Enhanced Environmental Water Delivery (EEWD) – Cloud Engineer Professional Services Requirement

Overview

The Murray-Darling Basin Authority (MDBA) seeks Cloud Engineer Services for a 100-day period to provide professional services supporting two key application development projects: one built on Microsoft Dynamics 365 (D365), and another a Python-based web application integrated with eWater Source as the backend modelling engine. The Cloud Engineer will collaborate with MDBA project teams and the solution architect to design, deploy, and configure cloud infrastructure that is secure, scalable, and tailored to meet the technical and operational requirements of these projects.

Scope of Services

The Cloud Engineer will provide services aligned with delivering the Scenario Testing Tool (STT) and the Environmental Water Ordering Tool (EWOT) projects, including but not limited to:

1. Identity and Access Management

• Design, implement, and manage Azure AD identity strategies including Conditional Access Policies, Multi-Factor Authentication (MFA), and Role-Based Access Control (RBAC).
• Work alongside security teams to ensure compliance and audit readiness.
• Support integration of identities for internal and external applications, leveraging service principals, managed identities, and OAuth/OpenID Connect.

2. Azure Services Management

• Configure and manage Azure Kubernetes Service (AKS) clusters including deployment, scaling, monitoring, and network policies.
• Set up and support Azure DevTest Labs and Azure Virtual Desktop (AVD) environments for secure development and testing.
• Build, test, and deploy custom OS and container images.
• Configure Azure API Management (APIM) for secure and scalable API integrations.

3. DevOps & CI/CD

• Develop and maintain Azure DevOps pipelines for infrastructure provisioning and application deployment.
• Implement Infrastructure as Code (IaC) using Bicep.

4. Application Hosting & Integration

• Deploy and configure web applications within Azure App Service plans.
• Integrate applications securely with identity providers, APIM, and external services.
• Configure and manage Nginx for reverse proxy, load balancing, queue management, and session state handling in containerized or hybrid environments.

5. Cloud Infrastructure Operations

• Manage IaaS environments, including virtual networks, storage, compute, and monitoring.
• Perform performance tuning, cost management, automated alerting, and ensure high availability and resilience.
• Maintain system health and cost optimisation.

The service provider must demonstrate:

• Proven experience with Azure cloud environments, identity management, Conditional Access, RBAC, and zero-trust security models.
• Expertise in Azure Kubernetes Service (AKS), Azure DevTest Labs, Azure Virtual Desktop (AVD), and Azure App Services.
• Experience with containerization technologies such as Docker and Kubernetes, including custom OS image creation.
• Knowledge of Azure API Management (APIM) configuration and security.
• Strong skills with Nginx, including load balancing, reverse proxy configuration, and session management.
• Advanced scripting and automation with PowerShell and Bicep.
• Experience developing and maintaining Azure DevOps CI/CD pipelines.
• Familiarity with Azure networking and firewall rules.
• Ability to produce clear and comprehensive documentation.