Azure Cloud Architect

IHEALTH INNOVATIVE SOLUTION LLC
Washington, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 145K

Job location

Washington, United States of America

Tech stack

Microsoft Access
Microsoft Word
Microsoft Excel
Microsoft Windows
Microsoft Active Directory
API
Android
Microsoft Antivirus
iOS
Apple Mac Systems
User Authentication
Authentication Protocols
Azure
Backup Devices
Microsoft Online Services
Software as a Service
Cloud Computing
Cloud Computing Security
Cloud Engineering
Configuration Management
Collaborative Software
Computer Security
Databases
Custom Software
Disaster Recovery
DNS
Multi-Factor Authentication
Github
Identity and Access Management
Virtual Private Networks (VPN)
Information Systems Security Architecture Professional
Python
Key Management
Network Security
Log Analysis
Microsoft Office
Microsoft Project
Microsoft Visio
Microsoft Windows SDK
SQL Azure
OAuth
OpenStack
Microsoft PowerPoint
Powershell
Productivity Software
Role-Based Access Control
Openid Connect
Azure
Ansible
Zero Trust Network Access
Security Assertion Markup Language (SAML)
SharePoint
Single Sign-On
Smart Cards
Software Engineering
Systems Integration
User Provisioning Software
Virtual Machines
Software Vulnerability Management
Enterprise Application Integration
Data Logging
Azure
Scripting (Bash/Python/Go/Ruby)
Cloud Platform System
Cloud Monitoring
Software Security
Azure
Firewalls (Computer Science)
Microsoft InTune
Azure Security Center
Microsoft Onedrive
Microsoft Fabric
Infrastructure Automation Frameworks
Information Technology
Bicep
Microsoft Sentinel
Cloud Migration
CIS Benchmarks
Puppet
Terraform
Devsecops
Serverless Computing
Azure
Jenkins

Job description

  • Design, implement, and maintain secure, scalable, highly available Microsoft Azure environments aligned with business, technical, and security requirements.
  • Assess existing infrastructure, applications, and workloads to develop cloud migration and modernization strategies.
  • Migrate on-premises servers, applications, databases, and services to Microsoft Azure.
  • Design Azure landing zones, subscriptions, management groups, resource groups, policies, and governance structures.
  • Develop cloud architectures using Azure Virtual Machines, Azure Storage, Azure App Service, Azure Functions, Azure SQL, Azure Monitor, Log Analytics, and related platform services.
  • Design and manage Azure networking services, including Virtual Networks, Network Security Groups, Azure Firewall, Private Endpoints, DNS, ExpressRoute, VPN Gateway, and load-balancing services.
  • Implement infrastructure-as-code and configuration automation using tools such as Azure Resource Manager templates, Bicep, Terraform, PowerShell, or Azure CLI.
  • Monitor cloud environments for availability, capacity, security, performance, and cost optimization.
  • Develop and maintain cloud architecture diagrams, configuration standards, operating procedures, and technical documentation.

Microsoft Entra ID and Identity Security

  • Design, implement, and administer Microsoft Entra ID environments supporting cloud, hybrid, and enterprise identity requirements.
  • Plan and execute identity modernization initiatives, including migration from legacy Active Directory and Azure Active Directory configurations to modern Microsoft Entra capabilities.
  • Configure and manage Microsoft Entra Connect Sync, Microsoft Entra Cloud Sync, hybrid identities, password hash synchronization, pass-through authentication, and federation services.
  • Design and implement Conditional Access policies based on user identity, device compliance, application sensitivity, location, authentication strength, and organizational risk.
  • Implement multifactor authentication, passwordless authentication, Microsoft Authenticator, FIDO2 security keys, Windows Hello for Business, smart card, PIV, and certificate-based authentication.
  • Configure Microsoft Entra role-based access control and enforce least-privilege access across Azure and Microsoft 365 environments.
  • Implement and manage Microsoft Entra Privileged Identity Management for just-in-time administrative access, approval workflows, access reviews, and privileged role governance.
  • Configure Microsoft Entra Identity Protection policies to detect, investigate, and remediate user and sign-in risks.
  • Design and administer Microsoft Entra ID Governance capabilities, including entitlement management, access packages, lifecycle workflows, terms of use, and access reviews.
  • Integrate enterprise, SaaS, and custom applications with Microsoft Entra ID using SAML, OAuth 2.0, OpenID Connect, SCIM, and application proxy.
  • Configure enterprise single sign-on, automated user provisioning, service principals, managed identities, application registrations, and API permissions.
  • Review Microsoft Entra audit logs, sign-in logs, provisioning logs, risky-user events, and identity-security alerts.
  • Support business-to-business collaboration, guest access, cross-tenant access, external identities, and tenant-restriction policies.
  • Develop identity architecture documentation, access-control matrices, authentication standards, and operational procedures.

Microsoft 365 and Endpoint Security

  • Administer and optimize Microsoft 365 services, including Exchange Online, SharePoint Online, Microsoft Teams, OneDrive, and related collaboration platforms.
  • Integrate Microsoft 365 services with Microsoft Entra ID, Microsoft Intune, Microsoft Defender, and Microsoft Purview.
  • Configure and support Microsoft Intune device enrollment, configuration profiles, application protection policies, compliance policies, and endpoint security baselines.
  • Implement Microsoft Entra Conditional Access policies that enforce Intune device-compliance requirements.
  • Configure and maintain Microsoft Defender for Cloud, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Defender for Cloud Apps.
  • Investigate cloud, endpoint, identity, and application security alerts and coordinate remediation activities.
  • Support secure access from Windows, macOS, iOS, Android, and mobile-device environments.

Cloud Security, Governance, and Compliance

  • Design and implement secure cloud and identity architectures aligned with Zero Trust principles and industry best practices.
  • Apply security controls across identity, applications, data, devices, networking, infrastructure, and administrative operations.
  • Support compliance with applicable frameworks and requirements, including FedRAMP, FISMA, NIST SP 800-53, NIST SP 800-207, HIPAA, and organizational security policies.
  • Implement Azure Policy, Microsoft Defender for Cloud, security baselines, encryption, key management, logging, monitoring, and configuration controls.
  • Conduct cloud and identity security assessments, configuration reviews, risk analyses, and vulnerability evaluations.
  • Develop corrective-action recommendations and remediation plans for identified risks, control gaps, and configuration weaknesses.
  • Stay current on emerging cloud threats, identity-based attacks, vulnerabilities, Microsoft platform changes, and evolving security technologies.
  • Develop technical documentation and training materials for cloud administrators, developers, security personnel, and end users.

Client and Stakeholder Engagement

  • Serve as a trusted technical advisor to clients, business stakeholders, security teams, and executive leadership.
  • Translate business and mission requirements into secure, practical, and scalable technical solutions.
  • Lead architecture discussions, technical discovery sessions, design reviews, and implementation workshops.
  • Communicate complex cloud, identity, and cybersecurity concepts clearly to both technical and non-technical audiences.
  • Support strategic planning, risk management, change management, and technology-roadmap development.
  • Collaborate with project managers, developers, security engineers, system administrators, vendors, and customer stakeholders., Join iHealth and help shape the future of secure cloud and identity transformation. You will work on high-impact initiatives that modernize enterprise environments, strengthen cybersecurity, improve mission performance, and deliver sustainable technology outcomes for clients operating in complex and regulated environments.

Requirements

iHealth is seeking an experienced Senior Azure Cloud and Microsoft Entra ID Engineer to design, implement, secure, and maintain enterprise cloud and identity solutions within Microsoft Azure and Microsoft 365 environments.

This position will serve as a senior member of the Engineering team and will support cloud migration, identity modernization, security architecture, infrastructure automation, and enterprise application integration initiatives. The successful candidate will possess strong hands-on experience with Microsoft Azure, Microsoft Entra ID, Microsoft Defender, Microsoft 365, networking, automation, and Zero Trust security principles., * Nine or more years of progressively responsible experience in cloud engineering, infrastructure engineering, solution architecture, cybersecurity, or related information technology roles.

  • Significant experience in client-facing positions requiring consultative, analytical, and solution-design capabilities.
  • Demonstrated experience designing, deploying, and managing Microsoft Azure environments.
  • Demonstrated hands-on experience administering Microsoft Entra ID in enterprise or hybrid environments.
  • Strong experience with Conditional Access, multifactor authentication, single sign-on, role-based access control, Privileged Identity Management, Identity Protection, and identity governance.
  • Experience integrating SaaS, commercial, and custom applications with Microsoft Entra ID.
  • Strong understanding of Active Directory, hybrid identity, Microsoft Entra Connect, authentication protocols, and identity lifecycle management.
  • Experience administering Microsoft 365 and integrating Microsoft Entra ID, Intune, Defender, and related security services.
  • Proficiency in Azure networking, including Virtual Networks, ExpressRoute, VPN Gateway, DNS, private connectivity, and network-security controls.
  • Experience with Azure DevOps, GitHub Actions, Jenkins, or comparable CI/CD platforms.
  • Experience using scripting or automation technologies such as PowerShell, Python, Microsoft Graph, Azure CLI, Bicep, or Terraform.
  • Strong knowledge of cloud security, encryption, identity and access management, network security, vulnerability management, monitoring, and incident response.
  • Strong understanding of software development lifecycles, DevSecOps practices, and infrastructure-as-code methodologies.
  • Experience developing technical documentation, architecture diagrams, implementation plans, operating procedures, and training materials.
  • Strong analytical, troubleshooting, communication, and problem-solving skills.
  • Ability to anticipate emerging technology trends and translate them into actionable architecture and engineering recommendations.
  • Proficiency with Microsoft 365 productivity tools, including Excel, PowerPoint, Visio, Word, and Microsoft Project or comparable project-management platforms., * Experience supporting federal government, healthcare, regulated, or high-security environments.
  • Knowledge of FedRAMP, FISMA, NIST SP 800-53, NIST SP 800-207, HIPAA, and Zero Trust architecture.
  • Experience with Microsoft Sentinel, Microsoft Purview, Azure Arc, Azure Automation, or Azure Lighthouse.
  • Experience implementing PIV, CAC, FIDO2, smart card, certificate-based authentication, or passwordless authentication solutions.
  • Experience with OpenStack or other cloud platforms.
  • Familiarity with configuration-management tools such as Chef, Puppet, or Ansible.
  • Experience supporting managed service provider operations or multi-tenant environments.
  • Experience with disaster recovery, business continuity, backup, and high-availability architecture.

Preferred Certifications

  • Microsoft Certified: Azure Solutions Architect Expert
  • Microsoft Certified: Cybersecurity Architect Expert
  • Microsoft Certified: Identity and Access Administrator Associate
  • Microsoft Certified: Azure Security Engineer Associate
  • Microsoft Certified: Azure Administrator Associate
  • Microsoft 365 Certified: Administrator Expert
  • Certified Information Systems Security Professional
  • Certified Cloud Security Professional

Professional Attributes

  • Demonstrates sound technical judgment, personal accountability, and a strong commitment to security and quality.
  • Takes initiative to research, evaluate, and rapidly learn emerging technologies.
  • Works effectively in collaborative, cross-functional, and client-facing environments.
  • Maintains clear, accurate, and audit-ready technical documentation.
  • Approaches complex challenges with a proactive, analytical, and results-oriented mindset., * Azure: 7 years (Required)

License/Certification:

  • Azure Solutions Architect Expert (Required)

Benefits & conditions

Pulled from the full job description

  • Professional development assistance
  • Health insurance
  • Paid time off
  • Vision insurance
  • Dental insurance, * Dental insurance
  • Health insurance
  • Paid time off
  • Professional development assistance
  • Vision insurance

About the company

iHealth Innovative Solutions (iHealth) is an SBA-certified health information technology and digital transformation company headquartered in Washington, DC. We bridge the gap between healthcare, mission operations, and advanced technology by delivering secure, scalable, and outcome-driven solutions.

Apply for this position