We are Upstart 13. We are humble, hungry, and competent people who are radically changing the expectations and experience of outsourcing for all participants by challenging barriers that create inequality and by bringing down borders in technology for people everywhere. We’re all about delivering value and doing big things. We have become a game changer for teams around the world who look to Upstart’s services as a differentiator.
Azure Infrastructure as Code (Bicep): Build and maintain reusable, production-grade IaC modules covering networking, security, AKS, APIM, Key Vault, monitoring, storage, and application services.
Landing Zone & Governance: Support hub-spoke patterns, environment segmentation, RBAC, Azure Policy, tagging standards, and governance controls across Prod/Non-Prod.
Azure Networking: Design and troubleshoot VNets, subnets, NSGs, UDRs/route tables, Load Balancers, NAT Gateway, Private Endpoints, Private DNS, and secure inbound/outbound traffic patterns.
AKS Operations: Operate and troubleshoot AKS clusters (including private clusters), node pools, autoscaling, ingress, Helm releases, upgrades, and workload diagnostics.
Secure API & App Delivery: Implement secure ingress and API delivery using APIM, Application Gateway, Front Door, and WAF, including TLS, OAuth2/OIDC/JWT validation, rate limiting/throttling, IP filtering, and private backend connectivity.
Event Streaming: Support Azure Event Hubs (Kafka-compatible) for event-driven services, including throughput planning, monitoring, partitions/consumer groups, and secure access patterns.
CI/CD & Release Governance: Build multi-stage Azure DevOps YAML pipelines for Dev/QA/Staging/Prod with approvals, validation gates, deployment controls, and rollback strategies for both infrastructure and applications.
Security, Identity & Secrets: Enforce least-privilege with Entra ID RBAC, managed identities/workload identity, Key Vault integration, secret rotation, and certificate lifecycle management.
Observability & Production Ops: Maintain reliability using Azure Monitor, Log Analytics, Application Insights, and Container Insights; lead incident response and RCA with documented remediation and preventive controls.
Developer Enablement: Partner with engineering teams on deployment patterns, pipeline integration, and operational best practices.
6+ years in DevOps/Cloud/Platform/Infrastructure Engineering within the Azure ecosystem, with hands-on production experience.
Strong experience with Azure Landing Zone concepts: hub-spoke, segmentation, governance, RBAC, Azure Policy, tagging, and private connectivity.
Proven expertise with Bicep and PR-based IaC workflows (validation/linting/scanning, controlled change, drift awareness).
Deep knowledge of Azure networking: VNets, NSGs, UDRs/route tables, Private Endpoints/DNS, Load Balancers, NAT Gateway, and secure outbound patterns.
Production experience operating AKS, including private clusters, upgrades, ingress, Helm, autoscaling, and troubleshooting using kubectl (logs/events/probes/DNS/network).
Experience with APIM / App Gateway / Front Door / WAF and API security patterns (TLS, OAuth2/OIDC, JWT validation, throttling/rate limiting, IP filtering).
Experience with Azure DevOps YAML pipelines across environments, including approvals/gates and rollback strategy.
Strong security fundamentals: Entra ID RBAC, managed identities/workload identity, Key Vault, secret rotation, and certificate lifecycle management.
Proficiency with Azure CLI, PowerShell, and/or Python for automation and operational tooling.
