Azure Landing Zone Lead needed for Hexion – Remote
Duration:12+ months
Rate: DOE
Team: We have an urgent need to identify an Azure Landing Zone Architect who can help build a landing zone.
The client has shared they are behind schedule, and while they want to build the landing zone correctly, they need to start with a minimum landing zone and iterate and harden (even as they will be onboarding workload from various teams), so they really need a good combination of hands-on architect/Engineer and thought leadership.
Azure Landing Zone Lead/Architect
· Hands-on experience deploying Azure Landing Zones using the Azure Landing Zone Accelerator (ALZ) with Terraform — designing, provisioning, and iterating on custom management group hierarchies, subscription vending, and policy-as-code deployments (this is the core, non-negotiable skill).
· Proven experience designing hub-and-spoke network topologies — centralized connectivity subscription, hub-based egress (no direct internet from spokes), and spoke-to-hub peering for workload isolation.
· Deep working knowledge of Microsoft''s Cloud Adoption Framework (CAF), with the ability to design multi-tier management group structures beyond the CAF default (e.g., segmenting workloads by environment, data sensitivity classification, vendor/SaaS ownership, and decommissioning lifecycle) and translate them into deployable Terraform modules.
· Strong Azure operational and administration experience — subscription/resource group management, RBAC, quota and policy governance, cost control, and day-2 operations across a multi-subscription environment.
· Hands-on experience with Azure Entra ID (Azure AD) and IAM — conditional access, role assignments, PIM, service principals/managed identities, and federated identity for workload access.
· Proficiency with Terraform state management, module design, and CI/CD pipeline integration (Azure DevOps or GitHub Actions) for repeatable, versioned landing zone deployments.
· Experience with application-tier resilience patterns within a landing zone — e.g., Blue/Green (LIVE/staging) subscription or resource group structures with load-balanced, zero-downtime traffic switching.
· Ability to work directly with client architecture teams to translate whiteboard-level segmentation and governance decisions into a deployable Terraform-based landing zone, supporting regulated/enterprise environments.