Lead Azure Infrastructure Engineer

Company DescriptionNorthern Trust is a globally recognized Fortune 500 company providing innovative wealth management, asset servicing, and investment solutions. Established in 1889, Northern Trust has over 24,000 employees operating in more than 20 countries, supporting clients in achieving their goals with a commitment to service, expertise, and integrity. With a strong focus on diversity and work-life balance, the company fosters a collaborative, inclusive environment. Northern Trust manages $18.7 trillion in assets under custody/administration and $1.8 trillion in assets under management as of December 31, 2025, and continues to empower clients through cutting-edge solutions and trusted relationships.Role DescriptionWe’re seeking an Azure Infrastructure Engineer who can design, build, and operate secure, scalable cloud platforms—and collaborate effectively with Java engineering teams. You will own core Azure infrastructure (networking, compute, storage, security) while enabling high‑velocity delivery of JVM/Spring Boot services on ACA (Azure Container Apps), App Services, and serverless runtimes. You’ll partner with software engineers, SRE, security, and architecture to ensure our applications are reliable, observable, and compliant with enterprise standards (RBAC, tagging/naming, and Entra ID group models).Key ResponsibilitiesCloud Platform EngineeringDesign and implement Azure landing zones and subscriptions with RBAC, Entra ID integration, MFA, and compliant tagging/naming standards; automate guardrails using policy and role assignments.Build secure virtual networks, subnets, route tables, NSGs, and Private Endpoints/Private Link to isolate services and eliminate public exposure.Provision and manage compute/services: ACA (Azure Container Apps), Azure App Services, Functions, VMs, App Config, Key Vault, and SQL Server; define transition patterns for on‑prem to Azure.Enable Java Application DeliveryPartner with Java teams to containerize services, tune JVM (GC, memory), and deploy to ACA/App Services; standardize CI/CD pipelines and rollouts (blue/green, canary).Implement serverless schedules for Java workloads using Azure Functions (including time triggers) to simplify batch job orchestration.Security & ComplianceEnforce secrets management with Key Vault, least‑privilege access, and identity‑based controls; integrate with enterprise RBAC/Entra ID groups.Support data security patterns for analytics platforms (e.g., SQL Server) including workspace isolation, encryption at rest (SSE/CMK), and backup practices.Reliability, Observability & OperationsEstablish SLOs/SLIs, dashboards, and alerting via Azure Monitor/Log Analytics; implement autoscaling and cost controls.Drive incident response, root‑cause analysis, and post‑mortems; implement resilience patterns (health probes, retry/backoff, circuit breaking).Automate infrastructure with Terraform/Bicep, GitOps, and pipelines; maintain environment parity across dev/test/prod.Governance & ArchitectureContribute design docs and runbooks; socialize standards for naming, tagging, and environment isolation; review app designs for cloud fit and security compliance.QualificationsApplicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa) Must‑Have5+ years in cloud infrastructure or SRE with Azure (networking, compute, storage, identity, security).Hands‑on with ACA (Azure Container Apps), App Services, Functions, Private Endpoints/Private Link, Key Vault, App Config, SQL Server.Strong Java ecosystem familiarity: JVM tuning, Spring Boot microservices, packaging, containerization, and deployment to ACA/App Services; serverless batch patterns via Functions time triggers.IaC (Terraform/Bicep), GitHub Actions/Azure DevOps, and GitOps workflows.Security fundamentals: RBAC, Entra ID, MFA, secrets management, and compliance controls.Nice‑to‑HaveExperience with messaging and data platforms (Event Hubs, Service Bus, Kafka/Confluent) and analytics (SQL Server).Observability tooling (Prometheus/Grafana), performance testing, and cost optimization.Certifications: AZ‑104, AZ‑305, AZ‑400.