Azure Network Consultant - TDA

The Azure Network Consultant will be responsible for leading the end-to-end design and delivery of the migration of existing FortiGate virtual Firewalls to Azure Firewall across multiple global Azure regions. This role will act as a technical design authority, owning the target-state architecture, security and routing patterns, policy governance model, and migration approach.

Key Responsibilities:

  • Own technical discovery and solution definition: inventory current FortiGate policies, NAT, routing (UDRs/BGP), traffic flows and dependencies per region; drive requirements workshops and obtain design sign-off.
  • Act as design authority for the target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.
  • Lead translation and rationalisation of FortiGate rules (network, application, DNAT/SNAT, Proxy requirements) into Azure Firewall Policy, managing feature gaps (eg, TLS inspection, threat profiles) through agreed compensating controls.
  • Own routing design and change execution (UDRs, vWAN routing, BGP/ExpressRoute considerations) to steer traffic through regional Firewalls with minimal disruption.
  • Lead public IP planning, SNAT port capacity analysis, and SKU sizing (Standard vs Premium) based on throughput, connection counts, and inspection requirements.
  • Define logging, monitoring, and SOC integration with Log Analytics and Microsoft Sentinel, including retention, alerting, and operational dashboards aligned to incident response requirements.
  • Lead integration design and validation with Zscaler (eg, cloud connectors), Azure Front Door, and Application Gateway, including defined bypass vs inspection flows.
  • Deliver and govern Infrastructure-as-Code (Terraform preferred): reusable modules, environment promotion, and Git-based change control; ensure changes are auditable and repeatable across regions.
  • Develop and drive the migration strategy and runbooks per region, including sequencing, maintenance windows, validation plans, and clearly defined success/fail and rollback criteria.
  • Mentor engineers and lead knowledge transfer; produce high-quality documentation (architecture, policy model, operations procedures) and support the transition to BAU operations.
  • Design target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.

Please note this role is mainly remote based with 8 days onsite in Bristol within the first month.

This role has been determined as being inside IR35

Apply Now
Apply Now

Job Details

Company
IF Recruitment Ltd
Location
Bristol, Somerset, United Kingdom BS483
Hybrid / Remote Options
Employment Type
Contract
Salary
GBP Annual
Posted