About the Role
Azure Landing Zone Lead/Architect
Location: Columbus, Ohio (REMOTE)
Duration: 6-12 Months
Rate: $90-100/hr
Description:
Hands-on experience deploying Azure Landing Zones using the Azure Landing Zone Accelerator (ALZ) with Terraform designing, provisioning, and iterating on custom management group hierarchies, subscription vending, and policy-as-code deployments (this is the core, non-negotiable skill).
Proven experience designing hub-and-spoke network topologies centralized connectivity subscription, hub-based egress (no direct internet from spokes), and spoke-to-hub peering for workload isolation.
Deep working knowledge of Microsoft's Cloud Adoption Framework (CAF), with the ability to design multi-tier management group structures beyond the CAF default (e.g., segmenting workloads by environment, data sensitivity classification, vendor/SaaS ownership, and decommissioning lifecycle) and translate them into deployable Terraform modules.
Strong Azure operational and administration experience subscription/resource group management, RBAC, quota and policy governance, cost control, and day-2 operations across a multi-subscription environment.
Hands-on experience with Azure Entra ID (Azure AD) and IAM conditional access, role assignments, PIM, service principals/managed identities, and federated identity for workload access.
Proficiency with Terraform state management, module design, and CI/CD pipeline integration (Azure DevOps or GitHub Actions) for repeatable, versioned landing zone deployments.
Experience with application-tier resilience patterns within a landing zone e.g., Blue/Green (LIVE/staging) subscription or resource group structures with load-balanced, zero-downtime traffic switching.
Ability to work directly with client architecture teams to translate whiteboard-level segmentation and governance decisions into a deployable Terraform-based landing zone, supporting regulated/enterprise environments.
Key Responsibilities & Skills
- Azure Landing Zone Architecture
- Terraform-based Infrastructure as Code (IaC)
- Hub-and-Spoke Network Design
- Cloud Adoption Framework (CAF) Governance
- Multi-Subscription Management & RBAC
- Azure Entra ID Identity & Access Management
- Policy-as-Code & Azure Policy Governance
- Cost Management & Optimization
- Blue/Green Deployment Patterns
- Day-2 Operations & Lifecycle Management
- Client-facing Architecture Translation
Technical Skills
- Azure / Azure Landing Zone Accelerator (ALZ)
- Terraform / IaC
- Azure DevOps / GitHub Actions (CI/CD)
- Azure CLI / PowerShell
- Azure Entra ID (Azure AD)
- Azure Networking (Hub-and-Spoke)
- Azure Policy / Azure Governance
- Azure Cost Management
- Git / Version Control
Education
Bachelor's Degree in Computer Science, Information Technology, Software Engineering, Cloud Computing, Computer Engineering. Preferred: Master's in Computer Science, Master's in Information Systems, MBA.
Industry Experience
- Enterprise Cloud Services
- Azure-based Digital Transformation
- Regulated Enterprise (Finance / Healthcare)
- IT Consulting