Azure Cloud Solution Architect (RARR Job 5884)

Purpose of the role

The Azure Cloud Solution Architect will be responsible for owning the target architecture and migration design across a hub-and-spoke model leveraging Azure Virtual WAN. The role encompasses end-to-end accountability for security, identity (Microsoft Entra ID), compute (PaaS/IaaS), storage (Azure Files/Blob), data (PostgreSQL), and observability. The architect will ensure that designs are scalable, repeatable, and compliant, supporting up to 41 programme instances. The role holder will act as a trusted advisor, guiding stakeholders through architectural decisions, migration strategies, and operational readiness, while ensuring alignment with enterprise standards and regulatory requirements.

Key responsibilities

• Landing Zone & Network Topology
  • Define and validate landing zone integrations, ensuring consistency across environments.
  • Design and implement hub-and-spoke/VWAN architectures, including NVAs, firewalls, and Private DNS.
  • Establish secure connectivity patterns (VPN/ExpressRoute) and enforce segmentation for multi-instance deployments.
• Compute & Containerisation
  • Select and implement compute patterns with emphasis on containerisation (AKS, Azure Container Apps, App Service).
  • Manage image registries (ACR), ingress controllers (App Gateway/WAF), and API layers.
  • Drive adoption of best DevOps practices, and automated deployments for container workloads.
• Data Architecture & Migration
  • Design PostgreSQL Flexible Server architecture, including performance tuning, HA/DR strategies, and scalability.
  • Define migration approaches using DMS, pg_dump/pg_restore, and other tooling.
  • Ensure data integrity, compliance, and resilience during migrations across multiple programme instances.
• Security & Compliance
  • Develop security and compliance architectures aligned with NHS Digital and NCSC standards.
  • Implement key management strategies using Azure Key Vault.
  • Define and enforce security baselines, policies, and governance frameworks.
  • Collaborate with InfoSec teams to ensure proactive risk management and audit readiness.
• Observability & Monitoring
  • Establish monitoring frameworks using Azure Monitor and Log Analytics.
  • Define KPIs, dashboards, and alerting mechanisms to ensure operational visibility.
  • Drive proactive incident detection and root cause analysis across all programme instances.
• Proof of Concept & Scalability
  • Author and deliver POC architectures and reusable patterns that scale across all programme instances.
  • Document best practices, design standards, and reusable modules for repeatability.
  • Provide technical leadership and mentoring to engineering teams.

Experience & skills

• 8–10 years of experience in solution architecture, with at least 5 years focused on Azure reference architectures and container platforms.
• Proven track record of delivering multi-instance migrations (30–50; up to 41) and hybrid designs using VWAN/VPN/ExpressRoute.
• Hands-on expertise with Infrastructure-as-Code (Terraform/Bicep), including design patterns, reusable modules, and automation frameworks.
• Strong knowledge of cloud security baselines, compliance frameworks, and cost optimisation strategies.
• Excellent stakeholder management skills, with the ability to communicate complex technical concepts to both technical and non-technical audiences.
• Experience in leading cross-functional teams and influencing architectural decisions at programme level.

Technology & Tooling

• Azure Networking: Hub-and-spoke, Virtual WAN, Private Endpoints, Firewall/NVA, DNS.
• Identity/Security: Microsoft Entra ID, Key Vault, policies/baselines, NHS Digital/NCSC alignment.
• Compute/Containerisation: AKS, Azure Container Apps, App Service, App Gateway/WAF, ACR.
• Data/Storage: PostgreSQL Flexible Server, Azure Files/Blob (including premium tiers).
• Observability: Azure Monitor, Log Analytics, Application Insights.
• Integrations: API Management, external vendor integrations (Yakara, MMG, PACS/Harmony).

• Automation & IaC: Terraform, Bicep, GitHub Actions/Azure DevOps pipelines.