Azure Network Consultant – TDA Contract

Role: Azure Network Consultant – TDA
Location: Mainly Remote – with some travel to Bristol
Duration: 3 Months
Rates: £620 per day (Inside IR35)

The Azure Network Consultant will be responsible for leading the end-to-end design and delivery of the migration of existing FortiGate virtual firewalls to Azure Firewall across multiple global Azure regions. This role will act as a technical design authority, owning the target-state architecture, security and routing patterns, policy governance model, and migration approach.
Key Responsibilities:
• Own technical discovery and solution definition: inventory current FortiGate policies, NAT, routing (UDRs/BGP), traffic flows and dependencies per region; drive requirements workshops and obtain design sign-off.
• Act as design authority for the target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.
• Lead translation and rationalisation of FortiGate rules (network, application, DNAT/SNAT, proxy requirements) into Azure Firewall Policy, managing feature gaps (e.g., TLS inspection, threat profiles) through agreed compensating controls.
• Own routing design and change execution (UDRs, vWAN routing, BGP/ExpressRoute considerations) to steer traffic through regional firewalls with minimal disruption.
• Lead public IP planning, SNAT port capacity analysis, and SKU sizing (Standard vs Premium) based on throughput, connection counts, and inspection requirements.
• Define logging, monitoring, and SOC integration with Log Analytics and Microsoft Sentinel, including retention, alerting, and operational dashboards aligned to incident response requirements.
• Lead integration design and validation with Zscaler (e.g., cloud connectors), Azure Front Door, and Application Gateway, including defined bypass vs inspection flows.
• Deliver and govern Infrastructure-as-Code (Terraform preferred): reusable modules, environment promotion, and Git-based change control; ensure changes are auditable and repeatable across regions.
• Develop and drive the migration strategy and runbooks per region, including sequencing, maintenance windows, validation plans, and clearly defined success/fail and rollback criteria.
• Mentor engineers and lead knowledge transfer; produce high-quality documentation (architecture, policy model, operations procedures) and support the transition to BAU operations.
• Design target Azure Firewall architecture using Azure Virtual WAN hub/spoke (regional hubs), including cross-region inspection patterns and north-south/east-west segmentation.

Please note this role is mainly remote based with 8 days onsite in Bristol within the first month.

This role has been determined as being inside IR35