and technical requirements.
• Define and implement logging, monitoring, and security operations integration using Log Analytics and Microsoft Sentinel.
• Design and validate integrations with cloud security and application delivery services, including secure internet access platforms, application gateways, and edge delivery services.
• Deliver Infrastructure‑as‑Code solutions (Terraform preferred), including reusable modules, promotion pipelines, and Git‑based change management.
• Develop migration runbooks, cutover plans, rollback procedures, validation processes, and operational readiness documentation.
• Lead migration execution, hypercare support, troubleshooting, and stakeholder coordination across multiple teams and regions.
• Mentor technical teams and provide knowledge transfer to support long‑term operational ownership.

• Extensive experience designing and delivering enterprise‑scale Microsoft Azure networking and security solutions.
• Proven expertise with Azure Firewall, Azure Firewall Policy, and Azure Virtual WAN.
• Strong understanding of cloud networking concepts including routing, BGP, UDRs, NAT, and hybrid connectivity.
• Experience migrating from traditional or virtual firewall platforms to cloud‑native security controls.
• Strong knowledge of Express Route, hub‑and‑spoke architectures, and multi‑region Azure deployments.
• Experience with Microsoft Sentinel, Log Analytics, and cloud security monitoring practices.
• Hands‑on experience with Terraform and Infrastructure‑as‑Code delivery.
• Strong stakeholder management and technical leadership skills.
• Experience producing high‑quality architecture, governance, and operational documentation.
• Experience integrating Azure networking with secure web gateway or SSE platforms.
• Knowledge of Azure Front Door and Application Gateway design patterns.
• Experience working within complex global enterprise environments.

This is an excellent opportunity for a senior cloud security and networking specialist to lead a high‑profile Azure transformation programme within a large‑scale enterprise environment.