Purple Drive
Cloud Migration Specialist (GCP to Azure)
Purple Drive, Jersey City, New Jersey, United States, 07390
Cloud Migration Specialist (GCP to Azure)
Cloud Migration Specialist
- Leads the transition of workloads from GCP to Azure, including infrastructure-as-code and observability tooling
Objectives
- Design and deploy a production-ready Azure Landing Zone across multiple regions.
- Automate subscription provisioning, resource deployment, and policy enforcement.
- Integrate DevSecOps, observability, and identity governance into the cloud platform.
- Migrate and modernize workloads such as LedgerScan from GCP to Azure.
- Ensure compliance with internal controls and regulatory standards.
- Scope of Work
A. Organization Structure Governance
- Define and implement a management group hierarchy (Options AC evaluated).
- Standardize naming conventions and tagging strategies.
- Automate subscription vending using Terraform and ServiceNow integration.
- Enforce Azure Policies via Infrastructure as Code (IaC).
B. Networking
- Deploy a dual-region Azure Virtual WAN (vWAN) hub-and-spoke architecture.
- Implement Cloud NGFW (Palo Alto) and Azure Firewall Premium.
- Design DNS resolution using Infoblox andor Azure DNS Private Resolver.
- Enable hybrid connectivity via ExpressRoute, Site-to-Site VPN, and SD-WAN.
C. Security Identity
- Implement Privileged Identity Management (PIM) and Conditional Access.
- Automate RBAC assignments and access reviews.
- Manage secrets using Azure Key Vault with automated rotation.
- Enforce policy-as-code and integrate with Terraform pipelines.
D. DevSecOps Observability
- Standardize CICD pipelines using GitLab, Terraform Enterprise, and Jenkins.
- Integrate security tools (tfsec, Checkov, TFLint) into pipelines.
- Deploy centralized logging via Azure Log Analytics with RBAC and retention policies.
- Enable monitoring and alerting using Azure Monitor, Sentinel, and Grafana.
E. Disaster Recovery High Availability
- Design DR strategies (Active-Passive, Hot Standby, Active-Active) based on workload tiers.
- Implement Azure Site Recovery (ASR) for failover automation.
- Define Recovery Time Objective (RTO) Recovery Point Objective (RPO) targets and validate through testing.
F. Workload Migration
- Rehost and modernize applications like LedgerScan from GCP to Azure.
- Assess performance, compliance, and DR requirements for each workload.
- Internal (Green)Align migration with DTCCs cloud standardization and security frameworks.
4. Deliverables
- Azure Landing Zone architecture documentation
- Terraform modules and CICD pipeline configurations
- Subscription vending automation workflows
- Security and compliance policy sets
- Logging and monitoring dashboards
- DRHA implementation plans
- Migration playbooks for identified workloads
5. Evaluation Criteria
- Proven experience with Azure Landing Zone deployments
- Expertise in Terraform, GitLab, and Azure DevOps
- Familiarity with financial services compliance and security standards
- Ability to deliver automated, scalable, and secure cloud infrastructure
- References from similar enterprise-scale cloud transformation projects
4. Azure Services Highlighted
- The following Azure services are proposed as direct or functional replacements for existing GCP infrastructure components
- The following Azure services have been identified as potential key components in the migration from Google Cloud Platform (GCP) to Microsoft Azure.
- These services are proposed as direct or functional replacements for existing GCP infrastructure components
- Azure App Service and Azure Static Web Apps Proposed replacements for GCP App Engine.
- Azure API Management As a c
Cloud Migration Specialist
- Leads the transition of workloads from GCP to Azure, including infrastructure-as-code and observability tooling
Objectives
- Design and deploy a production-ready Azure Landing Zone across multiple regions.
- Automate subscription provisioning, resource deployment, and policy enforcement.
- Integrate DevSecOps, observability, and identity governance into the cloud platform.
- Migrate and modernize workloads such as LedgerScan from GCP to Azure.
- Ensure compliance with internal controls and regulatory standards.
- Scope of Work
A. Organization Structure Governance
- Define and implement a management group hierarchy (Options AC evaluated).
- Standardize naming conventions and tagging strategies.
- Automate subscription vending using Terraform and ServiceNow integration.
- Enforce Azure Policies via Infrastructure as Code (IaC).
B. Networking
- Deploy a dual-region Azure Virtual WAN (vWAN) hub-and-spoke architecture.
- Implement Cloud NGFW (Palo Alto) and Azure Firewall Premium.
- Design DNS resolution using Infoblox andor Azure DNS Private Resolver.
- Enable hybrid connectivity via ExpressRoute, Site-to-Site VPN, and SD-WAN.
C. Security Identity
- Implement Privileged Identity Management (PIM) and Conditional Access.
- Automate RBAC assignments and access reviews.
- Manage secrets using Azure Key Vault with automated rotation.
- Enforce policy-as-code and integrate with Terraform pipelines.
D. DevSecOps Observability
- Standardize CICD pipelines using GitLab, Terraform Enterprise, and Jenkins.
- Integrate security tools (tfsec, Checkov, TFLint) into pipelines.
- Deploy centralized logging via Azure Log Analytics with RBAC and retention policies.
- Enable monitoring and alerting using Azure Monitor, Sentinel, and Grafana.
E. Disaster Recovery High Availability
- Design DR strategies (Active-Passive, Hot Standby, Active-Active) based on workload tiers.
- Implement Azure Site Recovery (ASR) for failover automation.
- Define Recovery Time Objective (RTO) Recovery Point Objective (RPO) targets and validate through testing.
F. Workload Migration
- Rehost and modernize applications like LedgerScan from GCP to Azure.
- Assess performance, compliance, and DR requirements for each workload.
- Internal (Green)Align migration with DTCCs cloud standardization and security frameworks.
4. Deliverables
- Azure Landing Zone architecture documentation
- Terraform modules and CICD pipeline configurations
- Subscription vending automation workflows
- Security and compliance policy sets
- Logging and monitoring dashboards
- DRHA implementation plans
- Migration playbooks for identified workloads
5. Evaluation Criteria
- Proven experience with Azure Landing Zone deployments
- Expertise in Terraform, GitLab, and Azure DevOps
- Familiarity with financial services compliance and security standards
- Ability to deliver automated, scalable, and secure cloud infrastructure
- References from similar enterprise-scale cloud transformation projects
4. Azure Services Highlighted
- The following Azure services are proposed as direct or functional replacements for existing GCP infrastructure components
- The following Azure services have been identified as potential key components in the migration from Google Cloud Platform (GCP) to Microsoft Azure.
- These services are proposed as direct or functional replacements for existing GCP infrastructure components
- Azure App Service and Azure Static Web Apps Proposed replacements for GCP App Engine.
- Azure API Management As a c