Azure IaaS Cloud Architect – Azure Networking

Azure IaaS Cloud Architect – Azure Networking

We are seeking a Senior Azure IaaS Cloud Architect with Azure Networking as the primary skill, complemented by deep SAP on Azure IaaS experience and strong FinOps discipline.

This role owns the network‑first, cost‑aware infrastructure architecture for SAP workloads on Azure, ensuring secure, high‑performance, highly available, and financially optimised Azure environments. The architect will design enterprise Azure networking, lead SAP migrations to Azure IaaS, and apply FinOps principles to control and optimise infrastructure spend across SAP landscapes.

Primary Skill Area: Azure Networking (Critical & Mandatory)

The successful candidate must be a strong Azure Network Architect first, with SAP, IaaS, and FinOps capabilities built on top of this foundation.

Azure Networking Responsibilities

Architect and own enterprise Azure networking designs, including:

• Hub‑and‑spoke topology
• Virtual WAN (where applicable)
• Design SAP‑optimised Azure network architectures, covering:
  • VNet and subnet design per SAP tier
  • Latency, throughput, MTU, and routing considerations
  • SAP inter‑tier communication flows
• Lead hybrid connectivity architecture, including:
  • ExpressRoute (mandatory, primary connectivity)
  • Site‑to‑Site VPN (secondary / DR)
• Design and govern:
  • Network Security Groups (NSGs)
  • User Defined Routes (UDRs)
  • Azure Firewall and/or NVAs
• Architect secure ingress and egress using:
  • Azure Load Balancer
  • Application Gateway (WAF)
• Define DNS, routing, and traffic‑flow strategies for SAP users, integrations, and management services
• Ensure networking aligns with Zero Trust, enterprise security, and SAP certification requirements

Azure IaaS Architecture (Secondary, Cost‑Aware)

• Architect enterprise‑scale Azure IaaS platforms for SAP workloads
• Design and govern:
  • SAP‑certified Azure Virtual Machines
  • Managed disks (Premium / Ultra)
  • Availability Sets and Availability Zones
• Own infrastructure sizing, capacity planning, and performance tuning for SAP HANA
• Define OS‑level standards (Linux / Windows) for SAP
• Design HA/DR‑ready infrastructure meeting strict RTO/RPO targets

SAP on Azure IaaS – Migration & Runtime

• Lead SAP ECC and SAP S/4HANA migrations to Azure IaaS
• Architect SAP‑certified designs including:
  • ASCS/ERS high availability
  • HANA scale‑up and scale‑out
  • Cross‑zone and cross‑region resilience
• Design SAP disaster recovery using Azure Site Recovery
• Work closely with SAP Basis teams to ensure SAP supportability
• Support cutover, go‑live, and post‑migration stabilisation

Azure Landing Zones – Network‑ & Cost‑Centric

• Design and implement Azure Landing Zones with a network‑first and cost‑aware approach
• Define:
  • Management group and subscription hierarchy
  • Network‑centric landing zone patterns
  • Shared services and connectivity hubs
• Build SAP‑ready landing zones, ensuring:
  • Network isolation per SAP tier
  • Controlled ingress/egress
  • Hybrid integration with on‑prem SAP landscapes
• Act as the design authority for Azure network, platform, and cost governance standards

FinOps & Cost Optimisation (Explicit Responsibility)

• Embed FinOps principles into Azure IaaS and SAP architecture decisions
• Design cost‑optimised Azure network and infrastructure architectures, including:
  • Right‑sizing SAP VMs and HANA instances
  • Storage tier selection and performance‑cost trade‑offs
  • Network cost optimisation (ExpressRoute, egress, traffic flows)
• Define and enforce:
  • Resource tagging standards
  • Cost allocation by SAP system, environment, and business unit
• Use Azure Cost Management to:
  • Monitor SAP infrastructure spend
  • Identify cost anomalies and optimisation opportunities
  • Support forecasting and budgeting for SAP landscapes
• Advise stakeholders on cost vs resilience vs performance trade‑offs
• Support ongoing cost optimisation post‑migration, not just initial design

Infrastructure Automation & Azure DevOps

• Deliver networking, IaaS, and cost‑governance automation using:
  • Terraform (preferred)
  • ARM / Bicep
• Build Azure DevOps pipelines for:
  • Landing zone deployment
  • Network and connectivity provisioning
  • SAP infrastructure rollout
• Enforce governance, cost controls, and consistency through code

Location: UK, Work at Home, GB

Time Type: Full time

null

Required Skills & Experience

Mandatory (Primary Screening Criteria)

• Deep Azure Networking expertise (PRIMARY SKILL)
• Proven experience designing enterprise Azure network architectures
• Strong ExpressRoute and hybrid connectivity experience
• Extensive experience as an Azure IaaS / Infrastructure Architect
• Proven SAP on Azure IaaS experience
• Azure Landing Zone design and implementation
• Strong FinOps / cost optimisation experience for Azure IaaS
• Infrastructure as Code (Terraform preferred)
• Azure DevOps CI/CD experience
• High availability and disaster recovery design