Azure Infrastructure & Network Specialist

Role Summary
Serve as a technical advisor and subject matter expert for global
smart‑building portfolio, with a focus on secure IoT/OT networking, Azure
integration, identity/SSO, and operational resilience. You will not
implement changes directly; instead, you will triage issues, guide
architecture and security decisions, lead risk‑mitigation strategies, and
equip internal teams and partners through documentation, training, and
governance.
Key Responsibilities
IoT/OT Network & Security Advisory
- Technical triage: Rapidly assess questions or incidents to distinguish
network vs. device vs. cloud causes; recommend next steps and owners.
- Advise on segmentation, encryption, and firewall policies for IoT/OT
environments; define guardrails that balance safety, availability, and
security.
- Design secure dataflow patterns (edge → gateways → cloud) and
certificate/credential handling approaches appropriate for constrained OT
devices.
- Produce risk assessments and mitigation plans for new integrations,
vendor connections, and inter‑site traffic; track risks to closure.
Azure Platform & Enterprise Integration (Advisory)
- Guide solution patterns across Azure IoT Hub, Device Provisioning
Service (DPS), IoT Edge, Azure Digital Twins, and related
telemetry/analytics services.
- Advise on identity and SSO using Microsoft Entra ID (Azure AD) and
modern auth flows; define least‑privilege controls and conditional access
guardrails.
- Define secure onboarding and offboarding patterns for devices and
applications; recommend resilience/failover and rollback strategies.
Smart Building Systems Oversight
- Provide technical insight into BAS/BMS, Environmental, People Density,
occupancy, parking, digital signage and other Commercial & Industrial IoT
systems and their integration with Azure IoT platforms.
- Validate data integrity and performance through telemetry reviews,
dashboards, and controlled tests; recommend tuning, buffering, and retry
patterns.
- Deliver stakeholder presentations that explain how building systems
map to network and cloud architectures, highlighting operational and
security implications.
Troubleshooting, Triage & Escalation
- Act as a Tier‑3 escalation point for complex IoT/OT connectivity and
platform issues; perform deep diagnostics (logs, packet captures,
edge/cloud traces).
- Lead root cause analysis (RCA) and write clear post‑incident reports
with preventive actions, ownership, and timelines.
- Run knowledge‑transfer sessions and post‑incident reviews to build
field/vendor capabilities and reduce repeat occurrences.
Lifecycle & Preventative Maintenance
- Support lifecycle planning for firmware, certificates/keys, controller
upgrades, and network segmentation milestones.
- Partner with field teams and vendors to align preventative maintenance
with uptime/SLA and security objectives; recommend proactive risk‑reduction
actions.
Standards, Training & Documentation
- Define onboarding requirements for IoT/OT solutions (compliance
checks, service mapping, ops readiness).
- Own and maintain KBAs, runbooks, RACIs, workflows, and architecture
patterns; ensure global applicability and version control.
- Create and deliver training modules and technical presentations for
networking, operations, and app teams, measure adoption.
Global Project Support & Governance
- Contribute to project scope, risk identification, acceptance criteria,
and Key Performance Indicator (KPI) Objective and Key Results (OKR)
definitions for global rollouts.
- Facilitate risk workshops and status readouts; provide executive‑level
presentations on readiness, risk posture, and remediation progress.
- Coordinate across security, networking, facilities, and vendor teams
to maintain alignment and accountability.
Onsite Technical Liaison (Hybrid)
- Attend onsite tests, commissioning events, device reviews, and vendor
alignment meetings; provide real‑time triage and decision support.
- Capture onsite findings and convert them into updated standards,
patterns, and training content.
Qualifications
- IoT/OT networking, firewalls, and encryption: Strong grasp of routing,
segmentation, VPNs/proxies, TLS/PKI, and secure edge‑to‑cloud patterns.
- Azure IoT expertise: Practical advisory experience across IoT Hub,
DPS, IoT Edge, Azure Digital Twins, and telemetry/analytics pipelines.
- Identity & SSO: Hands‑on advisory experience with Microsoft Entra ID
(Azure AD), modern auth (OIDC/SAML/OAuth2), and least‑privilege access
patterns.
- Troubleshooting & RCA: Demonstrated ability to lead deep diagnostics
and produce clear, actionable RCAs with preventive controls.
- Smart building Information Gathering systems: Working knowledge
Environmental, People Density, Parking and other various experiences.
- Risk mitigation & governance: Ability to produce risk registers,
mitigation plans, acceptance criteria, and track to closure.
- Enablement skills: Excellent documentation, training, and presentation
skills; ability to influence global stakeholders in a hybrid environment.

Salary Range

• Please note that the salary information provided herein is base pay only (gross); it does not include other forms of compensation which may or may not apply to this specific position, namely, performance-based bonuses, benefits-related payments, or other general incentives - none of which are guaranteed, may be subject to specific eligibility requirements, and are wholly within the discretion of Astreya to remit.
• Further, the salary information noted above is a range that consists of a minimum and maximum rate of pay for this specific position. Where an applicant or employee is placed on this range will depend and be contingent on objective, documented work-related considerations like education, experience, certifications, licenses, preferred qualifications, among other factors.

Astreya offers comprehensive benefits to all Regular, Full-Time Employees, including:

• Medical provided through Cigna (PPO, HSA, EPO options) / Medical provided through Kaiser (HMO option only) for California employees only

• Dental provided through Cigna (DPPO & DHMO options)

• Nationwide Vision provided through VSP

• Flexible Spending Account for Health & Dependent Care

• Pre-Tax Account for Commuter Benefit/Parking & Transit (location-specific)

• Continuing Education and Professional Development via various integrated platforms, e.g. Udemy and Coursera

• Corporate Wellness Program

• Employee Assistance Program

• Wellness Days

• 401k Plan

• Basic Life, Accidental Life, Supplemental Life Insurance

• Short Term & Long Term Disability

• Critical Illness, Critical Hospital, and Voluntary Accident Insurance

• Tuition Reimbursement (available 6 months after start date, capped)

• Paid Time Off (accrued and prorated, maximum of 120 hours annually)

• Paid Holidays

• Any other statutory leaves, paid time, or other fringe benefits required under state and federal law