Back to jobs

Azure Infrastructure Architect

Spektra Systems
Remote Remote - Unknown
$90k - $140k (est.) -25% vs avg
Posted Apr 26, 2026
Apply on himalayas

Leaving for himalayas in 10s

About This Role

<h3>This is a remote position.</h3><div>Location: Currently remote; may transition to onsite in the future<div><b>About the Role :</b> We're looking for a hands-on Senior Azure Infrastructure Architect to lead enterprise cloud architecture and infrastructure delivery. You'll design and implement secure, production-grade Azure environments following Azure Landing Zone patterns, Zero Trust security principles, and Infrastructure as Code best practices. <div>This role requires deep expertise in Azure networking, security architecture, and IaC automation. We need someone who can whiteboard a hub-spoke topology and then build it hands-on.<div><b>Key Responsibilities:</b><div><div><b>Architecture & Design</b><ul><li>Design enterprise Azure Landing Zone architectures following Microsoft Cloud Adoption Framework (CAF)</li><li>Architect Hub-Spoke network topologies with proper IP addressing, subnetting, and VNet peering strategies</li><li>Design Zero Trust security models with defense-in-depth layering</li><li>Create multi-region, high-availability architectures with geo-replication and disaster recovery</li><li>Conduct infrastructure assessments and develop optimization strategies</li><li>Design cost-efficient architectures balancing security, performance, and budget</li></ul><div><b>Security Architecture</b><ul><li>Implement NSG-only or Azure Firewall-based security models with deny-by-default rules</li><li>Design Private Endpoint strategies for PaaS services (SQL, Storage, Key Vault, App Service)</li><li>Configure Microsoft Defender for Cloud across workload types (App Service, SQL, Storage, Key Vault, ARM)</li><li>Implement Azure Front Door Premium with WAF (OWASP 3.2, Bot Manager, geo-filtering, rate limiting)</li><li>Design identity solutions with Entra ID, Managed Identities, and RBAC least-privilege access</li><li>Configure Private DNS Zones and VNet links for private name resolution</li></ul><div><b>Hands-on Implementation (Infrastructure as Code)</b><ul><li>Develop and maintain Bicep/Terraform modules for reusable infrastructure patterns</li><li>Build modular IaC for: VNets, NSGs, Private Endpoints, Key Vaults, SQL Servers, App Services, Front Door, Storage Accounts</li><li>Implement configuration-driven deployments using centralized config files (config.json patterns)</li><li>Create PowerShell/Azure CLI deployment scripts with proper error handling and verification</li><li>Build phased deployment strategies with verification checkpoints</li><li>Implement diagnostic settings and Log Analytics integration across all resources</li></ul><div><b>Compute & Data Platform</b><ul><li>Deploy Azure App Service with VNet Integration, Private Link, and System-Assigned Managed Identity</li><li>Configure Azure SQL Hyper-scale with geo-replication, Private Endpoints, and Azure AD-only authentication</li><li>Implement Azure Storage with Private Endpoints (Blob, Queue, Table) and proper RBAC</li><li>Configure Application Insights and Log Analytics for observability</li><li>Deploy Azure Virtual Desktop (AVD) with Entra ID Join and automation run-books</li></ul><div><b>Customer Engagement & Delivery</b><ul><li>Lead technical architecture discussions with customer IT leadership</li><li>Own end-to-end project delivery from discovery through production deployment</li><li>Conduct infrastructure design reviews and security assessments</li><li>Create architecture documentation and operational runbooks</li><li>Manage customer expectations and project timelines</li></ul><br><h3>Requirements</h3><div><b>Azure Networking & Security (Core Focus)</b><ul><li>Hub-Spoke VNet topology design and implementation</li><li>NSG rules with Service Tags and deny-by-default patterns</li><li>Private Endpoints for all Azure PaaS services</li><li>Azure Front Door Premium with WAF configuration</li><li>VNet Peering (regional and cross-region)</li><li>Azure Private DNS Zones and VNet links</li><li>Zero Trust architecture principles and implementation</li></ul><div><b>Identity & Access Management</b><ul><li>Entra ID (Azure AD) for cloud identity</li><li>System-Assigned and User-Assigned Managed Identities</li><li>Azure RBAC with least-privilege role assignments</li><li>Key Vault with RBAC access model (not legacy access policies)</li><li>Conditional Access and MFA strategies</li></ul><div><b>Infrastructure as Code (Hands-on Required)</b><ul><li>Bicep (primary) or Terraform for Azure IaC</li><li>Modular IaC patterns with reusable modules</li><li>PowerShell scripting for deployment automation</li><li>Azure CLI for resource management and verification</li><li>Configuration-driven deployments (parameterized templates)</li><li>CI/CD pipelines for infrastructure (Azure DevOps, GitHub Actions)</li></ul><div><b>Security & Governance</b><ul><li>Microsoft Defender for Cloud (CSPM + workload protection plans)</li><li>Security architecture (defense-in-depth, threat modeling)</li><li>Regulatory compliance frameworks (ISO 27001, SOC 2, GDPR)</li><li>Azure Policy for governance and compliance enforcement</li><li>NSG Flow Logs and Log Analytics for security monitoring</li></ul><div><b>Compute & Data Platforms</b><ul><li>Azure App Service (Web Apps, VNet Integration, Private Link)</li><li>Azure SQL (Hyperscale, geo-replication, Private Endpoints)</li><li>Azure Storage (Blob, Queue, Table, Private Endpoints, RBAC)</li><li>Azure Virtual Desktop (Pooled, Entra ID Join, automation)</li><li>Application Insights and Log Analytics</li></ul><div><b>Experience</b><ul><li>5+ years hands-on Azure infrastructure experience</li><li>Proven track record with enterprise customers (US/EMEA)</li><li>Multi-region Azure deployments with DR/HA requirements</li><li>Azure Landing Zone implementations (greenfield or brownfield)</li><li>Security-focused architecture design and implementation</li><li>Cost optimization and FinOps experience</li><li>Team leadership or mentoring experience</li></ul><div><b>Desired Qualifications : Certifications (Preferred)</b><ul><li>Microsoft Certified: Azure Solutions Architect Expert</li><li>Microsoft Certified: Azure Administrator Associate</li><li>Microsoft Certified: Azure Security Engineer Associate</li><li>Azure Network Engineer Associate</li><li>HashiCorp Terraform Associate (if Terraform-focused)</li></ul><div><div><b>What We're Looking For</b><div>A hands-on architect who understands that architecture diagrams must translate to working infrastructure. You should be comfortable switching between whiteboard design sessions and terminal-based IaC deployments. <b>We value:</b><ul><li>Security-first mindset: Every design decision considers Zero Trust principles</li><li>IaC discipline: Infrastructure exists as code, not click-ops</li><li>Verification rigor: You validate deployments, not assume success</li><li>Documentation: Architecture decisions and operational knowledge are captured</li><li>Practical problem-solving: You find solutions within budget and timeline constraints</li><li>Continuous learning: Azure evolves rapidly; so should you</li></ul><div><b>About <a href="https://himalayas.app/companies/spektra-systems">Spektra Systems</a></b><div><a href="https://himalayas.app/companies/spektra-systems">Spektra Systems</a> is a cloud solutions and infrastructure specialist delivering enterprise transformation across Microsoft Azure, AWS, and modern workplace technologies. We partner with global enterprises on their digital transformation journeys.<div><b>Why Join <a href="https://himalayas.app/companies/spektra-systems">Spektra Systems</a>?</b><ul><li>Work on cutting-edge technologies with global enterprise customers</li><li>Opportunity to work with emerging technologies like AI, ML, and Agentic AI</li><li>Remote-first culture with flexibility and work-life balance</li><li>Continuous learning and certification support</li><li>Collaborative environment with focus on innovation</li><li>Career growth opportunities in a rapidly expanding organization</li><li>Competitive compensation with performance-based incentives</li></ul><div>If you're ready to take your career to the next level and make a real impact on customers' digital transformation journeys, we'd love to hear from you!<br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><p>Originally posted on <a href="https://himalayas.app">Himalayas</a></p>

This is a remote position.

Location: Currently remote; may transition to onsite in the future
About the Role : We're looking for a hands-on Senior Azure Infrastructure Architect to lead enterprise cloud architecture and infrastructure delivery. You'll design and implement secure, production-grade Azure environments following Azure Landing Zone patterns, Zero Trust security principles, and Infrastructure as Code best practices.
This role requires deep expertise in Azure networking, security architecture, and IaC automation. You'll own end-to-end infrastructure delivery—from architecture design through Bicep/Terraform implementation—for global enterprise customers. We need someone who can whiteboard a hub-spoke topology and then build it hands-on.
Key Responsibilities:
Architecture & Design
  • Design enterprise Azure Landing Zone architectures following Microsoft Cloud Adoption Framework (CAF)
  • Architect Hub-Spoke network topologies with proper IP addressing, subnetting, and VNet peering strategies
  • Design Zero Trust security models with defense-in-depth layering
  • Create multi-region, high-availability architectures with geo-replication and disaster recovery
  • Conduct infrastructure assessments and develop optimization strategies
  • Design cost-efficient architectures balancing security, performance, and budget
Security Architecture
  • Implement NSG-only or Azure Firewall-based security models with deny-by-default rules
  • Design Private Endpoint strategies for PaaS services (SQL, Storage, Key Vault, App Service)
  • Configure Microsoft Defender for Cloud across workload types (App Service, SQL, Storage, Key Vault, ARM)
  • Implement Azure Front Door Premium with WAF (OWASP 3.2, Bot Manager, geo-filtering, rate limiting)
  • Design identity solutions with Entra ID, Managed Identities, and RBAC least-privilege access
  • Configure Private DNS Zones and VNet links for private name resolution
Hands-on Implementation (Infrastructure as Code)
  • Develop and maintain Bicep/Terraform modules for reusable infrastructure patterns
  • Build modular IaC for: VNets, NSGs, Private Endpoints, Key Vaults, SQL Servers, App Services, Front Door, Storage Accounts
  • Implement configuration-driven deployments using centralized config files (config.json patterns)
  • Create PowerShell/Azure CLI deployment scripts with proper error handling and verification
  • Build phased deployment strategies with verification checkpoints
  • Implement diagnostic settings and Log Analytics integration across all resources
Compute & Data Platform
  • Deploy Azure App Service with VNet Integration, Private Link, and System-Assigned Managed Identity
  • Configure Azure SQL Hyper-scale with geo-replication, Private Endpoints, and Azure AD-only authentication
  • Implement Azure Storage with Private Endpoints (Blob, Queue, Table) and proper RBAC
  • Configure Application Insights and Log Analytics for observability
  • Deploy Azure Virtual Desktop (AVD) with Entra ID Join and automation run-books
Customer Engagement & Delivery
  • Lead technical architecture discussions with customer IT leadership
  • Own end-to-end project delivery from discovery through production deployment
  • Conduct infrastructure design reviews and security assessments
  • Create architecture documentation and operational runbooks
  • Manage customer expectations and project timelines

Requirements

Azure Networking & Security (Core Focus)
  • Hub-Spoke VNet topology design and implementation
  • NSG rules with Service Tags and deny-by-default patterns
  • Private Endpoints for all Azure PaaS services
  • Azure Front Door Premium with WAF configuration
  • VNet Peering (regional and cross-region)
  • Azure Private DNS Zones and VNet links
  • Zero Trust architecture principles and implementation
Identity & Access Management
  • Entra ID (Azure AD) for cloud identity
  • System-Assigned and User-Assigned Managed Identities
  • Azure RBAC with least-privilege role assignments
  • Key Vault with RBAC access model (not legacy access policies)
  • Conditional Access and MFA strategies
Infrastructure as Code (Hands-on Required)
  • Bicep (primary) or Terraform for Azure IaC
  • Modular IaC patterns with reusable modules
  • PowerShell scripting for deployment automation
  • Azure CLI for resource management and verification
  • Configuration-driven deployments (parameterized templates)
  • CI/CD pipelines for infrastructure (Azure DevOps, GitHub Actions)
Security & Governance
  • Microsoft Defender for Cloud (CSPM + workload protection plans)
  • Security architecture (defense-in-depth, threat modeling)
  • Regulatory compliance frameworks (ISO 27001, SOC 2, GDPR)
  • Azure Policy for governance and compliance enforcement
  • NSG Flow Logs and Log Analytics for security monitoring
Compute & Data Platforms
  • Azure App Service (Web Apps, VNet Integration, Private Link)
  • Azure SQL (Hyperscale, geo-replication, Private Endpoints)
  • Azure Storage (Blob, Queue, Table, Private Endpoints, RBAC)
  • Azure Virtual Desktop (Pooled, Entra ID Join, automation)
  • Application Insights and Log Analytics
Experience
  • 5+ years hands-on Azure infrastructure experience
  • Proven track record with enterprise customers (US/EMEA)
  • Multi-region Azure deployments with DR/HA requirements
  • Azure Landing Zone implementations (greenfield or brownfield)
  • Security-focused architecture design and implementation
  • Cost optimization and FinOps experience
  • Team leadership or mentoring experience
Desired Qualifications : Certifications (Preferred)
  • Microsoft Certified: Azure Solutions Architect Expert
  • Microsoft Certified: Azure Administrator Associate
  • Microsoft Certified: Azure Security Engineer Associate
  • Azure Network Engineer Associate
  • HashiCorp Terraform Associate (if Terraform-focused)
What We're Looking For
A hands-on architect who understands that architecture diagrams must translate to working infrastructure. You should be comfortable switching between whiteboard design sessions and terminal-based IaC deployments. We value:
  • Security-first mindset: Every design decision considers Zero Trust principles
  • IaC discipline: Infrastructure exists as code, not click-ops
  • Verification rigor: You validate deployments, not assume success
  • Documentation: Architecture decisions and operational knowledge are captured
  • Practical problem-solving: You find solutions within budget and timeline constraints
  • Continuous learning: Azure evolves rapidly; so should you
About Spektra Systems
Spektra Systems is a cloud solutions and infrastructure specialist delivering enterprise transformation across Microsoft Azure, AWS, and modern workplace technologies. We partner with global enterprises on their digital transformation journeys.
Why Join Spektra Systems?
  • Work on cutting-edge technologies with global enterprise customers
  • Opportunity to work with emerging technologies like AI, ML, and Agentic AI
  • Remote-first culture with flexibility and work-life balance
  • Continuous learning and certification support
  • Collaborative environment with focus on innovation
  • Career growth opportunities in a rapidly expanding organization
  • Competitive compensation with performance-based incentives
If you're ready to take your career to the next level and make a real impact on customers' digital transformation journeys, we'd love to hear from you!

Originally posted on Himalayas

Source: https://himalayas.app/companies/spektra-systems/jobs/azure-i...