Role introductionHSO is seeking an Azure Cloud Architect to lead solution design and drive hands-on delivery of complex Microsoft Azure engagements for our clients. This role owns the architecture from discovery through implementation-spanning landing zones, migrations, identity & security, IaC, and cloud governance-while staying grounded in the platform and working directly alongside engineers and clients. A key part of the role is leading large-scale migrations and deployments, mentoring delivery teams, and building reusable assets.
As an Azure Cloud Architect, you can expect to...- Azure Architecture & Platform Engineering
- Architect enterprise-scale Azure Landing Zones aligned to CAF and Well-Architected principles: management groups, subscriptions, Azure Policy, RBAC, and platform automation.
- Define compute and PaaS patterns: VM/VMSS sizing, AKS, App Service/Functions, and Container Registry as appropriate.
- Architect Azure Virtual Desktop solutions: host pool design, FSLogix profile strategy on Azure Files or Azure NetApp Files, Scaling Plans, and AVD Insights monitoring.
- Lead design sessions, produce Architecture Decision Records (ADRs), and validate approaches through hands-on proof-of-concept builds.
- Azure Migration
- Lead cloud migration programs across a range of scenarios: on-premises-to-Azure, cloud-to-cloud (e.g., AWS to Azure), and application modernization and refactoring efforts.
- Drive discovery and assessment: dependency mapping, workload inventory, rehost/replatform/refactor recommendations, and wave planning.
- Manage cutover execution and hypercare: tooling selection, replication monitoring, test migrations, rollback procedures, and stakeholder communication throughout.
- Identity & Security
- Architect Zero Trust models with Microsoft Entra ID: Conditional Access, PIM role patterns, hybrid identity (Entra Connect/Cloud Sync), and app registration governance.
- Define security blueprints: Azure Policy, Defender for Cloud, Microsoft Sentinel, Defender XDR integrations, and Key Vault design.
- Map controls to compliance frameworks (ISO 27001, SOC 2, HIPAA, PCI-DSS as applicable) and drive Secure Score improvements.
- Automation, IaC & CI/CD
- Build modular IaC frameworks in Terraform and/or Bicep: reusable landing zone modules, policy-as-code, and coding standards for delivery teams.
- Design CI/CD pipelines in Azure DevOps and/or GitHub Actions: environment gates, drift detection, and pre-deployment compliance checks.
- Author automation in PowerShell, Azure CLI, and Python: bootstrap scripts, governance tooling, and operational runbooks.
- Observability, Resilience & FinOps
- Design observability platforms: Log Analytics workspace architecture, Azure Monitor, Workbook/dashboard frameworks, and alerting.
- Architect BCDR solutions with Azure Backup, Site Recovery, and cross-region topologies; validate against RTO/RPO targets.
- Lead FinOps efforts: tagging standards, Cost Management reporting, reservation/Savings Plans strategy, and optimization roadmaps.
- Consulting & Client Engagement
- Lead discovery workshops, design sessions, and Well-Architected Reviews; present architecture options with clear trade-offs to technical and business stakeholders.
- Stay hands-on throughout delivery: validate designs through working code and demonstrate patterns directly alongside client teams.
- Mentor delivery engineers through design reviews, pairing on complex problems, and code reviews.
- Architect enterprise-scale Azure Landing Zones aligned to CAF and Well-Architected principles: management groups, subscriptions, Azure Policy, RBAC, and platform automation.
- Design network topologies (hub-and-spoke or Virtual WAN): Azure Firewall, Application Gateway/WAF, Private Link, ExpressRoute/VPN, and DDoS Protection.
- Contribute to pre-sales: solution scoping, proposal authoring, SOW definition, and engagement estimates.
You're great at...- Architecting enterprise-scale Azure Landing Zones aligned to Cloud Adoption Framework and Well-Architected principles.
- Leading cloud migration programs across various scenarios, including discovery and assessment.
- Defining security blueprints and architecting Zero Trust models with Microsoft Entra ID and Defender for Cloud.
- Building modular Infrastructure as Code frameworks (Terraform/Bicep) and designing CI/CD pipelines.
- Leading FinOps efforts, designing observability platforms, and architecting robust business continuity solutions.
- Packaging, deploying, and maintaining applications using Intune
- Managing escalated technical issues while remaining calm, professional, and client-focused
- Learning new technologies quickly and applying them in real-world scenarios
- Providing technical thought leadership in Modern Workplace, system integration, and automation
- Communicating complex technical concepts clearly to non-technical stakeholders
- Working independently while owning deliverables and collaborating effectively with team members
- Promoting the mission and shared values of the company
Sound interesting? If so, you'll have...- 8+ years of hands-on experience architecting and delivering Azure solutions across networking, compute, storage, identity, and security.
- Proven experience leading Azure migration programs-on-premises, cloud-to-cloud, or application modernization-including assessment, wave planning, cutover, and stabilization.
- Proven delivery of enterprise Azure Landing Zones: management group design, Azure Policy, RBAC frameworks, and platform automation.
- Solid IaC experience in Terraform and/or Bicep with Azure DevOps or GitHub Actions CI/CD pipelines.
- Strong Azure networking fundamentals: hub-and-spoke or Virtual WAN, Azure Firewall, Application Gateway/WAF, Private Link, and ExpressRoute/VPN.
- Microsoft Entra ID experience: Conditional Access, PIM, hybrid identity, and Zero Trust concepts.
- Familiarity with Azure security services: Defender for Cloud, Microsoft Sentinel, Key Vault, and compliance frameworks.
- AVD experience: host pool design, FSLogix profiles, Scaling Plans, and monitoring.
- Proficiency in PowerShell and Azure CLI; Python is a plus.
- Strong analytical, problem-solving, and troubleshooting skills
- Excellent written, verbal, and presentation skills
- Strong client-facing skills, empathy, and the ability to guide clients through complex technical challenges
- Ability to work independently, take ownership, and translate goals into actionable outcomes
- Preferred qualifications include:
- Experience with tenant-to-tenant Microsoft 365 migrations: Exchange Online, SharePoint/OneDrive, Teams, and Entra ID coexistence and cutover.
- Microsoft 365 platform: Intune, Exchange Online, SharePoint/OneDrive, Teams, and Purview.
- Copilot readiness/governance, Copilot Studio development, and Microsoft Foundry experience.
- AKS/Kubernetes and cloud data platform experience (SQL MI, Cosmos DB, Synapse Analytics, or Fabric).
- Pre-sales and consulting delivery: scoping workshops, SOW authoring, and client relationship management.
- Microsoft Certified: Azure Solutions Architect Expert (AZ-305)
- Microsoft Certified: Azure Administrator Associate (AZ-104)
- Microsoft Certified: Azure Security Engineer Associate (AZ-500) or Cybersecurity Architect Expert (SC-100)
- Microsoft Certified: DevOps Engineer Expert (AZ-400)
- Microsoft Certified: Azure Network Engineer Associate (AZ-700)
- Microsoft 365 Certified (e.g., Enterprise Administrator Expert)
The PerksWe offer competitive pay and a comprehensive benefits package designed to support your health, flexibility, and long-term success. Benefits include generous paid time off, medical, dental and vision coverage, flexible spending accounts, a health reimbursement account, and a 401(k) plan with company match. You'll also work alongside collaborative, driven teammates in a dynamic and growing professional services environment.
