Sr. Azure Cloud Architect
3B Staffing LLC, Boston, MA, United States
Key Responsibilities
You will lead the review of the existing environment and workloads, and design and implement best practices within the environment, focusing on:
Governance & Organization
Define management group hierarchy, subscription strategy, and resource organization.
Establish naming conventions and tagging standards for resources by aligning with work already done by others within the IT organization.
Implement Azure Policy for compliance and governance.
Identity & Access
Review and identify gaps in the existing RBAC and Privileged Identity Management (PIM) configurations to ensure least-privileged access.
Implement Managed Identities for applications and automation.
Networking
Design Virtual Network (VNet) architecture with IP planning for future growth.
Configure subnets, Network Security Groups (NSGs), and Private Endpoints.
Define best practices for networking based on various workloads running within Azure.
Security & Compliance
Review the existing setup of Defender for Cloud and configure security baselines if required.
Set up standard policies for Azure Key Vault for secrets and certificates for use among various services.
Ensure encryption at rest and in transit across all existing services and new services being created within Azure.
Cost Management
Implement Cost Management + Budgets and tagging for cost allocation.
Advise on Reserved Instances or Savings Plans for predictable workloads.
Design forecasting and alerting capabilities for budgets on the tenant level and per application level.
Monitoring & Observability
Deploy Log Analytics Workspace, Azure Monitor, and Application Insights.
Define alerting rules, dashboards, and operational monitoring strategy.
Create and document standards for logging and monitoring to be followed by all applications deployed within the Azure environment.
Deployment & Automation
Implement baseline Landing Zone(s) as Infrastructure-as-Code (IaC) using Bicep or Terraform templates.
Set up CI/CD pipelines with GitHub Actions.
Define environment best practices and strategy [RM2.1][MD2.2](Dev/Test/Prod separation) and related networking, security, and observability standards.
Application Architecture Standardization
Advise on compute options (App Service, AKS, VMs) for future workloads.
Design standards for scalability, resilience, and disaster recovery.
Review the architecture of an AI-enabled full-stack application and a Lakehouse architecture to determine the correct security, networking, governance, and observability policies.
Documentation & Knowledge Transfer
Document architecture, policies, and operational runbooks.
Conduct knowledge transfer sessions for OSA IT staff.
Required Skills & Experience[WCC3.1][MD3.2]
10+ years in IT architecture, with 5+ years in cloud architecture (Azure preferred).
Strong experience with Azure Landing Zones and Cloud Adoption Framework.
Expertise in Azure networking, identity, security, and governance.
Expertise in working with business stakeholders to gather requirements regarding Disaster Recovery and Business Continuity, and implementing the relevant technical controls and policies within Azure.
Hands-on experience with IaC tools (Terraform or Bicep).
Familiarity with CI/CD pipelines and DevOps practices.
Expertise in engagement with business users to align business objectives with technical considerations within Azure.
Excellent communication [WCC4.1][MD4.2]and documentation skills.
Preferred Qualifications
Microsoft Certified: Azure Solutions Architect Expert.
Experience in Azure environments that are in the early cloud adoption stage.
Knowledge of cost optimization strategies in Azure.
You will lead the review of the existing environment and workloads, and design and implement best practices within the environment, focusing on:
Governance & Organization
Define management group hierarchy, subscription strategy, and resource organization.
Establish naming conventions and tagging standards for resources by aligning with work already done by others within the IT organization.
Implement Azure Policy for compliance and governance.
Identity & Access
Review and identify gaps in the existing RBAC and Privileged Identity Management (PIM) configurations to ensure least-privileged access.
Implement Managed Identities for applications and automation.
Networking
Design Virtual Network (VNet) architecture with IP planning for future growth.
Configure subnets, Network Security Groups (NSGs), and Private Endpoints.
Define best practices for networking based on various workloads running within Azure.
Security & Compliance
Review the existing setup of Defender for Cloud and configure security baselines if required.
Set up standard policies for Azure Key Vault for secrets and certificates for use among various services.
Ensure encryption at rest and in transit across all existing services and new services being created within Azure.
Cost Management
Implement Cost Management + Budgets and tagging for cost allocation.
Advise on Reserved Instances or Savings Plans for predictable workloads.
Design forecasting and alerting capabilities for budgets on the tenant level and per application level.
Monitoring & Observability
Deploy Log Analytics Workspace, Azure Monitor, and Application Insights.
Define alerting rules, dashboards, and operational monitoring strategy.
Create and document standards for logging and monitoring to be followed by all applications deployed within the Azure environment.
Deployment & Automation
Implement baseline Landing Zone(s) as Infrastructure-as-Code (IaC) using Bicep or Terraform templates.
Set up CI/CD pipelines with GitHub Actions.
Define environment best practices and strategy [RM2.1][MD2.2](Dev/Test/Prod separation) and related networking, security, and observability standards.
Application Architecture Standardization
Advise on compute options (App Service, AKS, VMs) for future workloads.
Design standards for scalability, resilience, and disaster recovery.
Review the architecture of an AI-enabled full-stack application and a Lakehouse architecture to determine the correct security, networking, governance, and observability policies.
Documentation & Knowledge Transfer
Document architecture, policies, and operational runbooks.
Conduct knowledge transfer sessions for OSA IT staff.
Required Skills & Experience[WCC3.1][MD3.2]
10+ years in IT architecture, with 5+ years in cloud architecture (Azure preferred).
Strong experience with Azure Landing Zones and Cloud Adoption Framework.
Expertise in Azure networking, identity, security, and governance.
Expertise in working with business stakeholders to gather requirements regarding Disaster Recovery and Business Continuity, and implementing the relevant technical controls and policies within Azure.
Hands-on experience with IaC tools (Terraform or Bicep).
Familiarity with CI/CD pipelines and DevOps practices.
Expertise in engagement with business users to align business objectives with technical considerations within Azure.
Excellent communication [WCC4.1][MD4.2]and documentation skills.
Preferred Qualifications
Microsoft Certified: Azure Solutions Architect Expert.
Experience in Azure environments that are in the early cloud adoption stage.
Knowledge of cost optimization strategies in Azure.