Job Openings
Azure Landing Zone Lead
About the job Azure Landing Zone Lead
Azure Landing Zone Lead/Architect
- Hands-on experience deploying Azure Landing Zones using the Azure Landing Zone Accelerator (ALZ) with Terraform — designing, provisioning, and iterating on custom management group hierarchies, subscription vending, and policy-as-code deployments (this is the core, non-negotiable skill).
- Proven experience designing hub-and-spoke network topologies — centralized connectivity subscription, hub-based egress (no direct internet from spokes), and spoke-to-hub peering for workload isolation.
- Deep working knowledge of Microsoft's Cloud Adoption Framework (CAF), with the ability to design multi-tier management group structures beyond the CAF default (e.g., segmenting workloads by environment, data sensitivity classification, vendor/SaaS ownership, and decommissioning lifecycle) and translate them into deployable Terraform modules.
- Strong Azure operational and administration experience — subscription/resource group management, RBAC, quota and policy governance, cost control, and day-2 operations across a multi-subscription environment.
- Hands-on experience with Azure Entra ID (Azure AD) and IAM — conditional access, role assignments, PIM, service principals/managed identities, and federated identity for workload access.
- Proficiency with Terraform state management, module design, and CI/CD pipeline integration (Azure DevOps or GitHub Actions) for repeatable, versioned landing zone deployments.
- Experience with application-tier resilience patterns within a landing zone — e.g., Blue/Green (LIVE/staging) subscription or resource group structures with load-balanced, zero-downtime traffic switching.
- Ability to work directly with client architecture teams to translate whiteboard-level segmentation and governance decisions into a deployable Terraform-based landing zone, supporting regulated/enterprise environments.