Azure DevOps Engineer

???? Mission

You will own and maintain the deployment process for NOVELDO AI’s product (AskSopia). Your responsibility is to keep our Dev ? Test ? Prod environments clean, consistent, and secure, and to ensure that changes move through them in a controlled, repeatable way.

This is not just “keeping servers running” — you are the guardian of process discipline.

?

????? Responsibilities
1. Environment Management
• Maintain three environments: dev, tst, prod.
• Ensure each environment uses its own subscription, storage, key vault, search index, and OpenAI resource.
• No direct human edits in tst/prod. All changes must flow through pipelines.
2. Infrastructure as Code (IaC)
• All infra is deployed from Bicep (or Terraform) templates.
• Parameter files control env differences (dev.json, tst.json, prod.json).
• Pipelines run IaC automatically. Never “click-deploy” in the portal except for debugging in dev.
3. CI/CD Pipelines
• Maintain two pipelines:
• Infrastructure pipeline – deploys Azure resources via Bicep.
• Application pipeline – deploys app code, functions, search index updates.
• Dev deploys automatically; Tst and Prod require manual approvals.
• Pipelines must be documented and visible in Azure DevOps.
4. Security & Secrets
• All secrets stored in Key Vault (per env).
• All apps use Managed Identity to read secrets; no secrets in code.
• Follow least privilege: Devs have Contributor in dev, Reader in tst/prod, only pipelines can write.
5. Monitoring & Logs
• Ensure each environment has Application Insights + Log Analytics wired.
• Set up alerts for errors, outages, cost spikes.
• Report weekly: “System health across dev/tst/prod.”
6. Process Discipline
• Every deployment = pipeline run + approval + log.
• Keep IaC repo clean and versioned.
• Keep an architecture diagram and runbook updated.

?

? Success Criteria (Your KPIs)
• Environments are always consistent (no “snowflakes”).
• Any new feature can be deployed to dev in