Azure IaaS Cloud Architect – Azure Networking

Job Title:

Azure IaaS Cloud Architect – Azure Networking

Job Description

We are seeking a Senior Azure IaaS Cloud Architect with Azure Networking as the primary skill, complemented by deep SAP on Azure IaaS experience and strong FinOps discipline.

This role owns the network‑first, cost‑aware infrastructure architecture for SAP workloads on Azure, ensuring secure, high‑performance, highly available, and financially optimised Azure environments. The architect will design enterprise Azure networking, lead SAP migrations to Azure IaaS, and apply FinOps principles to control and optimise infrastructure spend across SAP landscapes.

Primary Skill Area: Azure Networking (Critical & Mandatory)

The successful candidatemust be a strong Azure Network Architect first, with SAP, IaaS, and FinOps capabilities built on top of this foundation.

Azure Networking Responsibilities

Architect and ownenterprise Azure networking designs, including:

• Hub‑and‑spoke topology
• Virtual WAN (where applicable)
• DesignSAP‑optimised Azure network architectures, covering:
  • VNet and subnet design per SAP tier
  • Latency, throughput, MTU, and routing considerations
  • SAP inter‑tier communication flows
• Leadhybrid connectivity architecture, including:
  • ExpressRoute (mandatory, primary connectivity)
  • Site‑to‑Site VPN (secondary / DR)
• Design and govern:
  • Network Security Groups (NSGs)
  • User Defined Routes (UDRs)
  • Azure Firewall and/or NVAs
• Architect secure ingress and egress using:
  • Azure Load Balancer
  • Application Gateway (WAF)
• Define DNS, routing, and traffic‑flow strategies for SAP users, integrations, and management services
• Ensure networking aligns withZero Trust, enterprise security, and SAP certification requirements

Azure IaaS Architecture (Secondary, Cost‑Aware)

• Architectenterprise‑scale Azure IaaS platforms for SAP workloads
• Design and govern:
  • SAP‑certified Azure Virtual Machines
  • Managed disks (Premium / Ultra)
  • Availability Sets and Availability Zones
• Owninfrastructure sizing, capacity planning, and performance tuning for SAP HANA
• Define OS‑level standards (Linux / Windows) for SAP
• DesignHA/DR‑ready infrastructure meeting strict RTO/RPO targets

SAP on Azure IaaS – Migration & Runtime

• LeadSAP ECC and SAP S/4HANA migrations to Azure IaaS
• Architect SAP‑certified designs including:
  • ASCS/ERS high availability
  • HANA scale‑up and scale‑out
  • Cross‑zone and cross‑region resilience
• Design SAP disaster recovery usingAzure Site Recovery
• Work closely with SAP Basis teams to ensure SAP supportability
• Support cutover, go‑live, and post‑migration stabilisation

Azure Landing Zones – Network‑ & Cost‑Centric

• Design and implementAzure Landing Zones with a network‑first and cost‑aware approach
• Define:
  • Management group and subscription hierarchy
  • Network‑centric landing zone patterns
  • Shared services and connectivity hubs
• BuildSAP‑ready landing zones, ensuring:
  • Network isolation per SAP tier
  • Controlled ingress/egress
  • Hybrid integration with on‑prem SAP landscapes
• Act as thedesign authority for Azure network, platform, and cost governance standards

FinOps & Cost Optimisation (Explicit Responsibility)

• EmbedFinOps principles into Azure IaaS and SAP architecture decisions
• Designcost‑optimised Azure network and infrastructure architectures, including:
  • Right‑sizing SAP VMs and HANA instances
  • Storage tier selection and performance‑cost trade‑offs
  • Network cost optimisation (ExpressRoute, egress, traffic flows)
• Define and enforce:
  • Resource tagging standards
  • Cost allocation by SAP system, environment, and business unit
• UseAzure Cost Management to:
  • Monitor SAP infrastructure spend
  • Identify cost anomalies and optimisation opportunities
  • Support forecasting and budgeting for SAP landscapes
• Advise stakeholders oncost vs resilience vs performance trade‑offs
• Support ongoingcost optimisation post‑migration, not just initial design

Infrastructure Automation & Azure DevOps

• Delivernetworking, IaaS, and cost‑governance automation using:
  • Terraform (preferred)
  • ARM / Bicep
• BuildAzure DevOps pipelines for:
  • Landing zone deployment
  • Network and connectivity provisioning
  • SAP infrastructure rollout
• Enforce governance, cost controls, and consistency through code

Required Skills & Experience

Mandatory (Primary Screening Criteria)

• Deep Azure Networking expertise (PRIMARY SKILL)
• Proven experience designingenterprise Azure network architectures
• Strong ExpressRoute and hybrid connectivity experience
• Extensive experience as anAzure IaaS / Infrastructure Architect
• ProvenSAP on Azure IaaS experience
• Azure Landing Zone design and implementation
• StrongFinOps / cost optimisation experience for Azure IaaS
• Infrastructure as Code (Terraform preferred)
• Azure DevOps CI/CD experience
• High availability and disaster recovery design

#LI-Remote

Location:

UK, Work at Home, GB

Language Requirements:

Time Type:

Full time

If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents