|
Azure Cloud Solution Architect:
The Azure Cloud Solution Architect will be responsible for owning the target architecture and migration design across a hub-and-spoke model leveraging Azure Virtual WAN. The role encompasses end-to-end accountability for security, identity (Microsoft Entra ID), compute (PaaS/IaaS), storage (Azure Files/Blob), data (PostgreSQL), and observability. The architect will ensure that designs are scalable, repeatable, and compliant, supporting up to 41 programme instances. The role holder will act as a trusted advisor, guiding stakeholders through architectural decisions, migration strategies, and operational readiness, while ensuring alignment with enterprise standards and regulatory requirements.
Key responsibilities
- Landing Zone & Network Topology
- Define and validate landing zone integrations, ensuring consistency across environments.
- Design and implement hub-and-spoke/VWAN architectures, including NVAs, firewalls, and Private DNS.
- Establish secure connectivity patterns (VPN/ExpressRoute) and enforce segmentation for multi-instance deployments.
- Compute & Containerisation
- Select and implement compute patterns with emphasis on containerisation (AKS, Azure Container Apps, App Service).
- Manage image registries (ACR), ingress controllers (App Gateway/WAF), and API layers.
- Drive adoption of best DevOps practices, and automated deployments for container workloads.
- Data Architecture & Migration
- Design PostgreSQL Flexible Server architecture, including performance tuning, HA/DR strategies, and scalability.
- Define migration approaches using DMS, pg_dump/pg_restore, and other tooling.
- Ensure data integrity, compliance, and resilience during migrations across multiple programme instances.
- Security & Compliance
- Develop security and compliance architectures aligned with NHS Digital and NCSC standards.
- Implement key management strategies using Azure Key Vault.
- Define and enforce security baselines, policies, and governance frameworks.
- Collaborate with InfoSec teams to ensure proactive risk management and audit readiness.
- Observability & Monitoring
- Establish monitoring frameworks using Azure Monitor and Log Analytics.
- Define KPIs, dashboards, and alerting mechanisms to ensure operational visibility.
- Drive proactive incident detection and root cause analysis across all programme instances.
- Proof of Concept & Scalability
- Author and deliver POC architectures and reusable patterns that scale across all programme instances.
- Document best practices, design standards, and reusable modules for repeatability.
- Provide technical leadership and mentoring to engineering teams.
Experience & skills
- 8–10 years of experience in solution architecture, with at least 5 years focused on Azure reference architectures and container platforms.
- Proven track record of delivering multi-instance migrations (30–50; up to 41) and hybrid designs using VWAN/VPN/ExpressRoute.
- Hands-on expertise with Infrastructure-as-Code (Terraform/Bicep), including design patterns, reusable modules, and automation frameworks.
- Strong knowledge of cloud security baselines, compliance frameworks, and cost optimisation strategies.
- Excellent stakeholder management skills, with the ability to communicate complex technical concepts to both technical and non-technical audiences.
- Experience in leading cross-functional teams and influencing architectural decisions at programme level.
Technology & Tooling
- Azure Networking: Hub-and-spoke, Virtual WAN, Private Endpoints, Firewall/NVA, DNS.
- Identity/Security: Microsoft Entra ID, Key Vault, policies/baselines, NHS Digital/NCSC alignment.
- Compute/Containerisation: AKS, Azure Container Apps, App Service, App Gateway/WAF, ACR.
- Data/Storage: PostgreSQL Flexible Server, Azure Files/Blob (including premium tiers).
- Observability: Azure Monitor, Log Analytics, Application Insights.
- Integrations: API Management, external vendor integrations (Yakara, MMG, PACS/Harmony).
- Automation & IaC: Terraform, Bicep, GitHub Actions/Azure DevOps pipelines.
|
