Where do we meet you in your career journey?
Azure Cloud Architect
HSO is seeking an Azure Cloud Architect to lead solution design and drive hands-on delivery of complex Microsoft Azure engagements for our clients. This role owns the architecture from discovery through implementation—spanning landing zones, migrations, identity & security, IaC, and cloud governance—while staying grounded in the platform and working directly alongside engineers and clients. A key part of the role is leading large-scale migrations and deployments, mentoring delivery teams, and building reusable assets. As an Azure Cloud Architect, you can expect to… Azure Architecture & Platform Engineering Architect enterprise-scale Azure Landing Zones aligned to CAF and Well-Architected principles: management groups, subscriptions, Azure Policy, RBAC, and platform automation. Define compute and PaaS patterns: VM/VMSS sizing, AKS, App Service/Functions, and Container Registry as appropriate. Architect Azure Virtual Desktop solutions: host pool design, FSLogix profile strategy on Azure Files or Azure NetApp Files, Scaling Plans, and AVD Insights monitoring. Lead design sessions, produce Architecture Decision Records (ADRs), and validate approaches through hands-on proof-of-concept builds. Azure Migration Lead cloud migration programs across a range of scenarios: on-premises-to-Azure, cloud-to-cloud (e.g., AWS to Azure), and application modernization and refactoring efforts. Drive discovery and assessment: dependency mapping, workload inventory, rehost/replatform/refactor recommendations, and wave planning. Manage cutover execution and hypercare: tooling selection, replication monitoring, test migrations, rollback procedures, and stakeholder communication throughout. Identity & Security Architect Zero Trust models with Microsoft Entra ID: Conditional Access, PIM role patterns, hybrid identity (Entra Connect/Cloud Sync), and app registration governance. Define security blueprints: Azure Policy, Defender for Cloud, Microsoft Sentinel, Defender XDR integrations, and Key Vault design. Map controls to compliance frameworks (ISO 27001, SOC 2, HIPAA, PCI-DSS as applicable) and drive Secure Score improvements. Automation, IaC & CI/CD Build modular IaC frameworks in Terraform and/or Bicep: reusable landing zone modules, policy-as-code, and coding standards for delivery teams. Design CI/CD pipelines in Azure DevOps and/or GitHub Actions: environment gates, drift detection, and pre-deployment compliance checks. Author automation in PowerShell, Azure CLI, and Python: bootstrap scripts, governance tooling, and operational runbooks. Observability, Resilience & FinOps Design observability platforms: Log Analytics workspace architecture, Azure Monitor, Workbook/dashboard frameworks, and alerting. Architect BCDR solutions with Azure Backup, Site Recovery, and cross-region topologies; validate against RTO/RPO targets. Lead FinOps efforts: tagging standards, Cost Management reporting, reservation/Savings Plans strategy, and optimization roadmaps. Consulting & Client Engagement Lead discovery workshops, design sessions, and Well-Architected Reviews; present architecture options with clear trade-offs to technical and business stakeholders. Stay hands-on throughout delivery: validate designs through working code and demonstrate patterns directly alongside client teams. Mentor delivery engineers through design reviews, pairing on complex problems, and code reviews. Architect enterprise-scale Azure Landing Zones aligned to CAF and Well-Architected principles: management groups, subscriptions, Azure Policy, RBAC, and platform automation. Design network topologies (hub-and-spoke or Virtual WAN): Azure Firewall, Application Gateway/WAF, Private Link, ExpressRoute/VPN, and DDoS Protection. Contribute to pre-sales: solution scoping, proposal authoring, SOW definition, and engagement estimates. You’re great at… Architecting enterprise-scale Azure Landing Zones aligned to Cloud Adoption Framework and Well-Architected principles. Leading cloud migration programs across various scenarios, including discovery and assessment. Defining security blueprints and architecting Zero Trust models with Microsoft Entra ID and Defender for Cloud. Building modular Infrastructure as Code frameworks (Terraform/Bicep) and designing CI/CD pipelines. Leading FinOps efforts, designing observability platforms, and architecting robust business continuity solutions. Packaging, deploying, and maintaining applications using Intune Managing escalated technical issues while remaining calm, professional, and client-focused Learning new technologies quickly and applying them in real-world scenarios Providing technical thought leadership in Modern Workplace, system integration, and automation Communicating complex technical concepts clearly to non-technical stakeholders Working independently while owning deliverables and collaborating effectively with team members Promoting the mission and shared values of the company Sound interesting? If so, you’ll have… 8+ years of hands-on experience architecting and delivering Azure solutions across networking, compute, storage, identity, and security. Proven experience leading Azure migration programs—on-premises, cloud-to-cloud, or application modernization—including assessment, wave planning, cutover, and stabilization. Proven delivery of enterprise Azure Landing Zones: management group design, Azure Policy, RBAC frameworks, and platform automation. Solid IaC experience in Terraform and/or Bicep with Azure DevOps or GitHub Actions CI/CD pipelines. Strong Azure networking fundamentals: hub-and-spoke or Virtual WAN, Azure Firewall, Application Gateway/WAF, Private Link, and ExpressRoute/VPN. Microsoft Entra ID experience: Conditional Access, PIM, hybrid identity, and Zero Trust concepts. Familiarity with Azure security services: Defender for Cloud, Microsoft Sentinel, Key Vault, and compliance frameworks. AVD experience: host pool design, FSLogix profiles, Scaling Plans, and monitoring. Proficiency in PowerShell and Azure CLI; Python is a plus. Strong analytical, problem-solving, and troubleshooting skills Excellent written, verbal, and presentation skills Strong client-facing skills, empathy, and the ability to guide clients through complex technical challenges Ability to work independently, take ownership, and translate goals into actionable outcomes Preferred qualifications include: Experience with tenant-to-tenant Microsoft 365 migrations: Exchange Online, SharePoint/OneDrive, Teams, and Entra ID coexistence and cutover. Microsoft 365 platform: Intune, Exchange Online, SharePoint/OneDrive, Teams, and Purview. Copilot readiness/governance, Copilot Studio development, and Microsoft Foundry experience. AKS/Kubernetes and cloud data platform experience (SQL MI, Cosmos DB, Synapse Analytics, or Fabric). Pre-sales and consulting delivery: scoping workshops, SOW authoring, and client relationship management. Microsoft Certified: Azure Solutions Architect Expert (AZ-305) Microsoft Certified: Azure Administrator Associate (AZ-104) Microsoft Certified: Azure Security Engineer Associate (AZ-500) or Cybersecurity Architect Expert (SC-100) Microsoft Certified: DevOps Engineer Expert (AZ-400) Microsoft Certified: Azure Network Engineer Associate (AZ-700) Microsoft 365 Certified (e.g., Enterprise Administrator Expert) The Perks We offer competitive pay and a comprehensive benefits package designed to support your health, flexibility, and long-term success. Benefits include generous paid time off, medical, dental and vision coverage, flexible spending accounts, a health reimbursement account, and a 401(k) plan with company match. You’ll also work alongside collaborative, driven teammates in a dynamic and growing professional services environment. HSO is an Equal Opportunity Employer.
