Cloud / Enterprise Architect

Summary

Andersen is hiring a Cloud / Enterprise Architect for a project designing a secure, scalable multi-tenant architecture, ensuring reliable environments and strong access control.

The customer is an international consulting company specializing in strategy, digital transformation, and data-driven solutions. It supports organizations across industries such as energy, financial services, retail, and the public sector, helping them navigate complex market challenges, improve operational efficiency, and implement large-scale transformation initiatives. The company is known for its strong analytical expertise, focus on sustainability and innovation, and collaborative approach to delivering long-term business value.

The project is focused on designing and implementing a scalable, secure multi-tenant architecture across cloud and network layers. It includes establishing identity, access, and infrastructure configurations to support reliable and isolated environments.

Responsibilities

• Designing and implementing a scalable and secure multi-tenant setup across Azure Entra, AWS, and network layers.
• Designing a multi-tenant access model using guest accounts, including user lifecycle management, role and permission structures, and approval flows.
• Building automation for provisioning, deprovisioning, and temporary access (PIM), as well as ensuring proper auditability and compliance.
• Implementing automation and Infrastructure as Code to support access management processes, reduce manual overhead, and enable self-service capabilities where possible.
• Designing and implementing a segmented architecture based on Palo Alto firewalls, ensuring proper isolation between tenants and environments, and integrating with AWS and Prisma.
• Defining access boundaries and controlling access to the data plane.
• Defining incident response scenarios such as compromised credentials or devices, minimizing blast radius, and enabling fast impact assessment through proper logging and monitoring.
• Defining a high-level migration approach, including tenant separation, user transition, and service migration, supported by proof of concept to validate the target architecture.
• Leading the overall design, security model, and migration strategy, while DevOps engineers would focus on automation, infrastructure setup, and implementation.
• Ensuring delivery of a secure, automated, and manageable multi-tenant platform aligned with business and compliance requirements.

Requirements

• Experience in Cloud Architecture / Enterprise Architecture roles for 5+ years.
• Strong experience designing and governing multi-tenant Azure environments (tenant separation, identity boundaries, shared services strategy, and operating model definition).
• Deep knowledge of Microsoft Entra ID at enterprise level (cross-tenant access, B2B concept, identity governance, RBAC, PIM, conditional access, and administrative models).
• Proven experience designing company-level platform services (IAM, centralized logging, monitoring, IPAM, networking, and FinOps capabilities).
• Strong architectural knowledge of Azure governance (management groups, subscriptions, policies, landing zones, blueprints / policy initiatives, and delegated administration models).
• Strong experience in network architecture (tenant-level segmentation, connectivity strategy, DNS, private connectivity, IP planning, firewalling, and hybrid integration patterns).
• Experience defining target operating models for shared platform services across multiple Azure tenants and aligned AWS environments.
• Experience with observability architecture (centralized logging, SIEM integration, monitoring standards, alerting models, and operational ownership boundaries).
• Experience defining and governing FinOps architecture (cost allocation models, tagging standards, budgeting, optimization processes, and reporting structures).
• Experience creating migration architecture and automation strategy for moving projects into separate tenants, including dependency discovery, control mapping, migration waves, landing zone readiness, and cutover governance.
• Strong understanding of AWS enterprise architecture, especially IAM, networking, logging / monitoring, and account-level governance, to ensure consistent cross-cloud standards.
• Ability to work with executive stakeholders, security teams, infrastructure teams, and delivery teams to drive enterprise transformation initiatives.
• Azure and/or AWS certifications.
• Level of English – from Intermediate+ and above.

Desired skills

• Familiarity with Azure Lighthouse and centralized operations across multiple tenants.
• Experience designing cross-cloud governance models spanning Azure and AWS.
• Background in regulated industries, complex enterprise environments, or post-merger / separation programs.

Reasons to join us

• Experience in teamwork with leaders in FinTech, Healthcare, Retail, Telecom, and others. Andersen cooperates with such businesses as Samsung, Siemens, Johnson & Johnson, BNP Paribas, Ryanair, Mercedes, TUI, Verivox, Allianz, T-Systems, etc..
• The opportunity to change the project and/or develop expertise in an interesting business domain.
• Job conditions – you can work both fully remotely and from the office or can choose a hybrid variant.
• Guarantee of professional, financial, and career growth! The company has introduced systems of mentoring and adaptation for each new employee.
• The opportunity to earn up to an additional 1,000 USD per month, depending on the level of expertise, which will be included in the annual bonus, by participating in the company's activities.
• Access to the corporate training portal, where the entire knowledge base of the company is collected and which is constantly updated.
• Bright corporate life (parties / pizza days / PlayStation / fruits / coffee / snacks / movies).
• Certification compensation (AWS, PMP, etc).
• Referral program.
• English courses.
• Private health insurance and compensation for sports activities.

Join us!

Lokalizacje

Worldwide