Cloud Architect/ Senior Azure Cloud Engineer

Job DescriptionJob Description

Join our team in supporting a complex risk analysis and workflow platform, including a globally used web application that enables businesses worldwide to manage and submit critical product data. We are a highly collaborative, agile, cross-functional team, and we are seeking a Cloud Architect / Senior Azure Cloud Engineer to guide the migration and modernization of this enterprise platform into Microsoft Azure.

The current platform relies on containerized workloads orchestrated by Kubernetes, ActiveMQ-based messaging middleware, ElasticSearch, and SQL Server. The ideal candidate will bring deep expertise in Azure- architecture, Kubernetes (AKS and self-managed), JMS-compatible messaging systems, and Azure SQL, with the strategic ability to guide PaaS adoption while avoiding vendor lock-in and preserving multi-cloud flexibility.

Key Responsibilities

• Guide the architectural direction for the cloud migration from on-premise and VM-based infrastructure to an Azure-based deployment, leveraging PaaS services where appropriate and minimizing disruption to middleware services.
• Evaluate trade-offs and provide architectural recommendations between AKS, self-managed Kubernetes, and other alternatives, with careful consideration for cost, scalability, operational simplicity, and long-term flexibility.
• Architect and implement a high-availability, multi-AZ Kubernetes infrastructure with integrated load balancing.
• Design and optimize an ActiveMQ-based messaging layer deployed within Kubernetes, or evaluate compatible PaaS alternatives that allow for minimal refactoring of JMS clients and do not compromise multi-cloud portability.
• Define a segmented VNet architecture including:
  • Public Subnet – Hosts Application Gateway, VPN Gateway, and Bastion Host (only ingress points).
  • Application Subnet – Hosts Kubernetes workloads, services, batch jobs, analytics, and middleware.
  • Database Subnet – Hosts Azure SQL Managed Instance, accessible only via private networking.
  • Private Subnet – For services requiring isolation and no external or inter-subnet access.
• Implement secure ingress/egress routing using NGINX, Azure Application Gateway, and Kubernetes ingress controllers.
• Architect and scale ElasticSearch for application search, including Logstash pipelines for JDBC-based data syncing from SQL Server.
• Ensure infrastructure security, observability, and scalability using Azure Monitor, Elastic Stack, and Infrastructure-as-Code (IaC) tools such as Terraform (), Bicep, or ARM templates.

Required Skills & Experience

• 7+ years of cloud infrastructure experience, including 3+ years focused on Microsoft Azure.
• Deep hands-on expertise in Kubernetes, including AKS, Helm, HA/failover design, and production-grade cluster management.
• Proven experience managing and deploying ActiveMQ or JMS-compatible middleware in containerized environments.
• Strong understanding of PaaS architecture trade-offs and vendor lock-in considerations.
• Expert knowledge of Azure SQL, including setup, performance tuning, HA configuration, and secure access.
• In-depth Azure networking and security skills, including NSGs, private endpoints, VPN Gateway, Bastion, and subnet architecture.
• Proficiency in Terraform and experience integrating IaC into CI/CD pipelines.

Qualifications

• Azure certifications such as Azure Solutions Architect Expert, Security Engineer Associate, or Database Administrator Associate.
• Production experience scaling ElasticSearch, optimizing shard distribution, and monitoring for performance at scale.
• Hands-on experience building and optimizing Logstash pipelines for SQL Server > ElasticSearch integrations.
• Familiarity with federal IT compliance frameworks such as FedRAMP, NIST, or CMMC.
• Strong communication and leadership skills in cross-functional and multi-disciplinary teams.

Why Join Us

Be a key technical guide in a cloud modernization project supporting a mission-critical government system. You’ll help replatform a legacy system into a secure, scalable, and future-ready Azure environment while tackling real-world performance, security, and integration challenges—and collaborating daily with a smart, agile, and purpose-driven team.