Azure IaaS Cloud Architect – Azure Networking

Job Title:

Job Description

Primary Skill Area: Azure Networking (Critical & Mandatory)

The successful candidatemust be a strong Azure Network Architect first, with SAP, IaaS, and FinOps capabilities built on top of this foundation.

Azure Networking Responsibilities

Architect and ownenterprise Azure networking designs, including:

• Hub‑and‑spoke topology
• Virtual WAN (where applicable)
• DesignSAP‑optimised Azure network architectures, covering:
  • VNet and subnet design per SAP tier
  • Latency, throughput, MTU, and routing considerations
  • SAP inter‑tier communication flows
• Leadhybrid connectivity architecture, including:
  • ExpressRoute (mandatory, primary connectivity)
  • Site‑to‑Site VPN (secondary / DR)
• Design and govern:
  • Network Security Groups (NSGs)
  • User Defined Routes (UDRs)
  • Azure Firewall and/or NVAs
• Architect secure ingress and egress using:
  • Azure Load Balancer
  • Application Gateway (WAF)
• Define DNS, routing, and traffic‑flow strategies for SAP users, integrations, and management services
• Ensure networking aligns withZero Trust, enterprise security, and SAP certification requirements

Azure IaaS Architecture (Secondary, Cost‑Aware)

• Architectenterprise‑scale Azure IaaS platforms for SAP workloads
• Design and govern:
  • SAP‑certified Azure Virtual Machines
  • Managed disks (Premium / Ultra)
  • Availability Sets and Availability Zones
• Owninfrastructure sizing, capacity planning, and performance tuning for SAP HANA
• Define OS‑level standards (Linux / Windows) for SAP
• DesignHA/DR‑ready infrastructure meeting strict RTO/RPO targets

SAP on Azure IaaS – Migration & Runtime

• LeadSAP ECC and SAP S/4HANA migrations to Azure IaaS
• Architect SAP‑certified designs including:
  • ASCS/ERS high availability
  • HANA scale‑up and scale‑out
  • Cross‑zone and cross‑region resilience
• Design SAP disaster recovery usingAzure Site Recovery
• Work closely with SAP Basis teams to ensure SAP supportability
• Support cutover, go‑live, and post‑migration stabilisation

Azure Landing Zones – Network‑ & Cost‑Centric

• Design and implementAzure Landing Zones with a network‑first and cost‑aware approach
• Define:
  • Management group and subscription hierarchy
  • Network‑centric landing zone patterns
  • Shared services and connectivity hubs
• BuildSAP‑ready landing zones, ensuring:
  • Network isolation per SAP tier
  • Controlled ingress/egress
  • Hybrid integration with on‑prem SAP landscapes
• Act as thedesign authority for Azure network, platform, and cost governance standards

FinOps & Cost Optimisation (Explicit Responsibility)

• EmbedFinOps principles into Azure IaaS and SAP architecture decisions
• Designcost‑optimised Azure network and infrastructure architectures, including:
  • Right‑sizing SAP VMs and HANA instances
  • Storage tier selection and performance‑cost trade‑offs
  • Network cost optimisation (ExpressRoute, egress, traffic flows)
• Define and enforce:
  • Resource tagging standards
  • Cost allocation by SAP system, environment, and business unit
• UseAzure Cost Management to:
  • Monitor SAP infrastructure spend
  • Identify cost anomalies and optimisation opportunities
  • Support forecasting and budgeting for SAP landscapes
• Advise stakeholders oncost vs resilience vs performance trade‑offs
• Support ongoingcost optimisation post‑migration, not just initial design

Infrastructure Automation & Azure DevOps

• Delivernetworking, IaaS, and cost‑governance automation using:
  • Terraform (preferred)
  • ARM / Bicep
• BuildAzure DevOps pipelines for:
  • Landing zone deployment
  • Network and connectivity provisioning
  • SAP infrastructure rollout
• Enforce governance, cost controls, and consistency through code

Required Skills & Experience

Mandatory (Primary Screening Criteria)

• Deep Azure Networking expertise (PRIMARY SKILL)
• Proven experience designingenterprise Azure network architectures
• Strong ExpressRoute and hybrid connectivity experience
• Extensive experience as anAzure IaaS / Infrastructure Architect
• ProvenSAP on Azure IaaS experience
• Azure Landing Zone design and implementation
• StrongFinOps / cost optimisation experience for Azure IaaS
• Infrastructure as Code (Terraform preferred)
• Azure DevOps CI/CD experience
• High availability and disaster recovery design

Location:

Language Requirements:

Time Type:

If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents