Senior Azure Infrastructure Architect

Position Summary

We are seeking a Senior Azure Infrastructure Architect to lead the design, delivery, and governance of secure Azure cloud foundations for enterprise clients. This is a hands-on, client-facing role that combines deep Azure technical expertise with consulting skills in requirement gathering, solution design, and implementation.

You will shape reference architectures, stand up production-grade landing zones, and ensure hybrid and cloud-native workloads are deployed securely, cost-effectively, and in line with Microsoft’s leading practices. As a trusted advisor, you’ll guide clients through end-to-end Azure adoption while mentoring engineering teams.

Job Description

Strategy & Vision

• Develop and maintain a comprehensive Azure cloud strategy aligned to the client's business and IT objectives.

• Act as a trusted advisor on cloud adoption, modernization, and governance.

Solution Design

• Architect secure, scalable, and reliable cloud-native and hybrid solutions on Azure.

• Translate requirements into HLD/LLD, diagrams, runbooks, and standards tailored to client needs.

Landing Zones & Core Architecture

• Design and implement Azure landing zones aligned with Microsoft CAF and Well-Architected Framework.

• Build secure foundations: hub-and-spoke/vWAN, private endpoints, DNS, Azure Firewall/WAF, Front Door, Application Gateway.

Networking & Hybrid Connectivity

• Architect hybrid connectivity with ExpressRoute, VPN Gateway, and Virtual WAN.

• Implement routing, NSGs/ASGs, Bastion/Jumpbox, and DDoS strategies.

• Validate failover and resilience in hybrid models.

Automation & Infrastructure-as-Code

• Develop reusable Bicep (preferred) or Terraform modules for Azure infrastructure.

• Enforce governance through Azure Policy and parameterized, multi-tenant IaC.

• Integrate CI/CD using Azure DevOps and/or GitHub Actions with policy checks, approvals, and automation pipelines.

Identity & Security

• Architect solutions with Microsoft Entra ID (Azure AD), Conditional Access, PIM, RBAC, and least-privilege models.

• Integrate Defender for Cloud, Microsoft Sentinel, Key Vault, and Managed Identities.

• Embed Zero Trust principles and enforce compliance requirements.

Edge & Hybrid Enablement

• Plan and implement Azure Arc, Azure Local, and Azure Stack HCI solutions.

• Extend Azure governance, security, and policy to hybrid and edge workloads.

Device & Patching (Nice-to-Have)

• Advise on Intune and Windows Update for Business policies for Azure-hosted workloads.

• Support device compliance strategies tied to Conditional Access policies.

Resilience & Data Protection

• Define and validate backup/DR strategies using Azure Backup and Site Recovery (ASR).

• Deliver tested failover runbooks and RTO/RPO targets.

Governance & Cost Management

• Implement budgets, alerts, tagging strategies, and cost guardrails.

• Apply FinOps practices for spend optimization and reporting.

Documentation & Knowledge Transfer

• Produce HLD/LLD diagrams, runbooks, IPAM, and governance packages.

• Conduct knowledge transfer sessions and mentor engineering teams.

• Review PRs, provide architectural oversight, and ensure best practices are followed.

Required Experience:

• 10+ years of experience designing, implementing, and operating Azure infrastructure at enterprise scale.

• Strong consulting background: leading requirements workshops, architecture design, and full delivery lifecycle.

• Deep expertise in landing zones, networking (hub-and-spoke/vWAN, VPN, ExpressRoute), governance, and security.

• Proven experience with Entra ID, Conditional Access, PIM, Defender, Sentinel, Key Vault, Azure Policy.

• Skilled in Bicep (preferred) or Terraform, Git workflows, and CI/CD automation.

• Strong knowledge of resilience, DR, availability zones/sets, and ASR.

• Excellent documentation and stakeholder communication skills.

Nice to Have

• Microsoft certifications: AZ-305, AZ-104, AZ-500, SC-100.

What we offer:

• Hybrid Work: Oakville, ON, with onsite support as required.

• Professional Development: Certification sponsorship and funded training.

• Enterprise Projects: Large-scale Azure architecture and transformation programs.

• Comprehensive Benefits: Health, dental, and vision coverage.

Case Study (One-Page Response)

Scenario: A client has migrated to Microsoft 365 and struggles with managing access to sensitive data in SharePoint Online and OneDrive for Business. They require secure collaboration with both internal employees and external partners while preventing data leakage.

Your task (one page):

• Access Control: How would you use Microsoft Entra ID and Conditional Access?

• Data Protection: Which Microsoft 365 tools (Information Protection, DLP) would you use?

• Collaboration: How would you enable external sharing with governance and control?

Submission: Send your cover letter, resume, and case study to [email protected]