At Systems Planning and Analysis, Inc. (SPA), we tackle the most complex national security challenges with high-impact technical solutions. With over 50 years of proven expertise and a track record of consistent growth, we are recognized for driving innovation and delivering value to our government customers in the U.S. and beyond. An exceptionally talented and collaborative team powers our success, united in producing Results that Matter. When you join us, you’ll find opportunities, meaningful challenges, and a shared commitment to mission success. Come work with the best and make a difference where it truly counts.

We seek an experienced Azure Cloud Architect to design, implement, and manage a scalable and secure cloud environment. This role focuses on building a robust infrastructure aligned with Azure Landing Zone (ALZ) and Secure Cloud Computing Architecture (SCCA) principles while supporting advanced workloads like Mission Landing Zone (MLZ) and B2B interconnectivity. The ideal candidate will demonstrate expertise in Azure services, multi-subscription environments, enterprise-level connectivity, and regulatory compliance frameworks such as NIST, CMMC, and FedRAMP.

Why Join Us?

This is a unique opportunity to shape the cloud infrastructure for a secure, scalable, and compliant Azure environment. Join a team of innovators working on cutting-edge solutions for mission-critical workloads and enterprise-level interconnectivity. You will collaborate with talented professionals and have the chance to lead transformative cloud projects.

1. Cloud Architecture Design

• Design and implement scalable and secure Azure Landing Zones (ALZ), including hub-and-spoke architecture.
• Architect advanced workloads aligned with Secure Cloud Computing Architecture (SCCA) and Mission Landing Zone (MLZ) principles for mission-critical and regulated environments.
• Implement hybrid cloud solutions using ExpressRoute, VPN Gateway, and Azure Virtual WAN for secure on-premises-to-cloud connectivity.

2. Enterprise and B2B Interconnectivity

• Architect and implement B2B interconnectivity solutions using Azure AD B2B, Guest Access, and Conditional Access Policies.
• Design identity federation solutions for seamless collaboration across Azure AD tenants or third-party identity providers.
• Enable secure integrations with external SaaS platforms and APIs using Azure API Management.

3. Regulatory Compliance

• Design solutions that meet compliance requirements for NIST SP 800-53, CMMC, FedRAMP, ISO 27001, and other frameworks.
• Implement Azure Policies, Blueprints, and role-based access control (RBAC) to enforce governance and compliance.
• Provide architecture support for audits and security assessments, ensuring alignment with regulatory standards.

4. Advanced Networking and Security

• Develop secure networking solutions, including Azure Firewall, DDoS Protection, and Network Security Groups (NSGs).
• Design secure identity solutions using Azure AD, Key Vault, and Privileged Identity Management (PIM).
• Integrate threat detection and response systems such as Microsoft Defender for Cloud and Azure Sentinel to enhance the security posture.

5. Automation and Optimization

• Leverage Infrastructure as Code (IaC) tools like Terraform, ARM templates, or Bicep to automate deployments and enforce consistency.
• Automate governance, compliance, and monitoring workflows to ensure efficiency and reduce operational overhead.
• Design cost-optimized solutions by implementing Azure resource tagging, cost-management tools, and utilization monitoring.

6. Collaboration and Leadership

• Collaborate with cross-functional teams, including cybersecurity, DevOps, and operations, to deliver secure and scalable cloud solutions.
• Provide technical leadership for cloud transformation projects and act as a subject matter expert (SME) for Azure architecture.
• Mentor junior architects and engineers, fostering a culture of innovation and continuous improvement.

Required Qualifications:

Experience:

• 8+ years in cloud architecture or engineering roles, with 5+ years focused on Azure environments.
• Proven experience designing multi-subscription Azure environments aligned with ALZ, SCCA, and MLZ principles.
• Hands-on experience implementing hybrid and B2B connectivity solutions.

Technical Skills:

• Expertise in core Azure services: Azure AD, Azure Firewall, VPN Gateway, ExpressRoute, Azure Virtual WAN, and Key Vault.
• Proficiency in designing hybrid architectures using ExpressRoute and Private Link.
• Experience with Infrastructure as Code (IaC) tools like Terraform, ARM templates, or Bicep.
• Strong knowledge of networking, security, and identity solutions, including conditional access and identity federation.

Compliance Knowledge:

• Strong understanding of frameworks like NIST SP 800-53, CMMC, FedRAMP, and ISO 27001.
• Experience implementing Azure Policy and Blueprints for governance and compliance.

Certifications:

• Microsoft Certified: Azure Solutions Architect Expert (required).
• Additional certifications such as Azure Security Engineer Associate, CISSP, or TOGAF are preferred.

Soft Skills:

• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and collaboration skills, with the ability to present complex solutions to technical and non-technical stakeholders.
• Leadership capabilities to guide teams and influence cloud strategies.

Desired Qualifications: 

• Experience with Mission Landing Zone (MLZ) design and cross-domain solutions (CDS).
• Knowledge of secure B2B and SaaS platform integrations using Azure AD B2B and API Management.
• Experience with multi-cloud or cross-cloud architecture and security.
• Familiarity with advanced DevOps practices, including secure CI/CD pipelines.