How much salary can I expect as a Associate Director - Infrastructure Architect in Kpmg India Services Llp in undefined?

You can expect a minimum salary of 0 INR. The salary offered will depend on your skills, experience and performance in the interview.

What is the eligibility criteria to apply for Associate Director - Infrastructure Architect in Kpmg India Services Llp in undefined?

The candidate should have completed undefined degree and people who have 10 to 14 years are eligible to apply for this job. You can apply for more jobs in undefined to get hired quickly.

Is there any specific skill required for this job?

The candidate should have undefined skills and sound communication skills for this job.

Who can apply for this job?

Both Male and Female candidates can apply for this job.

Is it a work from home job?

No, it’s not a work from home job and can’t be done online. You can explore and apply for other work from home jobs in undefined at apna.

Are there any charges or deposits required while applying for the role or while joining?

No work-related deposit needs to be made during your employment with the company.

How can I apply for this job?

Go to the apna app and apply for this job. Click on the apply button and call HR directly to schedule your interview.

What is the last date to apply?

The last date to apply for this job is . For more details, download apna app and find Full Time jobs in undefined . Through apna, you can find jobs in 74 cities across India. Join NOW

Associate Director - Infrastructure Architect (Cloud & Security)

Kpmg India Services Llp

Hyderabad

Not disclosed

Work from Office

Full Time

Min. 10 years

Job Details

Job Description

Associate Director -GTS-(Build) Infrastructure Architect

Roles & responsibilities
Role Purpose
Design, build, and govern secure, resilient, and scalable cloud/hybrid infrastructure on Microsoft Azure, integrating on‑prem and platform services. The role blends Infrastructure Architecture & Operations with Infrastructure Security & Compliance, ensuring Zero Trust, policy‑as‑code, and operational excellence across identity, network, compute, containers (AKS), storage, backup, observability, and disaster recovery
Key Responsibilities
A. Infrastructure Architecture & Operations
Own the Azure landing zone (CAF‑aligned) and hub‑spoke network design (ExpressRoute/VPN, Private DNS, Private Endpoints).
Define standards for compute, storage, databases, and platform services (VM/VMSS, images, disks, files, backups, SQL/MI).
AKS Platform Ownership (Mandatory):
Design AKS clusters (node pools, taints/tolerations, zoning, multi‑region DR), Azure CNI/Overlay networking, and ingress (NGINX/App Gateway).
Establish lifecycle practices for upgrades, autoscaling (HPA/VPA, Cluster Autoscaler), image management (ACR), and workload placement.
Integrate platform services (Key Vault, Managed Identities, Private Link) and ensure operational SLOs.
Lead modernization/migration for Windows/Linux workloads and data platforms; ensure resilience, cost efficiency, and operational readiness.
Establish BCDR strategy—RTO/RPO targets, automated recovery runbooks, DR rehearsals, and evidence packs.
Build observability: Azure Monitor, Log Analytics, Application Insights, synthetic checks, and incident runbooks.
Drive FinOps: tagging, showback/chargeback, rightsizing, reservations/savings plans, and lifecycle policies.
B. Infrastructure Security & Compliance
Implement Zero Trust across identity, device, network, and data: RBAC, PIM, Conditional Access/MFA, workload identities.
Design network security: NSG/ASG, Azure Firewall/WAF, micro‑segmentation, DDoS Protection, egress control, DNS security.
AKS Security (Mandatory):
Entra ID/RBAC integration, Pod Security Admission (PSA) baselines, Network Policies, secrets management and workload identity.
Container image scanning, supply‑chain security (Helm/OCI), baseline hardening, and Defender for Containers posture/threat protection.
Embed policy‑as‑code (Azure Policy/Blueprints) for guardrails, CIS/benchmarks, drift detection, and automated remediation.
Integrate Defender for Cloud and Microsoft Sentinel with tuned alerts, SOAR playbooks, and incident coordination.
Ensure compliance with enterprise policies and applicable standards (ISO 27001, SOC 2, GDPR/HIPAA where relevant).
C. Automation & DevOps (Shared)
Champion IaC using Terraform/Bicep—reusable modules, environment promotion, approvals in Azure DevOps/GitHub CI/CD.
Build image pipelines (Packer/Golden Images) and configuration baselines (DSC/Automanage).
Implement GitOps for AKS (Flux/Argo), pre‑deployment policy validation, and security scans.
D. Governance, Documentation & Stakeholder Management
Author reference architectures, standards, roadmaps, HLD/LLD/Technical Architecture Proposal, RACI, risk registers, and decision logs; enforce via design reviews.
Partner with platform engineering, security, app/dev, and risk/compliance to deliver secure‑by‑design outcomes and smooth operational handovers.
Mentor engineers/architects; lead threat modeling, resiliency reviews, incidents & escalations.

Mandatory technical & functional skills
Infrastructure Core (Mandatory)
Azure subscriptions/management groups; CAF Landing Zones, hub spoke networking, ExpressRoute/S2S VPN.
Compute & OS: Windows Server/Linux, image management (Packer), VMSS, patching automation.
Storage & Data: disks/storage accounts, files/shares, backup/restore; integration with SQL MI/Cosmos DB (platform perspective).
Azure Kubernetes Service (AKS) – Mandatory:
Cluster design & lifecycle (upgrades, node pools, autoscaling, zoning, DR), Azure CNI/Overlay, service networking, ingress controllers.
Workload packaging & deployment (Helm/OCI), registry management (ACR), quotas/requests/limits, scheduling.
Observability (Container Insights, Prometheus/Grafana), capacity planning, and reliability practices.
Hybrid Integration: Entra ID/AD, GPO, MECM/Intune, identity sync, and on prem connectivity.
Infrastructure Security Core (Mandatory)
Identity security: RBAC, PIM, Conditional Access, workload identities; secure key/secret management (Key Vault/CMK).
Network security: NSG/ASG, Azure Firewall/WAF, micro segmentation, Private Link, DDoS Protection; egress/DNS controls.
AKS Security – Mandatory:
Entra ID/RBAC, PSA baselines, Network Policies, secrets via CSI/Key Vault, workload identity; container image scanning and policy enforcement (Gatekeeper/Kyverno).
Defender for Containers and Defender for Cloud posture/threat management; Sentinel SIEM/SOAR integration.
Compliance & governance: Azure Policy/Blueprints, CIS baselines, evidence collection/attestation.
Automation, Observability & Documentation
Terraform/Bicep, Azure DevOps/GitHub pipelines, GitOps for AKS (Flux/Argo).
Azure Monitor/Log Analytics/Kusto, action groups, runbooks, SRE practices (SLO/SLI, error budgets).
Strong documentation and executive ready communication via ArchiMate/Visio/PowerPoint.

This role is for you if you have the below
Education: Bachelor’s in computer science, Information Technology, or related field.
Experience: 10–14 years overall; 6+ years in Azure/hybrid infrastructure and 3–5 years in infrastructure security architecture; hands on AKS platform ownership in production is required.
Certifications (preferred):
- Microsoft: AZ 305 (Solutions Architect), AZ 500 (Security Engineer), SC 100 (Cybersecurity Architect), AZ-104(Azure Administrator Associate).