Project Summary: Secure Azure Production Deployment (React + FastAPI + Postgres) We have an existing web application with the following stack: Frontend: React + Tailwind CSS Backend: Python FastAPI Database: PostgreSQL Current hosting: in-house staging server We are looking for an experienced engineer to migrate this system into a secure, production-grade Azure architecture. This is not a “lift and shift.” The expectation is a security-first design using Azure managed services and private networking. Target Architecture (High Level) • React frontend hosted on Azure Static Web Apps (or equivalent) • FastAPI backend hosted on Azure App Service or Azure Container Apps • Azure Database for PostgreSQL Flexible Server with private access only • Azure Blob Storage for generated resumes/files with private endpoint • Azure Key Vault for secrets • Managed Identity for service-to-service access • Azure VNet, subnets, private endpoints, and private DNS • Application Insights and basic alerting • Optional: Azure Front Door + WAF as the single public entry point Only the frontend and API should be publicly reachable. The database and storage must not be exposed to the public internet. Scope of Work • Review existing repo and staging deployment • Containerize backend if needed • Remove any reliance on local disk for persistent storage • Deploy secure Azure infrastructure (networking, private endpoints, DNS) • Deploy frontend and backend into Azure • Migrate Postgres data (pg_dump/pg_restore or equivalent) • Configure secrets and identities properly (no secrets in code) • Set up monitoring and basic alerts • Provide a clear handoff (diagram, runbook, smoke test checklist) Required Technical Expertise (Must-Have) • Hands-on experience deploying production workloads in Microsoft Azure • Azure networking: VNets, subnets, private endpoints, private DNS zones • Azure Database for PostgreSQL Flexible Server (private access) • Azure Blob Storage with private endpoints • Managed Identity and Azure Key Vault • Python FastAPI in production • CI/CD for Azure (GitHub Actions or Azure DevOps) • Security best practices for handling PII Nice to Have • Azure Front Door / WAF • Infrastructure as Code (Terraform or Bicep) • Prior experience securing systems with sensitive user data Deliverables • Production Azure deployment • Architecture diagram with real resource names • Migration and rollback runbook • Smoke test checklist • Short recorded walkthrough of the environment How to Apply Please describe: • Similar secure Azure deployments you have done • Which Azure services you have hands-on experience with • How you would approach private networking and secrets • Rough effort and timeline estimate