Lead Azure Engineer

About the Role

We are seeking a Lead Azure Engineer to drive two connected missions: the consolidation of our clients Azure environments into a single enterprise-scale cloud platform, and the day-to-day ownership of on-premises infrastructure across all sites. This is a hybrid cloud and infrastructure engineering role — you will own the full stack from physical servers and Hyper-V environments through to Azure landing zones and governance.

You will play a critical role in building a secure, scalable, and cost-efficient Azure foundation that supports long-term growth, while simultaneously maintaining and modernizing the on-premises infrastructure that powers our client's manufacturing and operations sites.

What You'll Do

Azure Tenant Consolidation & Platform

• Lead consolidation of multiple Azure tenants, subscriptions, and environments into a unified enterprise Azure platform
• Design and implement Azure landing zones, subscription models, and resource organization strategies
• Standardize and optimize:
  • Networking (VNets, peering, hybrid connectivity)
  • Compute and storage services
  • Disaster recovery and high availability architectures
• Drive cost optimization initiatives:
  • Rightsizing resources and eliminating redundant environments
  • Reserved instances and savings plans
• Implement and enforce Azure governance: Azure Policy, RBAC, tagging standards, and cost controls
• Lead identity integration using Microsoft Entra ID (Azure AD), including cross-tenant trust and access models
• Partner with security teams to implement Zero Trust architecture and compliance controls
• Provide technical leadership, roadmap planning, and executive-level updates

On-Premises Infrastructure

• Own and manage Hyper-V environments across all client sites
• Manage physical server infrastructure including Dell PowerEdge servers — hardware lifecycle, rack and stack, capacity planning
• Maintain Active Directory (on-prem) site health, replication, and DNS/DHCP across all sites
• Manage Azure DNS and on-prem Windows DNS for all entities
• Maintain and operate Synology NAS and backup tooling across the environment
• Build and maintain a server golden image pipeline for standardized OS deployments

Security & Patching

• Deploy and manage Defender for Servers P2 across all Arc-onboarded on-premises servers
• Implement Azure Arc to extend Azure governance, policy, and Defender coverage to on-prem infrastructure
• Implement Azure Update Manager for unified patch management across Azure VMs and Arc-enabled servers
• Define and maintain patch cadence, compliance reporting, and maintenance windows across all entities

Backup & Resilience

• Define and execute a unified backup strategy across Azure VMs, on-prem servers, and NAS
• Configure recovery vaults, retention policies, and offsite replication
• Define and validate RTOs and RPOs per entity and workload tier
• Ensure disaster recovery and high availability architectures are documented and tested

What You Bring

Required

• 7+ years of experience in Azure cloud engineering and infrastructure
• Proven experience consolidating Azure tenants, subscriptions, or large-scale environments
• Deep expertise in Azure networking — VNet design, VPN/ExpressRoute, segmentation
• Strong experience with Azure compute, storage, and platform services
• Hands-on experience with Azure governance — Policy, RBAC, management groups
• Experience managing on-premises Windows Server environments including Active Directory, DNS, and DHCP
• Experience with Hyper-V in a multi-site or multi-entity environment
• Strong experience with cloud cost optimization and financial governance (FinOps)
• Experience with Microsoft Entra ID (Azure AD) for identity and access management
• Ability to lead complex, multi-team cloud and infrastructure transformation efforts

Nice to Have

• Experience with M&A or multi-entity environment consolidation
• Familiarity with Infrastructure as Code — Terraform, Bicep, ARM
• Experience with Azure Monitor, Log Analytics, and observability platforms
• Experience with Azure Arc and Azure Update Manager
• Experience with Defender for Servers and Microsoft Defender for Cloud
• Knowledge of hybrid environments — on-prem to Azure transition
• Microsoft Azure certifications — Solutions Architect, Security, Network