Azure Infrastructure and Identity Architect

Position Summary 

We are hiring an experienced Azure Infrastructure and Identity Architect to lead our most complex Microsoft Azure and Identity engagements to build the AI Foundations for our clients. This is a senior, client-facing role that sits at the intersection of architecture, delivery, and presales. You will own the technical shape of multi-workstream deals, set the architectural direction for landing zones and identity foundations, and act as a trusted advisor to client executives and engineering teams alike. 

The primary objective of this role is to architect and solution AI Azure platforms for our clients. You are expected to operate with a high degree of autonomy: scoping work from opportunities, defending estimates with the sales team, and walking into a delivery with a credible plan on day one. You will also help mature the practice itself, codifying reusable accelerators, mentoring more junior consultants, and contributing to our Microsoft partner alignment. 
 
Position Responsibilities 

• Lead technical sales motions end-to-end, from discovery through deal closure. Translate ambiguous client needs into a credible technical approach, phased roadmap, and commercial model (T&M, fixed-fee). 

• Author the technical content of Statements of Work, proposals, including assumptions, deliverables, RACI, and exit criteria. 

• Build and defend bottom-up estimates; size delivery teams; identify and price in risk, dependencies. 

• Deliver executive-level presentations, demos, and architecture walkthroughs; convert technical credibility into pipeline. 

• Serve as the lead architect across one or more concurrent Azure engagements; own the end-to-end technical quality of what we ship. 

• Set architectural direction for Azure Landing Zones aligned to CAF and WAF and properly sized to support our clients’ AI workloads. 

• Design and oversee implementation of hub-and-spoke and Virtual WAN network topologies, including Azure Firewall/NVA strategy, Private Link, DNS, ExpressRoute, and segmentation patterns. 

• Define the identity foundation: Microsoft Entra ID tenant design, hybrid identity, Conditional Access, PIM, Entra ID governance. 

• Shape and lead on-prem to Azure migration programs: assessment with Azure Migrate, wave planning, replatform vs. rehost decisions, cutover strategy, and decommissioning. Cover VMware, Hyper-V, physical, and database workloads. 

• Security and governance: Microsoft Defender for Cloud, Azure Policy, role-based access control, key and secret management, logging and monitoring (Azure Monitor, Log Analytics, Sentinel handoffs). 

• Mentor more junior consultants; run internal architecture reviews and design clinics. 

• Contribute to and curate practice IP: reference architectures, IaC modules, assessment templates, runbooks, and migration playbooks. 

• Stay current with the Azure and Entra roadmaps. 

Skills, Knowledge and Expertise 

• 10+ years in IT infrastructure, with 6+ years designing and delivering on Microsoft Azure in a consulting or large-enterprise environment using IaC. 

• Demonstrable track record as the lead architect on substantial Azure engagements (landing zone build-outs, large-scale migrations, or enterprise identity modernization). 

• Direct experience in a billable consulting model, including pre-sales contribution and ownership of SOWs. 

• Azure Landing Zones/CAF, Azure Policy, platform vs. application landing zone patterns. 

• Networking & security: hub-and-spoke, Virtual WAN, Azure Firewall, NSGs and ASGs, Application Gateway/Front Door/WAF, Private Link and Private DNS, ExpressRoute, site-to-site VPN, DDoS protection. 

• Identity: Entra ID tenant architecture, hybrid identity (Entra Connect, Cloud Sync, ADFS where relevant), Conditional Access design, MFA and passwordless rollouts, PIM, Entra ID Governance, B2B/B2C, workload identities and managed identities. 

• Infrastructure as Code: production experience with Terraform. 

• Migration: Azure Migrate (Discovery, Server Assessment, Server Migration), Azure Site Recovery, Database Migration Service, application dependency mapping, cutover planning. 

• Governance, monitoring, and cost: Azure Policy and Initiatives, Microsoft Defender for Cloud, Azure Monitor, Log Analytics, cost management and FinOps fundamentals. 

• Working knowledge of Microsoft 365 / Intune / Defender boundaries with Azure infrastructure work, sufficient to scope adjacent workstreams and route them appropriately. 

What We Do 

We help clients achieve sustainable competitive advantage with a unique combination of deep technology expertise, business acumen and industry experience. Our business solutions drive outcomes across key strategic initiatives by applying our proven services that unlock the full power of the Microsoft platform. 
 

Who We Are 

Born in the Era of AI, Lantern enables clients to responsibly harness AI and unlock the full power of the Microsoft platform, so that they can innovate faster than ever, become a digital leader, and break away from the competition. Lantern’s Digital Studio Network spans North America, scaling up and down to meet client needs of any size. Teams at Lantern collaborate in immersive digital studios to channel inspiration, spark creativity, and transcend the ordinary. 

Our Team 

Lantern is a dynamic and purpose-driven organization.  We believe inspired teams spark creativity, engagement, and collaboration while driving innovation for clients and partners at high velocity.  The Lantern team is comprised of unique individuals whose distinct perspectives and lives enrich our company, our work, and our community.