Spektra Systems

Azure Infrastructure Architect

Spektra Systems  •  Bengaluru, IN (Onsite)  •  4 months ago
Apply
Save Job
Mark Applied Mark Interviewed Mark Offered
Hide Job Report Job
AI can make mistakes so check important info. Chat history is never stored.

Job Description


About the Role :
We're looking for a hands-on Senior Azure Infrastructure Architect to lead enterprise cloud architecture and infrastructure delivery. You'll design and implement secure, production-grade Azure environments following Azure Landing Zone patterns, Zero Trust security principles, and Infrastructure as Code best practices.
This role requires deep expertise in Azure networking, security architecture, and IaC automation. You'll own end-to-end infrastructure delivery—from architecture design through Bicep/Terraform implementation—for global enterprise customers. We need someone who can whiteboard a hub-spoke topology and then build it hands-on.

Key Responsibilities:
Architecture & Design

  • Design enterprise Azure Landing Zone architectures following Microsoft Cloud Adoption Framework (CAF)

  • Architect Hub-Spoke network topologies with proper IP addressing, subnetting, and VNet peering strategies

  • Design Zero Trust security models with defense-in-depth layering

  • Create multi-region, high-availability architectures with geo-replication and disaster recovery

  • Conduct infrastructure assessments and develop optimization strategies

  • Design cost-efficient architectures balancing security, performance, and budget

Security Architecture

  • Implement NSG-only or Azure Firewall-based security models with deny-by-default rules

  • Design Private Endpoint strategies for PaaS services (SQL, Storage, Key Vault, App Service)

  • Configure Microsoft Defender for Cloud across workload types (App Service, SQL, Storage, Key Vault, ARM)

  • Implement Azure Front Door Premium with WAF (OWASP 3.2, Bot Manager, geo-filtering, rate limiting)

  • Design identity solutions with Entra ID, Managed Identities, and RBAC least-privilege access

  • Configure Private DNS Zones and VNet links for private name resolution

Hands-on Implementation (Infrastructure as Code)

  • Develop and maintain Bicep/Terraform modules for reusable infrastructure patterns

  • Build modular IaC for: VNets, NSGs, Private Endpoints, Key Vaults, SQL Servers, App Services, Front Door, Storage Accounts

  • Implement configuration-driven deployments using centralized config files (config.json patterns)

  • Create PowerShell/Azure CLI deployment scripts with proper error handling and verification

  • Build phased deployment strategies with verification checkpoints

  • Implement diagnostic settings and Log Analytics integration across all resources

Compute & Data Platform

  • Deploy Azure App Service with VNet Integration, Private Link, and System-Assigned Managed Identity

  • Configure Azure SQL Hyper-scale with geo-replication, Private Endpoints, and Azure AD-only authentication

  • Implement Azure Storage with Private Endpoints (Blob, Queue, Table) and proper RBAC

  • Configure Application Insights and Log Analytics for observability

  • Deploy Azure Virtual Desktop (AVD) with Entra ID Join and automation run-books

Customer Engagement & Delivery

  • Lead technical architecture discussions with customer IT leadership

  • Own end-to-end project delivery from discovery through production deployment

  • Conduct infrastructure design reviews and security assessments

  • Create architecture documentation and operational runbooks

  • Manage customer expectations and project timelines


Requirements


Azure Networking & Security (Core Focus)

  • Hub-Spoke VNet topology design and implementation

  • NSG rules with Service Tags and deny-by-default patterns

  • Private Endpoints for all Azure PaaS services

  • Azure Front Door Premium with WAF configuration

  • VNet Peering (regional and cross-region)

  • Azure Private DNS Zones and VNet links

  • Zero Trust architecture principles and implementation

Identity & Access Management

  • Entra ID (Azure AD) for cloud identity

  • System-Assigned and User-Assigned Managed Identities

  • Azure RBAC with least-privilege role assignments

  • Key Vault with RBAC access model (not legacy access policies)

  • Conditional Access and MFA strategies

Infrastructure as Code (Hands-on Required)

  • Bicep (primary) or Terraform for Azure IaC

  • Modular IaC patterns with reusable modules

  • PowerShell scripting for deployment automation

  • Azure CLI for resource management and verification

  • Configuration-driven deployments (parameterized templates)

  • CI/CD pipelines for infrastructure (Azure DevOps, GitHub Actions)

Security & Governance

  • Microsoft Defender for Cloud (CSPM + workload protection plans)

  • Security architecture (defense-in-depth, threat modeling)

  • Regulatory compliance frameworks (ISO 27001, SOC 2, GDPR)

  • Azure Policy for governance and compliance enforcement

  • NSG Flow Logs and Log Analytics for security monitoring

Compute & Data Platforms

  • Azure App Service (Web Apps, VNet Integration, Private Link)

  • Azure SQL (Hyperscale, geo-replication, Private Endpoints)

  • Azure Storage (Blob, Queue, Table, Private Endpoints, RBAC)

  • Azure Virtual Desktop (Pooled, Entra ID Join, automation)

  • Application Insights and Log Analytics

Experience

  • 5+ years hands-on Azure infrastructure experience

  • Proven track record with enterprise customers (US/EMEA)

  • Multi-region Azure deployments with DR/HA requirements

  • Azure Landing Zone implementations (greenfield or brownfield)

  • Security-focused architecture design and implementation

  • Cost optimization and FinOps experience

  • Team leadership or mentoring experience

Desired Qualifications : Certifications (Preferred)

  • Microsoft Certified: Azure Solutions Architect Expert

  • Microsoft Certified: Azure Administrator Associate

  • Microsoft Certified: Azure Security Engineer Associate

  • Azure Network Engineer Associate

  • HashiCorp Terraform Associate (if Terraform-focused)

What We're Looking For
A hands-on architect who understands that architecture diagrams must translate to working infrastructure. You should be comfortable switching between whiteboard design sessions and terminal-based IaC deployments.
We value:

  • Security-first mindset: Every design decision considers Zero Trust principles

  • IaC discipline: Infrastructure exists as code, not click-ops

  • Verification rigor: You validate deployments, not assume success

  • Documentation: Architecture decisions and operational knowledge are captured

  • Practical problem-solving: You find solutions within budget and timeline constraints

  • Continuous learning: Azure evolves rapidly; so should you

About Spektra Systems
Spektra Systems is a cloud solutions and infrastructure specialist delivering enterprise transformation across Microsoft Azure, AWS, and modern workplace technologies. We partner with global enterprises on their digital transformation journeys.

Why Join Spektra Systems?

  • Work on cutting-edge technologies with global enterprise customers

  • Opportunity to work with emerging technologies like AI, ML, and Agentic AI

  • Remote-first culture with flexibility and work-life balance

  • Continuous learning and certification support

  • Collaborative environment with focus on innovation

  • Career growth opportunities in a rapidly expanding organization

  • Competitive compensation with performance-based incentives

If you're ready to take your career to the next level and make a real impact on customers' digital transformation journeys, we'd love to hear from you!
Spektra Systems

About Spektra Systems

Spektra Systems is an innovation leader in cloud computing products and services. Our mission is to enable people and businesses to achieve more with the help of effective technological solutions.

Our four revolutionizing products are designed to help Cloud partners run and grow their businesses efficiently.

a) CSP Control Center (www.cspcontrolcenter.com)

Automating CSP business. Enabling growth.

C3 streamlines the entire business & technical lifecycle for Microsoft CSP partners. The platform provides an effortless self-service experience that scales productivity and business development.

b) CloudLabs (https://cloudlabs.ai/)

Transforming virtual learning through immersive technology.

CloudLabs is a self-service, end-to-end learning experience platform that delivers Microsoft Azure hands-on workshops at scale. Designed for training providers, ISV’s and system integrators, Cloudlabs has transformed the way cloud workshops and demonstrations are conducted.

c) SaaSify (https://saasify.ai/)

Helping ISVs and SaaS companies grow their business.

SaaSify is a one-of-its-kind solution built to simplify, streamline and accelerate revenue growth on cloud marketplaces. The platform enables companies to optimize, list, sell and manage their software offerings — cost-effectively.

d) Spektra Academy (https://spektraacademy.com/)

Empowering individual learners through hands-on lab training and certification.

Along with advanced solutions, we offer end-to-end services comprising advisory and consulting, product customization, and managed services.

We’re headquartered in Seattle, the United States with offices in Canada, India, and Mexico and clients worldwide.

Check us out at www.spektrasystems.com

Industry
IT & Software
Company Size
201-500 employees
Headquarters
Redmond, WA
Year Founded
Unknown
Website
spektrasystems.com
Social Media