IN-Sr Technical Consultant - Cloud - AKS, Azure update manager, Azure automation, Patching, AZ-104 / AZ-400

Blue Yonder

Scope

The Azure Infra Engineer - Patching & Maintenance keeps our Azure platform secure, current, and compliant by owning the end-to-end patch and maintenance lifecycle. This mid-level role runs the weekly patch cycle across compute, containers, and platform services, and proactively tracks every core component against vendor End-of-Life / End-of-Support timelines, upgrading to supported versions before support lapses. It is a hands-on operations role with a strong automation focus and close coordination with service owners, security, and DevOps.

Our Current Technical Environment

  • Software: Azure Update Manager, Azure Automation, Azure Policy (Guest Configuration), PowerShell, Bash, and Azure CLI; ServiceNow for change management / CAB.
  • Application Architecture: Microservices on AKS (Stratosphere), Portal Shell and Portal Collaboration runtimes, the Event Framework (Event Grid / Service Bus), IAM, and API Management (self-hosted gateway).
  • Cloud Architecture: Microsoft Azure - Windows / Linux VMs, AKS node pools, MongoDB (Atlas), Entra ID / IAM, and APIM, with patch compliance and maintenance across every layer.
  • Frameworks/Others: Kubernetes / Helm, Azure Monitor / Log Analytics, vulnerability & CVE remediation workflows, and EOL/EOS lifecycle tracking; WSUS / SCCM, Ansible / Terraform, and ITIL practices; AZ-104 / AZ-400 aligned.

What You’ll Do

  • Plan and execute the weekly patch cycle for Windows/Linux VMs, AKS node pools, and platform middleware using Azure Update Manager and Azure Automation.
  • Publish and maintain a rolling maintenance calendar, coordinating patch windows with service owners to minimise business disruption.
  • Track OS, runtime, and dependency versions across IAM, APIM, MongoDB, Stratosphere, Portal Shell/Collaboration, and the Event Framework against vendor EOL/EOS timelines, and plan upgrade paths to supported or LTS versions well ahead of EOL.
  • Test patches and upgrades in non-production and validate rollback procedures before every production rollout.
  • Automate patch deployment and compliance reporting using Azure Update Manager, Azure Policy guest configuration, and Automation runbooks; monitor compliance dashboards and remediate non-compliant resources within SLA.
  • Coordinate emergency, out-of-band patching for critical CVEs and zero-day vulnerabilities with the security team.
  • Manage AKS cluster and node image upgrades, Helm chart bumps, and container base image refresh cycles; renew TLS certificates, keys, and secrets nearing expiry with the IAM team.
  • Maintain patch and maintenance documentation (change records, rollback plans, validation checklists) and report weekly patch compliance and EOL risk status to engineering leadership.

What We Are Looking For

  • 5-8 years in infrastructure operations, patch management, or SRE roles, with proven ability to plan and execute maintenance windows at minimal service disruption.
  • Hands-on experience with Azure Update Manager, Azure Automation, and Azure Policy guest configuration; patching Windows Server and Linux VM fleets at scale.
  • Familiarity with AKS node image upgrades and Kubernetes version lifecycle management, plus EOL/EOS lifecycle tracking for OS, databases, and middleware.
  • Experience with change management (ServiceNow CAB, scheduled maintenance windows) and vulnerability / CVE remediation workflows.
  • Scripting skills in PowerShell, Bash, or Azure CLI for patch automation; AZ-104 or AZ-400 certification preferred.
  • Nice to have: WSUS / SCCM, MongoDB Atlas automated upgrades, Ansible / Terraform, ITIL Foundation, and experience building EOL/EOS dashboards or CMDB integrations.

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.