Senior Cloud Network Engineer in Data Platform

Appealing Points:

• Design Enterprise-Scale Azure Network Architecture – Lead the design of secure, scalable Azure networking solutions, including hub-and-spoke VNets, Private Link, Private DNS, and Zero Trust architectures.
• Drive Cloud Security & Data Platform Connectivity – Architect secure networking for Azure Data Factory, ADLS Gen2, Microsoft Fabric, and Informatica Cloud while ensuring compliance and enterprise-grade security.
• Work on Large-Scale Cloud Transformation Projects – Leverage Infrastructure-as-Code, cross-tenant networking, and modern Azure services to deliver high-impact cloud solutions in complex enterprise environments.

Annual salary: 7 million and above

Job Responsibilities:

• Network Architecture & Design:
  • Design and implement hub-and-spoke Virtual Network (VNet) topologies across multiple Azure subscriptions and Entra ID tenants.
  • Define VNet segmentation strategies, subnet architecture, and Network Security Group (NSG) rule sets aligned with Zero Trust principles.
  
  
• Private Endpoint & DNS Architecture:
  • Define a comprehensive Private Endpoint strategy for Azure PaaS services, including ADLS Gen2, Azure Data Factory, Microsoft Fabric, Azure Key Vault, and Informatica Cloud (where supported).
  • Design centralized Private DNS Zone architecture hosted in the hub VNet.
  
  
• Azure Data Factory (ADF) & SHIR Design:
  • Architect secure ADF integration patterns for cross-tenant and cross-region data ingestion.
  • Define Self-Hosted Integration Runtime (SHIR) deployment strategy, including placement, VM sizing, and network connectivity per region.
  
  
• ADLS Gen2 Network Hardening:
  • Enforce a “no public access” posture across all ADLS Gen2 storage accounts.
  • Implement storage firewall rules, Private Endpoints, and resource instance access controls.
  
  
• Informatica Cloud Connectivity:
  • Assess network and infrastructure requirements for Informatica Intelligent Cloud Services (IICS) Secure Agent.
  • Design secure connectivity between IICS Secure Agents and Azure-based services via Private Endpoints (preferred) and approved outbound connectivity paths.
  
  

Job Qualification:

• 5+ years of experience designing enterprise-scale Azure network architectures (hub-and-spoke, VPN Gateway, ExpressRoute)
• Proven expertise in Azure Private Link, Private Endpoints, and Private DNS across PaaS services
• Strong understanding of cross-tenant Azure networking constraints and connectivity patterns
• Hands-on experience with Azure Data Factory networking:
  • Managed VNet
  • SHIR (Self-Hosted Integration Runtime)
  • Managed Private Endpoints
  
  
• Expertise in ADLS Gen2 security and network hardening (firewalls, Private Endpoints, HNS)
• Strong experience with Infrastructure-as-Code (Mostly ARM, Secondary: Bicep or Terraform) in production environments
• Deep understanding of enterprise DNS/ Azure Private DNS architecture:
  • Conditional forwarding
  • Split-horizon DNS
  • Azure Private DNS Resolver
  
  
• Familiarity with Microsoft Fabric networking concepts:
  • Tenant-level Private Link
  • VNet Data Gateway
  
  

Preferred Skills:

• Experience implementing Informatica Cloud (IICS) Secure Agent in restricted Azure environments
• Knowledge of GDPR-related network controls and data residency enforcement
• Strong background in Azure network engineering and platform operations
• Exposure to regulated environments (e.g., J-SOX or similar financial compliance frameworks)

Language Skills: Business level Japanese (JLPT N2 and above) and Business level English

Company Description:

One of the world's leading professional services companies, transforming clients' business, operating and technology models for the digital era.

Their unique industry-based, consultative approach helps clients envision, build and run more innovative and efficient businesses.

Headquartered in the U.S., this company is one of the Fortune 500 companies and is consistently listed among the most admired companies in the world.

[Passive smoking measures]

Indoor smoking

Designated smoking area

. Skillset Required: Azure network architecture, hub-and-spoke VNet, Private Link, Private DNS, Zero Trust architecture, Cloud Security, Data Platform Connectivity, Azure Data Factory, ADLS Gen2, Microsoft Fabric, Informatica Cloud, Infrastructure-as-Code, ARM, Bicep, Terraform, VNet segmentation, subnet architecture, Network Security Group (NSG), Private Endpoint strategy, Azure PaaS services, centralized Private DNS Zone architecture, Self-Hosted Integration Runtime (SHIR), VM sizing, network connectivity, storage firewall rules, resource instance access controls, Informatica Intelligent Cloud Services (IICS) Secure Agent, cross-tenant Azure networking, VPN Gateway, ExpressRoute, Managed VNet, Managed Private Endpoints, HNS, enterprise DNS, Azure Private DNS, Conditional forwarding, Split-horizon DNS, Azure Private DNS Resolver, Tenant-level Private Link, VNet Data Gateway, network engineering, platform operations, GDPR network controls, data residency enforcement, regulated environments, J-SOX compliance frameworks, business level Japanese, business level English