Cloud Architect

Role: Cloud Architect

Location: Des Moines, IA - Quarterly travel, but prefer CST or EST time zone

Top 3 skills looking for:

• Building Azure template and developer guardrails. Delivered enterprise landing zones, network/identity baselines, and automated guardrails at scale.
• Combo of DevSecOps
• CI/CD

Our client is designing and building a modern cloud platform template using Microsoft Azure to accelerate product delivery, reduce risk, and improve reliability.

You'll lead architecture for Azure landing zones, core platforms, and reference patterns-enabling product teams to ship secure, resilient solutions at speed.

The day to day will be:

• Strategy & Reference Architecture o Define and socialize Azure reference architectures aligned to CAF and Well-Architected Framework (networking, identity, data, app, SecOps).
• Translate business capabilities into cloud services & patterns (APIs, events, data, containers, serverless).
• Landing Zones & Governance o Design/iterate Enterprise-Scale Landing Zones (hierarchy, subscriptions, policy, RBAC, PIM, tagging, budgets).
• Implement policy-as-code (Azure Policy), guardrails, blueprints, and automated compliance baselines (HIPAA/HITRUST/SOC2 as relevant).
• Platform Engineering & DevSecOps
• Partner with Platform/Engineering to deliver golden paths and reusable modules (Terraform/Bicep, GitHub Actions/Azure DevOps).
• Enable multi-stage CI/CD, secrets via Key Vault, artifacts via ACR, and environment promotion with approvals.
• Application & Integration Architecture
• Guide product teams on AKS, App Service, Functions, Logic Apps, APIM, Event Grid/Event Hubs/Service Bus, Front Door/App Gateway/WAF.
• Establish API/event standards, versioning, and schema governance; promote event-driven and zero-trust patterns.
• Data & Analytics
• Advise on Databricks, Synapse/Microsoft Fabric, Data Factory, Purview (catalog/lineage), Cosmos DB, SQL MI, and secure data zones.
• Security, Resiliency & Observability
• Embed Defender for Cloud, Sentinel, Conditional Access, private endpoints/Private Link, and network isolation patterns.
• Design for HA/DR (Availability Zones, paired regions, ASR/Backup, RTO/RPO); mature Azure Monitor/Log Analytics/App Insights dashboards and SLOs.
• FinOps & Performance
• Implement tagging/chargeback, rightsizing, reservation planning, autoscale & performance testing; drive unit economics and cost KPIs.
• SAFe Enablement & Coaching
• Provide runway views before PI Planning; decompose enabler epics/features; mentor architects/engineers; run architecture clinics/guilds.

What you've done

• 10+ years in architecture/engineering with 6+ years hands-on Azure in large enterprises.
• Delivered enterprise landing zones, network/identity baselines, and automated guardrails at scale.
• Production experience with AKS (or App Service), APIM, Functions/Logic Apps, Event Grid/Hubs/Service Bus, Key Vault, Front Door/App Gateway/WAF, Cosmos/SQL, Storage, private networking.
• Built secure CI/CD with Terraform/Bicep, GitHub Actions or Azure DevOps, and policy gates; strong IaC code review discipline.
• Proven security & compliance grounding (Zero Trust, MFA/PIM/CAP, Defender, Sentinel; HIPAA/HITRUST/SOC2/PCI as applicable).
• Designed for resiliency (zones/regions), performance, and cost; fluent with WAF pillars.
• Comfortable operating in SAFe and a product operating model; coaching teams and influencing execs.
• Enterprise landing zones live with automated guardrails; 90% resource deployments via IaC.
• Reference architectures & golden paths adopted by 70% of product teams.
• Mean time to first deploy on new products down 30%; critical incidents tied to cloud misconfigurations reduced 50%.
• Cost per tenant/workload visibility with monthly variance 10% vs budget; top 5 cost drivers optimized.

Responsibilities (day to day)

• Microsoft certifications (e.g., AZ-305, AZ-400, AZ-500, DP-203, SC-100).
• Containers/mesh (e.g., AKS, Dapr, service mesh), API design at scale, event modeling.
• Regulated industry experience (healthcare/finance).
• Observability expertise (OpenTelemetry, SLO error budgets).
• BizzDesign experience.
• Author ADRs and solution blueprints; run design reviews and threat modeling.
• Pair with engineers to codify patterns as reusable modules/templates.
• Create executive and engineering views (runway, dependencies, risks, trade-offs).
• Partner with Security/Networking/Data to standardize interfaces and controls.
• Track and report platform KPIs (reliability, performance, cost, risk).