Cloud Architect
Share
Job Location:
Des Moines, IA - USA
Monthly Salary:
Not Disclosed
Posted on:
30+ days ago
Vacancies:
1 Vacancy
Job Summary
Role: Cloud Architect
Location: Des Moines IA - Quarterly travel but prefer CST or EST time zone
Top 3 skills looking for:
- Building Azure template and developer guardrails. Delivered enterprise landing zones network/identity baselines and automated guardrails at scale.
- Combo of DevSecOps
- CI/CD
Our client is designing and building a modern cloud platform template using Microsoft Azure to accelerate product delivery reduce risk and improve reliability.
Youll lead architecture for Azure landing zones core platforms and reference patterns-enabling product teams to ship secure resilient solutions at speed.
The day to day will be:
- Strategy & Reference Architecture o Define and socialize Azure reference architectures aligned to CAF and Well-Architected Framework (networking identity data app SecOps).
- Translate business capabilities into cloud services & patterns (APIs events data containers serverless).
- Landing Zones & Governance o Design/iterate Enterprise-Scale Landing Zones (hierarchy subscriptions policy RBAC PIM tagging budgets).
- Implement policy-as-code (Azure Policy) guardrails blueprints and automated compliance baselines (HIPAA/HITRUST/SOC2 as relevant).
- Platform Engineering & DevSecOps
- Partner with Platform/Engineering to deliver golden paths and reusable modules (Terraform/Bicep GitHub Actions/Azure DevOps).
- Enable multi-stage CI/CD secrets via Key Vault artifacts via ACR and environment promotion with approvals.
- Application & Integration Architecture
- Guide product teams on AKS App Service Functions Logic Apps APIM Event Grid/Event Hubs/Service Bus Front Door/App Gateway/WAF.
- Establish API/event standards versioning and schema governance; promote event-driven and zero-trust patterns.
- Data & Analytics
- Advise on Databricks Synapse/Microsoft Fabric Data Factory Purview (catalog/lineage) Cosmos DB SQL MI and secure data zones.
- Security Resiliency & Observability
- Embed Defender for Cloud Sentinel Conditional Access private endpoints/Private Link and network isolation patterns.
- Design for HA/DR (Availability Zones paired regions ASR/Backup RTO/RPO); mature Azure Monitor/Log Analytics/App Insights dashboards and SLOs.
- FinOps & Performance
- Implement tagging/chargeback rightsizing reservation planning autoscale & performance testing; drive unit economics and cost KPIs.
- SAFe Enablement & Coaching
- Provide runway views before PI Planning; decompose enabler epics/features; mentor architects/engineers; run architecture clinics/guilds.
What youve done
- 10 years in architecture/engineering with 6 years hands-on Azure in large enterprises.
- Delivered enterprise landing zones network/identity baselines and automated guardrails at scale.
- Production experience with AKS (or App Service) APIM Functions/Logic Apps Event Grid/Hubs/Service Bus Key Vault Front Door/App Gateway/WAF Cosmos/SQL Storage private networking.
- Built secure CI/CD with Terraform/Bicep GitHub Actions or Azure DevOps and policy gates; strong IaC code review discipline.
- Proven security & compliance grounding (Zero Trust MFA/PIM/CAP Defender Sentinel; HIPAA/HITRUST/SOC2/PCI as applicable).
- Designed for resiliency (zones/regions) performance and cost; fluent with WAF pillars.
- Comfortable operating in SAFe and a product operating model; coaching teams and influencing execs.
- Enterprise landing zones live with automated guardrails; 90% resource deployments via IaC.
- Reference architectures & golden paths adopted by 70% of product teams.
- Mean time to first deploy on new products down 30%; critical incidents tied to cloud misconfigurations reduced 50%.
- Cost per tenant/workload visibility with monthly variance 10% vs budget; top 5 cost drivers optimized.
Responsibilities (day to day)
- Microsoft certifications (e.g. AZ-305 AZ-400 AZ-500 DP-203 SC-100).
- Containers/mesh (e.g. AKS Dapr service mesh) API design at scale event modeling.
- Regulated industry experience (healthcare/finance).
- Observability expertise (OpenTelemetry SLO error budgets).
- BizzDesign experience.
- Author ADRs and solution blueprints; run design reviews and threat modeling.
- Pair with engineers to codify patterns as reusable modules/templates.
- Create executive and engineering views (runway dependencies risks trade-offs).
- Partner with Security/Networking/Data to standardize interfaces and controls.
- Track and report platform KPIs (reliability performance cost risk).
Key Skills
- APIs
- Pegasystems
- Spring
- SOAP
- .NET
- Hybris
- Solution Architecture
- Service-Oriented Architecture
- Adobe Experience Manager
- J2EE
- Java
- Oracle
