Azure Cloud Architect

HSO is seeking an Azure Cloud Architect to lead solution design and drive hands-on delivery of complex Microsoft Azure engagements for our clients. This role owns the architecture from discovery through implementation—spanning landing zones, migrations, identity & security, IaC, and cloud governance—while staying grounded in the platform and working directly alongside engineers and clients. A key part of the role is leading large-scale migrations and deployments, mentoring delivery teams, and building reusable assets. 

As an Azure Cloud Architect, you can expect to…

• Azure Architecture & Platform Engineering 
  • Architect enterprise-scale Azure Landing Zones aligned to CAF and Well-Architected principles: management groups, subscriptions, Azure Policy, RBAC, and platform automation. 
  • Define compute and PaaS patterns: VM/VMSS sizing, AKS, App Service/Functions, and Container Registry as appropriate. 
  • Architect Azure Virtual Desktop solutions: host pool design, FSLogix profile strategy on Azure Files or Azure NetApp Files, Scaling Plans, and AVD Insights monitoring. 
  • Lead design sessions, produce Architecture Decision Records (ADRs), and validate approaches through hands-on proof-of-concept builds. 
    
    
• Azure Migration 
  • Lead cloud migration programs across a range of scenarios: on-premises-to-Azure, cloud-to-cloud (e.g., AWS to Azure), and application modernization and refactoring efforts. 
  • Drive discovery and assessment: dependency mapping, workload inventory, rehost/replatform/refactor recommendations, and wave planning. 
  • Manage cutover execution and hypercare: tooling selection, replication monitoring, test migrations, rollback procedures, and stakeholder communication throughout. 
    
    
• Identity & Security 
  • Architect Zero Trust models with Microsoft Entra ID: Conditional Access, PIM role patterns, hybrid identity (Entra Connect/Cloud Sync), and app registration governance. 
  • Define security blueprints: Azure Policy, Defender for Cloud, Microsoft Sentinel, Defender XDR integrations, and Key Vault design. 
  • Map controls to compliance frameworks (ISO 27001, SOC 2, HIPAA, PCI-DSS as applicable) and drive Secure Score improvements. 
    
    
• Automation, IaC & CI/CD 
  • Build modular IaC frameworks in Terraform and/or Bicep: reusable landing zone modules, policy-as-code, and coding standards for delivery teams. 
  • Design CI/CD pipelines in Azure DevOps and/or GitHub Actions: environment gates, drift detection, and pre-deployment compliance checks. 
  • Author automation in PowerShell, Azure CLI, and Python: bootstrap scripts, governance tooling, and operational runbooks. 
    
    
• Observability, Resilience & FinOps 
  • Design observability platforms: Log Analytics workspace architecture, Azure Monitor, Workbook/dashboard frameworks, and alerting. 
  • Architect BCDR solutions with Azure Backup, Site Recovery, and cross-region topologies; validate against RTO/RPO targets. 
  • Lead FinOps efforts: tagging standards, Cost Management reporting, reservation/Savings Plans strategy, and optimization roadmaps. 
    
    
• Consulting & Client Engagement 
  • Lead discovery workshops, design sessions, and Well-Architected Reviews; present architecture options with clear trade-offs to technical and business stakeholders. 
  • Stay hands-on throughout delivery: validate designs through working code and demonstrate patterns directly alongside client teams. 
  • Mentor delivery engineers through design reviews, pairing on complex problems, and code reviews. 
  • Architect enterprise-scale Azure Landing Zones aligned to CAF and Well-Architected principles: management groups, subscriptions, Azure Policy, RBAC, and platform automation. 
  • Design network topologies (hub-and-spoke or Virtual WAN): Azure Firewall, Application Gateway/WAF, Private Link, ExpressRoute/VPN, and DDoS Protection. 
  • Contribute to pre-sales: solution scoping, proposal authoring, SOW definition, and engagement estimates. 

You’re great at…

• Architecting enterprise-scale Azure Landing Zones aligned to Cloud Adoption Framework and Well-Architected principles.
• Leading cloud migration programs across various scenarios, including discovery and assessment.
• Defining security blueprints and architecting Zero Trust models with Microsoft Entra ID and Defender for Cloud.
• Building modular Infrastructure as Code frameworks (Terraform/Bicep) and designing CI/CD pipelines.
• Leading FinOps efforts, designing observability platforms, and architecting robust business continuity solutions.
• Packaging, deploying, and maintaining applications using Intune
• Managing escalated technical issues while remaining calm, professional, and client-focused
• Learning new technologies quickly and applying them in real-world scenarios
• Providing technical thought leadership in Modern Workplace, system integration, and automation
• Communicating complex technical concepts clearly to non-technical stakeholders
• Working independently while owning deliverables and collaborating effectively with team members
• Promoting the mission and shared values of the company

Sound interesting? If so, you’ll have…

• 8+ years of hands-on experience architecting and delivering Azure solutions across networking, compute, storage, identity, and security. 
• Proven experience leading Azure migration programs—on-premises, cloud-to-cloud, or application modernization—including assessment, wave planning, cutover, and stabilization. 
• Proven delivery of enterprise Azure Landing Zones: management group design, Azure Policy, RBAC frameworks, and platform automation. 
• Solid IaC experience in Terraform and/or Bicep with Azure DevOps or GitHub Actions CI/CD pipelines. 
• Strong Azure networking fundamentals: hub-and-spoke or Virtual WAN, Azure Firewall, Application Gateway/WAF, Private Link, and ExpressRoute/VPN. 
• Microsoft Entra ID experience: Conditional Access, PIM, hybrid identity, and Zero Trust concepts. 
• Familiarity with Azure security services: Defender for Cloud, Microsoft Sentinel, Key Vault, and compliance frameworks. 
• AVD experience: host pool design, FSLogix profiles, Scaling Plans, and monitoring. 
• Proficiency in PowerShell and Azure CLI; Python is a plus. 
• Strong analytical, problem-solving, and troubleshooting skills
• Excellent written, verbal, and presentation skills
• Strong client-facing skills, empathy, and the ability to guide clients through complex technical challenges
• Ability to work independently, take ownership, and translate goals into actionable outcomes
• Preferred qualifications include: 
  • Experience with tenant-to-tenant Microsoft 365 migrations: Exchange Online, SharePoint/OneDrive, Teams, and Entra ID coexistence and cutover. 
  • Microsoft 365 platform: Intune, Exchange Online, SharePoint/OneDrive, Teams, and Purview. 
  • Copilot readiness/governance, Copilot Studio development, and Microsoft Foundry experience. 
  • AKS/Kubernetes and cloud data platform experience (SQL MI, Cosmos DB, Synapse Analytics, or Fabric). 
  • Pre-sales and consulting delivery: scoping workshops, SOW authoring, and client relationship management. 
  • Microsoft Certified: Azure Solutions Architect Expert (AZ-305) 
  • Microsoft Certified: Azure Administrator Associate (AZ-104) 
  • Microsoft Certified: Azure Security Engineer Associate (AZ-500) or Cybersecurity Architect Expert (SC-100) 
  • Microsoft Certified: DevOps Engineer Expert (AZ-400) 
  • Microsoft Certified: Azure Network Engineer Associate (AZ-700) 
  • Microsoft 365 Certified (e.g., Enterprise Administrator Expert)

The Perks

We offer competitive pay and a comprehensive benefits package designed to support your health, flexibility, and long-term success. Benefits include generous paid time off, medical, dental and vision coverage, flexible spending accounts, a health reimbursement account, and a 401(k) plan with company match. You’ll also work alongside collaborative, driven teammates in a dynamic and growing professional services environment.

HSO is an Equal Opportunity Employer.