Azure Infrastructure and Identity Architect

About The Position

Requirements

• 10+ years in IT infrastructure, with 6+ years designing and delivering on Microsoft Azure in a consulting or large-enterprise environment using IaC.
• Demonstrable track record as the lead architect on substantial Azure engagements (landing zone build-outs, large-scale migrations, or enterprise identity modernization).
• Direct experience in a billable consulting model, including pre-sales contribution and ownership of SOWs.
• Azure Landing Zones/CAF, Azure Policy, platform vs. application landing zone patterns.
• Networking & security: hub-and-spoke, Virtual WAN, Azure Firewall, NSGs and ASGs, Application Gateway/Front Door/WAF, Private Link and Private DNS, ExpressRoute, site-to-site VPN, DDoS protection.
• Identity: Entra ID tenant architecture, hybrid identity (Entra Connect, Cloud Sync, ADFS where relevant), Conditional Access design, MFA and passwordless rollouts, PIM, Entra ID Governance, B2B/B2C, workload identities and managed identities.
• Infrastructure as Code: production experience with Terraform.
• Migration: Azure Migrate (Discovery, Server Assessment, Server Migration), Azure Site Recovery, Database Migration Service, application dependency mapping, cutover planning.
• Governance, monitoring, and cost: Azure Policy and Initiatives, Microsoft Defender for Cloud, Azure Monitor, Log Analytics, cost management and FinOps fundamentals.
• Working knowledge of Microsoft 365 / Intune / Defender boundaries with Azure infrastructure work, sufficient to scope adjacent workstreams and route them appropriately.

Responsibilities

• Lead technical sales motions end-to-end, from discovery through deal closure. Translate ambiguous client needs into a credible technical approach, phased roadmap, and commercial model (T&M, fixed-fee).
• Author the technical content of Statements of Work, proposals, including assumptions, deliverables, RACI, and exit criteria.
• Build and defend bottom-up estimates; size delivery teams; identify and price in risk, dependencies.
• Deliver executive-level presentations, demos, and architecture walkthroughs; convert technical credibility into pipeline.
• Serve as the lead architect across one or more concurrent Azure engagements; own the end-to-end technical quality of what we ship.
• Set architectural direction for Azure Landing Zones aligned to CAF and WAF and properly sized to support our clients’ AI workloads.
• Design and oversee implementation of hub-and-spoke and Virtual WAN network topologies, including Azure Firewall/NVA strategy, Private Link, DNS, ExpressRoute, and segmentation patterns.
• Define the identity foundation: Microsoft Entra ID tenant design, hybrid identity, Conditional Access, PIM, Entra ID governance.
• Shape and lead on-prem to Azure migration programs: assessment with Azure Migrate, wave planning, replatform vs. rehost decisions, cutover strategy, and decommissioning. Cover VMware, Hyper-V, physical, and database workloads.
• Security and governance: Microsoft Defender for Cloud, Azure Policy, role-based access control, key and secret management, logging and monitoring (Azure Monitor, Log Analytics, Sentinel handoffs).
• Mentor more junior consultants; run internal architecture reviews and design clinics.
• Contribute to and curate practice IP: reference architectures, IaC modules, assessment templates, runbooks, and migration playbooks.
• Stay current with the Azure and Entra roadmaps.