Deep working knowledge of Microsoft's Cloud Adoption Framework (CAF)
Strong Azure operational and administration experience
Requirements:
Design and provision custom management group hierarchies and subscription vending
Translate architecture decisions into deployable Terraform-based landing zones
Manage Azure subscription/resource groups, RBAC, quota, and policy governance
Integrate CI/CD pipelines for repeatable, versioned landing zone deployments
Job description
Title: Azure Landing Zone Lead
Location: Columbus OH (Remote)
Rate: DOE
Azure Landing Zone Lead/Architect
Hands-on experience deploying Azure Landing Zones using the Azure Landing Zone Accelerator (ALZ) with Terraform — designing, provisioning, and iterating on custom management group hierarchies, subscription vending, and policy-as-code deployments (this is the core, non-negotiable skill).
Proven experience designing hub-and-spoke network topologies — centralized connectivity subscription, hub-based egress (no direct internet from spokes), and spoke-to-hub peering for workload isolation.
Deep working knowledge of Microsoft's Cloud Adoption Framework (CAF), with the ability to design multi-tier management group structures beyond the CAF default (e.g., segmenting workloads by environment, data sensitivity classification, vendor/SaaS ownership, and decommissioning lifecycle) and translate them into deployable Terraform modules.
Strong Azure operational and administration experience — subscription/resource group management, RBAC, quota and policy governance, cost control, and day-2 operations across a multi-subscription environment.
Hands-on experience with Azure Entra ID (Azure AD) and IAM — conditional access, role assignments, PIM, service principals/managed identities, and federated identity for workload access.
Proficiency with Terraform state management, module design, and CI/CD pipeline integration (Azure DevOps or GitHub Actions) for repeatable, versioned landing zone deployments.
Experience with application-tier resilience patterns within a landing zone — e.g., Blue/Green (LIVE/staging) subscription or resource group structures with load-balanced, zero-downtime traffic switching.
Ability to work directly with client architecture teams to translate whiteboard-level segmentation and governance decisions into a deployable Terraform-based landing zone, supporting regulated/enterprise environments.