Sr. Azure Solutions Architect

Title- Sr. Azure Solutions Architect
Location- Dallas, TX- Onsite
Type- Contract

Mode of Interview- F2F

Job Description-

Role Summary
AgreeYa Solutions is hiring a permanent Senior Azure Solutions Architect to anchor our growing Azure practice. This is a high-impact, client-facing role that spans the full engagement lifecycle from structured cloud readiness assessments and gap analysis through hands-on architecture design and implementation delivery.
The successful candidate will lead our Azure infrastructure engagements across multiple client accounts, beginning with a structured cloud readiness assessment and transitioning into ongoing architecture and delivery responsibilities as the practice grows. This role requires equal comfort operating as a trusted advisor, assessment lead, and delivery architect adapting to the engagement phase and client context.

Responsibilities
1. Cloud Readiness Assessment & Advisory
Lead structured, evidence-based Azure cloud assessments aligned to Microsoft Cloud Adoption Framework (CAF) and Security-first SDLC principles:
Conduct current-state Azure tenant reviews across all platform domains: tenant topology, management group hierarchy, subscription structure, RBAC model, and policy framework.
Assess identity and access configurations including Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, and GitHub/Azure DevOps RBAC.
Evaluate security posture using Microsoft Defender for Cloud, Zero Trust alignment, vulnerability management, and network exposure analysis (NSGs, firewall rules, public vs. private endpoints).
Perform regulatory compliance gap assessments against NYDFS Part 500, SOC2 Trust Services Criteria, and other applicable frameworks, producing risk-rated gap registers.
Review IaC and CI/CD maturity including Terraform state management, drift detection, pipeline health (Azure DevOps / GitHub Actions), and non-prod to prod promotion workflows.
Assess monitoring and observability stacks: Azure Monitor, Log Analytics, Application Insights, alert coverage, ITSM integration, and MTTD/MTTR benchmarking.
Evaluate backup and DR configurations, RTO/RPO alignment, recovery runbook completeness, and business continuity readiness.
Review FinOps maturity: cost governance, resource tagging, reserved instance utilization, and savings plan coverage.
Produce executive-ready deliverables: current state reports, gap registers, remediation roadmaps, Target Operating Models (TOM), and C-level presentation decks.
Define objective go-live entry criteria and identify critical blockers that materially increase breach, outage, or compliance exposure.

2. Azure Platform & Infrastructure Architecture
Design and govern Azure platform environments for client workloads with a Terraform-first, pipeline-driven approach:
Define and maintain reference architectures across all stack layers: identity (Entra ID / Auth0 / Okta CIC), application (App Service / AKS), PaaS (Key Vault, Front Door / WAF, API Management), networking, data, storage, and monitoring.
Architect isolated, per-environment landing zones (QA, Stage, Prod) including VNets, subnets, NSGs, Private Endpoints, and firewall rules enforcing least privilege and environment segmentation.
Lead the design of Terraform IaC modules and environment promotion patterns (QA Stage Prod), including remote state management, state isolation, and change control governance.
Partner with DevOps engineers to design Azure DevOps multi-stage YAML pipelines for infrastructure and application deployments, including approval gates, rollback strategies, and release tagging.
Architect highly available, secure, scalable, and cost-optimized solutions incorporating backup, disaster recovery, and business continuity strategies.
Define cloud security standards: network segmentation, Zero Trust architecture, WAF and DDoS protection, encryption, and key management.
Set observability standards: App Insights/Log Analytics workspaces, KQL-based alerting, dashboards, Sentinel workbooks, and WAF policy-as-code.
Translate business, compliance, and regulatory requirements (including NYDFS MFA and security mandates) into concrete Azure architecture decisions and technical guardrails.

3. Client Engagement & Delivery Leadership
Operate as a trusted technical advisor and delivery lead across client engagements:
Serve as the primary Azure technical point of contact for clients, including C-suite and senior technical stakeholders.
Lead architecture reviews, technical workshops, and go/no-go decision sessions with structured evidence and documentation.
Translate business and compliance requirements into actionable architecture decisions and phased remediation roadmaps.
Provide Level 2 architectural support during critical delivery windows including rollouts, environment rebuilds, production cutovers, and hypercare periods.
Document architecture decisions, diagrams, runbooks, and ensure these are reflected in implementation and quality gates.
Mentor and guide junior engineers and offshore team members, providing technical direction and code/configuration review.
Support structured MSP onboarding activities including RACI definition, responsibility demarcation, and takeover domain identification.

Required Qualifications
8+ years of hands-on experience designing and implementing solutions on Microsoft Azure, with at least 5 years in an architect or technical lead capacity.
Deep expertise across core Azure services including:
Compute: Azure Web Apps, App Service, Azure Kubernetes Service (AKS), Azure Functions
Networking: VNets, NSGs, Private Endpoints, Azure Front Door, WAF, VPN/ExpressRoute
Integration & API: Azure API Management, Service Bus, Event Grid
Data & Storage: Azure SQL, Cosmos DB, Storage Accounts (Blob, Queue, Table)
Security: Key Vault, Microsoft Defender for Cloud, Sentinel, Azure Policy
Identity: Entra ID (Azure AD), PIM, Conditional Access
Observability: Azure Monitor, Log Analytics, Application Insights, KQL
Proven experience architecting and governing Terraform-based infrastructure in Azure, including module design, remote state backends, environment isolation, and promotion workflows.
Strong background with Azure DevOps (Repos, Pipelines, Artifact Feeds) and CI/CD patterns for both application and infrastructure, including multi-stage YAML and environment approvals.
Demonstrated experience conducting structured cloud assessments, gap analyses, and producing risk-rated findings and remediation roadmaps aligned to frameworks such as Microsoft CAF, CIS, or NIST.
Solid understanding of identity and access management including Entra ID, OAuth/OIDC flows, MFA enforcement, RBAC, and CIAM solutions (Auth0 / Okta CIC).
Working knowledge of regulatory and compliance frameworks applicable to cloud environments, particularly NYDFS Part 500 and SOC2 Trust Services Criteria.
Strong knowledge of cloud security best practices: Zero Trust, network segmentation, WAF and DDoS, encryption, key management, and vulnerability management.
Experience defining monitoring, alerting, and observability strategies using Azure Monitor, Log Analytics, Application Insights, and SIEM tools such as Sentinel.
Excellent communication and documentation skills, with proven ability to produce executive-level presentations, architecture decision records, and go/no-go assessment reports.

Preferred Qualifications
Familiarity with FinOps practices including cost governance, resource tagging strategy, reserved instance analysis, and Azure cost management tooling.
Experience with ITSM integration and tooling including ServiceNow workflows (incident, change, problem management) in cloud-managed services contexts.
Knowledge of additional monitoring platforms such as ScienceLogic or similar enterprise observability tools.
Experience with database migration strategies and tools (Flyway, Liquibase) integrated into CI/CD for Azure SQL or Cosmos DB.
Background working in regulated or audit-focused industries (financial services, healthcare, insurance) with knowledge of evidence requirements for MFA enforcement, penetration testing, and environment parity.
Experience designing and reviewing Target Operating Models (TOM) for Managed Services onboarding and MSP readiness assessments.
Relevant certifications: Azure Solutions Architect Expert, Azure Administrator Associate, Azure DevOps Engineer Expert, or Security Engineer Associate.
Familiarity with Microsoft Cloud Adoption Framework (CAF) landing zone patterns and Well-Architected Framework review methodology.