Editable, ATS-safe résumé templates you can download as Markdown, fill with your own details, and export to PDF — one for each of the three tracks this bootcamp maps to. They are built on the résumé lessons of Class 37, so they are not blank forms; they are the argument, pre-shaped.
[BRACKET], and delete lines that don't fit you.The full-spine résumé — the one written for the composite job posting on the landing page. Leads with the end-to-end platform and balances infrastructure, delivery, and operations. Start here if you want the broadest set of postings to say yes.
# [YOUR NAME] Cloud Engineer — Azure [City, Country] | [email@address] | [phone] GitHub: github.com/[you] | LinkedIn: linkedin.com/in/[you] ## Summary Cloud engineer with 18 months of intensive, portfolio-documented Azure engineering across infrastructure as code, secure delivery pipelines, and cost-aware architecture. Three production-shaped projects on GitHub, each scoped from a Microsoft reference architecture and defensible against the five Well-Architected pillars. AZ-900 certified; AZ-104 in progress. ## Technical Skills - Azure core: Virtual Networks, subnets, NSGs, private endpoints, App Service, Azure Storage, Azure SQL, Front Door, Application Gateway (WAF) - Identity and governance: Microsoft Entra ID, RBAC, managed identities, Azure Policy, management groups - Infrastructure as Code: Bicep, Terraform (remote state, modules, plan/what-if) - CI/CD: GitHub Actions, OIDC workload identity federation (no stored secrets), gated environments, branch protection - Containers: Docker, Azure Container Registry, Azure Container Apps - Observability: Azure Monitor, Log Analytics, KQL, Application Insights - Security: Key Vault, least privilege, Defender for Cloud - Cost / FinOps: Cost Analysis, budgets, tagging, right-sizing - Scripting: Azure CLI, PowerShell, Python ## Projects Enterprise Web Platform — github.com/[you]/enterprise-web-platform - Built a zone-redundant three-tier web app scoped from Microsoft's baseline reference architecture: Application Gateway with WAF fronting a private App Service and Azure SQL, secrets in Key Vault read by managed identity. - Shipped through a gated GitHub Actions pipeline authenticating by OIDC with zero stored secrets (gh secret list returns empty). - Result: a public application whose data tier is unreachable from the internet; README walks a reviewer from the public URL to a private row. Miniature Landing Zone — github.com/[you]/landing-zone - Designed a governed Azure estate from the Cloud Adoption Framework: a management-group hierarchy, deny policies for allowed regions and required tags, hub-and-spoke networking with private DNS, and centralised logging — all as code. AI Workload — github.com/[you]/ai-workload - Deployed an internal assistant on Azure OpenAI reachable only through a private endpoint, metered per caller at an API Management gateway, with token spend on a dashboard, shipped by the same pipeline as everything else. ## Decisions and Trade-offs - Chose Bicep over Terraform for an Azure-only estate — native tooling, no state to secure; would choose Terraform for a multi-cloud requirement. - Chose Container Apps over AKS — the workloads never needed the full Kubernetes surface, and the team could not staff cluster operations. ## Certifications - Microsoft Certified: Azure Fundamentals (AZ-900) — earned [Month Year] - Microsoft Certified: Azure Administrator Associate (AZ-104) — in progress ## Experience [Most recent role], [Company] — [Month Year to Present] - [Consequence bullet: action verb + the work + the technology + a measured outcome. Frame prior experience toward cloud where you can.] - [Second bullet, quantified where possible.] ## Education [Degree or relevant training], [Institution] — [Year]
Reweighted toward AZ-104: core infrastructure, identity and governance, networking, monitoring, and cost. Leads with the Landing Zone project. Start here if the postings you want say "administer," "operate," and "govern" more than "build."
# [YOUR NAME] Azure Administrator [City, Country] | [email@address] | [phone] GitHub: github.com/[you] | LinkedIn: linkedin.com/in/[you] ## Summary Azure administrator with 18 months of intensive, portfolio-documented experience operating and governing Azure estates — identity, networking, storage, monitoring, and cost. Comfortable expressing infrastructure and policy as code. AZ-104 in progress; AZ-900 certified. ## Technical Skills - Identity and access: Microsoft Entra ID, RBAC, managed identities, Conditional Access basics - Governance: Azure Policy (deny and DeployIfNotExists), management groups, tagging standards, resource organization - Networking: Virtual Networks, subnets, NSGs, private endpoints, private DNS, VPN Gateway, hub-and-spoke - Compute and storage: Virtual Machines, scale sets, App Service, Azure Storage (LRS/ZRS/GRS), Azure SQL, backup and restore - Monitoring: Azure Monitor, Log Analytics, KQL, diagnostic settings, alerts and action groups - Cost management: Cost Analysis, budgets, reservations, right-sizing - Automation: Azure CLI, PowerShell, Bicep ## Projects Miniature Landing Zone — github.com/[you]/landing-zone - Designed a governed Azure estate from the Cloud Adoption Framework: a management-group hierarchy, deny policies for allowed regions and required tags, hub-and-spoke networking with private DNS, and centralised logging via a DeployIfNotExists policy — all as code. - Result: any new workload lands already governed; nothing can be created ungoverned or untagged. Observability and Cost Guardrails — github.com/[you]/eyes-and-guardrails - Stood up centralised monitoring and a cost guardrail over a multi-resource estate: telemetry by policy, three owned alerts (not forty ignored ones), and a budget with a forecasted threshold. Private Web Application — github.com/[you]/private-application - Delivered a two-tier app with storage unreachable from the internet: private endpoint, private DNS, public access disabled, keyless managed-identity access — with an evidence runbook that proves each claim. ## Decisions and Trade-offs - Enforced tags with a modify policy inheriting cost-center from the resource group, rather than denying every untagged resource — enforcement that does not teach people to type "tbd". - Reserved only the measured flat floor of compute; left spiky workloads on pay-as-you-go. ## Certifications - Microsoft Certified: Azure Administrator Associate (AZ-104) — in progress - Microsoft Certified: Azure Fundamentals (AZ-900) — earned [Month Year] ## Experience [Most recent role], [Company] — [Month Year to Present] - [Consequence bullet: what you administered or automated, the technology, the measured outcome.] - [Second bullet, quantified where possible.] ## Education [Degree or relevant training], [Institution] — [Year]
Weighted toward Phase Three: Git, infrastructure as code, GitHub Actions federated to Azure, containers, and pipelines. Leads with the GitOps loop and the AI workload's delivery story. Start here if the postings emphasise CI/CD, automation, and "you build it, you run it."
# [YOUR NAME] DevOps Engineer — Azure [City, Country] | [email@address] | [phone] GitHub: github.com/[you] | LinkedIn: linkedin.com/in/[you] ## Summary DevOps engineer with 18 months of intensive, portfolio-documented experience shipping Azure infrastructure through reviewed, secret-free pipelines. Strong on Git, infrastructure as code, GitHub Actions with OIDC, and container delivery. AZ-900 certified; AZ-400 in progress. ## Technical Skills - CI/CD: GitHub Actions (workflows, reusable workflows, matrices), Azure Pipelines (classic and YAML), gated environments, approvals - Secure delivery: OIDC workload identity federation (no stored secrets), branch protection, CODEOWNERS, pipeline least privilege - Infrastructure as Code: Bicep, Terraform (remote state, modules, plan/what-if, drift detection) - Containers: Docker, Azure Container Registry, Azure Container Apps, image scanning - Source control: Git (trunk-based and GitFlow), pull-request review, semantic versioning - Observability: Azure Monitor, Log Analytics, KQL, Application Insights, alerting - Scripting: Bash, PowerShell, Python; Azure CLI - Security: Key Vault, managed identities, Defender for Cloud scanners ## Projects The GitOps Loop — github.com/[you]/gitops-loop - Built a full delivery loop: a pull request that runs a what-if plan, a merge that deploys to non-production, a human-gated production stage, and OIDC authentication with zero stored secrets — verified by an empty gh secret list. - Result: no one deploys by clicking; every change is reviewed, planned, and reproducible. AI Workload delivery — github.com/[you]/ai-workload - Shipped an Azure OpenAI assistant's entire infrastructure through the same pipeline as everything else: private endpoint, keyless identity, an API Management gateway metering tokens per caller, and a spend dashboard. Enterprise Web Platform — github.com/[you]/enterprise-web-platform - Delivered a zone-redundant three-tier app end to end through a gated pipeline, with deployment slots for zero-downtime releases and telemetry flowing from day one. ## Decisions and Trade-offs - Converted classic release pipelines to YAML only when touched, and federated the riskiest secret-bearing service connection first — migration by risk, not by crusade. - Used self-hosted runners only where a private-network reach demanded it, with the same patching and least-privilege discipline as production. ## Certifications - Microsoft Certified: Azure Fundamentals (AZ-900) — earned [Month Year] - Microsoft Certified: DevOps Engineer Expert (AZ-400) — in progress ## Experience [Most recent role], [Company] — [Month Year to Present] - [Consequence bullet: the pipeline or automation you built, the technology, the measured outcome — lead times, deploy frequency, toil removed.] - [Second bullet, quantified where possible.] ## Education [Degree or relevant training], [Institution] — [Year]
Where these come from: the résumé philosophy behind every line — consequence bullets, honest tenure, the decisions-and-trade-offs section — is taught in Class 37, Landing the Job. The three projects they reference are the capstone plates; build those, and the Projects section fills itself with things a reviewer can actually clone. Then rehearse the questions on the interview page and walk in with a plan for your first ninety days.