Consultant - Cloud Networks : Azure

We are seeking a Lead Cloud Network Consultant to lead the design, implementation, governance, and security of enterprise-grade cloud networking solutions. This role requires deep technical expertise in Cisco routing, Azure networking and security services, Skyhigh Proxy, and automation with Terraform, combined with strong leadership to enforce robust security controls and drive strategic initiatives.

You will apply your strong Cisco routing/switching and security skills as your base to own and oversee topics related to routing(Cisco), Azure network services (Firewall) to strategize Azure Firewall controls, optimize Azure CDN & Azure Front Door, secure web access by administer Squid and Skyhigh Secure Web Gateway/Proxy, manage allow/deny lists, and oversee operational lifecycle tasks such as TLS certificate renewals and AMI/image upgrades for network/security appliances. You will bring in ideas to codify everything possible with Terraform and drive resilient, observable, and compliant operations. You will also implement monitoring and alerting frameworks and enforce Azure Policy and Governance for compliance.

Mandatory Skills – Squid proxy, Azure front door, CDN, Azure FW and terraform (IaC), Cisco Routing and switching

Secondary skills - Network security knowledge, WAF, Squid Proxy, FortiNet, CheckPoint.

Key Responsibilities

Strategic Leadership & Governance

·       Define and own the cloud network architecture roadmap aligned with business objectives.

·       Establish network security governance, compliance frameworks, and enforce zero-trust principles.

·       Lead cloud networking strategy across hybrid environments, ensuring scalability, resilience, and cost optimization.

·       Act as a trusted advisor for network security best practices, risk assessments, and audit readiness.

Technical Design & Implementation

·       Architect and oversee Cisco routing (BGP, OSPF, MPLS, VPNs) for hybrid connectivity.

·       Collaborate with cloud architects, security, and DevOps teams to ensure secure and scalable network designs.

·       Design and implement Azure Firewall, Azure Front Door (with WAF), and Azure CDN for secure and optimized traffic delivery.

·       Design cloud and hybrid network topologies (hub‑and‑spoke/vWAN), IP addressing, UDRs/route tables, and peering aligned to zero‑trust principles.

·       Design, implement, and support hybrid/cloud network architectures with Cisco routing (BGP, OSPF, route redistribution, ECMP, VRFs).

·       Define egress/ingress patterns with Azure Firewall, NSGs, and route control; standardize segmentation and inspection points. Build/Maintain Azure networking: VNets, subnets, route tables, UDRs, NSGs/ASGs, Private Links, Load Balancers, and ExpressRoute/SD-WAN connectivity.

·       Architect Azure Front Door for global load balancing, path-based routing, health probes, origin groups, and custom domains; align Azure CDN caching strategies (TTL, rules engine, compression) to app patterns.

·       Design, deploy, and maintain Azure virtual networks (VNets), subnets, network security groups (NSGs), and route table

·       Design and implement application delivery services (traffic manager, load balancer etc)

·       Design and implement Azure application GW (rewrite sets, conf. TLS, HTTP settings etc

·       Implement Azure Firewall, Application Gateway, Front Door, and Load Balancers for high availability and security.

·       Troubleshoot connectivity, routing, and latency issues in AZURE, Data centre and hybrid networks.

·       Troubleshoot L3–L7 issues using packet captures, flow logs, WAF/Firewall/Front Door/CDN telemetry, and SIEM dashboards.

·       Manage DNS zones, Private Endpoints, and Network Peering in Azure

·       Establish secure internet access patterns via Skyhigh Proxy (SWG) including SSL inspection, category policies, PAC files, and exceptions.

·       Implement a strategy for whitelisting/blacklisting strategies for domains, IPs, and applications.

·       Oversee certificate lifecycle management (issuance, renewal, rotation, automation).

·       Govern AMI upgrades, patching cadence, and image hardening standards.

Automation & Infrastructure as Code

·       Drive Terraform adoption for network provisioning, policy-as-code, and compliance guardrails.

·       Implement CI/CD pipelines for network/security automation and drift detection.

·       Automate certificate renewals, AMI pipelines, and Skyhigh policy updates.

Security Controls & Compliance

·       Enforce network segmentation, least privilege access, and deny-by-default posture.

·       Implement WAF/IDPS, threat intelligence filtering, and DDoS protection strategies.

·       Maintain runbooks, diagrams, inventories, and deliver L3 support and knowledge transfer.

·       Ensure compliance with ISO 27001, SOC 2, GDPR, PCI-DSS and maintain audit-ready documentation.

Monitoring & Incident Response

·       Define observability strategy and traffic analytics.

·       Lead troubleshooting for complex L3/L7 issues across Data centre, hybrid and multi-cloud environments and Establish incident response playbooks and conduct periodic tabletop exercises.

“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?

You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.