Platform Engineer

Sira Consulting is an Inc 5000 company seeking a Senior Terraform Lead to build and operationalize a Terraform-first Azure infrastructure platform. The role involves designing and implementing Terraform modules, managing AKS clusters, and automating various Azure services while ensuring best practices in CI/CD and operational excellence.

Responsibilities:

• Design and implement Terraform modules for consistent, reusable provisioning of Azure infrastructure across environments (dev/test/prod)
• Build patterns for subscription/resource-group organization , naming standards, tagging, and environment overlays
• Implement end-to-end automation : plan/apply workflows, validation, drift detection, and safe promotion between environments
• Provision and manage AKS clusters via Terraform, including node pools, networking integration, add-ons, policies, and baseline security
• Enable repeatable cluster bootstrapping (GitOps-ready patterns preferred)
• Create and manage Storage Accounts and related services (containers, encryption, networking rules, private endpoints, diagnostics)
• Implement RBAC/access management as code : role assignments, managed identities, service principals, group-based access, least-privilege patterns
• Extend module library to cover diverse Azure services needed by platform/application/data teams (networking, security, compute, PaaS, monitoring, etc.)
• Collaborate with architects/engineering teams to turn platform requirements into scalable Terraform patterns
• Automate provisioning and configuration of Microsoft Fabric workspaces and related constructs via Terraform where supported, including required identity/permission setup
• Assess existing Bicep IaC and lead a conversion strategy:
• Map Bicep modules to Terraform modules/providers
• Establish equivalency patterns and migration sequencing
• Handle importing existing resources into state where needed
• Minimize disruption and downtime during migration
• Improve standardization by consolidating duplicated patterns and creating a shared module registry
• Implement and maintain CI/CD pipelines for Terraform (linting, validation, unit tests, security scans, policy checks)
• Establish best practices for Terraform state management , locking, secrets handling, and safe refactors
• Create developer enablement assets: examples, module docs, onboarding guidance

Requirements:

• 5+ years of hands-on Terraform (or equivalent depth), including module design (composable, versioned modules), remote state design, state locking, workspaces/environments, imports, refactors (state mv), drift management, dependency control
• Strong experience with the AzureRM provider (and related providers where needed)
• Deep understanding of Azure fundamentals: subscriptions, management groups, resource groups, networking, identity, governance
• Strong experience with Azure RBAC, managed identities, service principals, and group-based access models (Entra ID/AAD concepts)
• Proven experience deploying and operating AKS via automation: cluster lifecycle, networking, policies, add-ons, security baseline
• Implements least privilege; codifies access controls; understands auditability/compliance expectations
• Experience with secret management patterns (avoid committing secrets; integrate with vault systems; secure tfvars/state)
• CI/CD experience (Azure DevOps, GitHub Actions, or similar) for Terraform workflows
• Familiarity with trunk-based development, PR validation, and infrastructure testing patterns
• Comfort with scripting (PowerShell/Python/Bash) to glue workflows and automate validations
• Microsoft Fabric provisioning and automation experience (workspace deployment, permissions, integrations)
• Experience converting IaC between frameworks (ARM/Bicep → Terraform)
• Experience with policy-as-code (Azure Policy), OPA/Conftest, or Sentinel
• Experience designing multi-tenant landing zones / enterprise-scale Azure architectures
• Knowledge of GitOps tooling (Flux/Argo) and Kubernetes add-on management
• examples of AKS and/or Microsoft Fabric automation work