473965 - Senior Azure Consultant

This senior role is responsible for leading the end-to-end design and delivery of the migration of existing FortiGate virtual firewalls to Azure Firewall across multiple global Azure regions. The Senior Azure Consultant acts as technical design authority, owning the target-state architecture, security and routing patterns, policy governance model, and migration approach. The role will lead discovery, rule and routing translation, Infrastructure-as-Code delivery, cutover/rollback execution, and operational handover ensuring alignment with security governance, SOC/logging requirements, and dependent services such as Azure Virtual WAN, ExpressRoute, Zscaler, Azure Front Door, and Application Gateway.
Key responsibilities:
Own technical discovery and solution definition: inventory current FortiGate policies, NAT, routing (UDRs/BGP), traffic flows and dependencies per region; drive requirements workshops and obtain design sign-off.
Act as design authority for the target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.
Define and implement a global base firewall policy and regional child policies, including governance model, recertification approach, and rule lifecycle.
Lead translation and rationalisation of FortiGate rules (network, application, DNAT/SNAT, proxy requirements) into Azure Firewall Policy, managing feature gaps (e.g., TLS inspection, threat profiles) through agreed compensating controls.
Own routing design and change execution (UDRs, vWAN routing, BGP/ExpressRoute considerations) to steer traffic through regional firewalls with minimal disruption.
Lead public IP planning, SNAT port capacity analysis, and SKU sizing (Standard vs Premium) based on throughput, connection counts, and inspection requirements.
Define logging, monitoring, and SOC integration with Log Analytics and Microsoft Sentinel, including retention, alerting, and operational dashboards aligned to incident response requirements.
Lead integration design and validation with Zscaler (e.g., cloud connectors), Azure Front Door, and Application Gateway, including defined bypass vs inspection flows.
Deliver and govern Infrastructure-as-Code (Terraform preferred): reusable modules, environment promotion, and Git-based change control; ensure changes are auditable and repeatable across regions.
Develop and drive the migration strategy and runbooks per region, including sequencing, maintenance windows, validation plans, and clearly defined success/fail and rollback criteria.
Lead migration execution and hypercare, coordinating application testing/validation and troubleshooting across teams and time zones.
Mentor engineers and lead knowledge transfer; produce high-quality documentation (architecture, policy model, operations procedures) and support the transition to BAU operations.
Design target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.
Define and implement a global base firewall policy and regional child policies, including governance model and rule lifecycle.If you receive suspicious outreach claiming to be from us, please contact us via the ManpowerGroup website