Cloud Services Specialist
University of Essex
2025-05 — Present
United Kingdom
Terraform ARM Templates PowerShell CI/CD pipelines GitHub Actions, Entra ID Conditional Access Entra ID Windows AD Microsoft 365 AWS IAM VNet/VPC Firewalls VPNs LAN/WAN AWS EC2 Azure VMs Azure Virtual Desktop
Responsibilities
- Designed a secure Azure IaaS and PaaS environments aligned to architecture, operational, and compliance requirements.
- Built Terraform and ARM-based deployments to standardise infrastructure builds, reduce drift, and improve repeatability.
- Integrated automated deployment workflows using GitHub Actions, AWS CodePipeline, and other CI/CD tools.
- Strengthened identity posture through Entra ID, MFA, Conditional Access, and role-based access models.
- Improved monitoring, audit logging, and operational visibility across Azure and Microsoft 365 services.
- Partnered with engineering, service, and security teams to modernise Cloud environments and embed best practice controls.
- Supported governance frameworks, documentation, and operational handover for production services.
- Led security solution design for Azure and Microsoft 365 initiatives covering identity, networking, and governance controls.
- Produced architecture artifact including high-level designs, implementation patterns, standards, and operational documentation.
- Guided stakeholders on solution risks, control requirements, and remediation options.
- Improved monitoring, audit logging, and operational visibility across cloud services.
- Automated administrative workflows using PowerShell and Microsoft Graph and other IaC tools.
- Monitored and managed Azure resources and services to ensure optimal performance, security, and cost efficiency, contributing to overall business success.
Achievements
- Architected and deployed Azure IaaS services, including VNet/VPC, NSGs, VPN connectivity, Azure Virtual Machines, supporting secure hybrid connectivity and scalable workloads.
- Automated infrastructure provisioning using Terraform, reducing manual configuration effort and improving deployment consistency across environments.
- Designed and implemented CI/CD workflows to support infrastructure and configuration deployments, improving release velocity and operational resilience.
- Rolled out organisation-wide phishing simulation initiatives, contributing to improved security posture and risk awareness across large user population - more than 2,500 staff and more than 20,000 students.
- Configured monitoring, logging, and compliance controls across Microsoft 365 and Azure environments to align with enterprise governance and security standards.
- Introduced and implemented Passwordless authentication with FIDO2 keys and Passkeys.
- Achieved multiple successful SAML & OIDC SSO implementations with 3rd-party WebApps to achieve centralized identity management and simplify credential management for users.
- Introduced and implemented Entra ID Self-Service Password Reset (SSPR) feature thereby freeing time spent by Helpdesk team in resolving password related issues.
- Implemented a SAML transformation fix to resolve 3rd-Party WebApp authentication issues caused by single-name users and a policy requiring both First and Last names.
- Implemented a phishing-resistant MFA policy to strengthen the security posture of high-privilege accounts against password replay attacks.
- Configured Exchange Online connector for email routing from OnPrem Exchange to Exchange Online to enable smooth delivery of DirectSend emails.