Principal Cloud Infrastructure Engineer - Azure (Architect Track)

Alt Legal is a fast-growing SaaS-based legal technology company focused on making trademark professionals’ lives easier. They are seeking a Principal Cloud Infrastructure Engineer with deep experience in Microsoft Azure to take full ownership of their Azure environment, including architecture, security, reliability, and execution.

Responsibilities:

• Own Azure architecture across all environments (prod, staging, dev)
• Build, review & improve existing Terraform IaC
• Design and implement secure cloud landing zones (networking, IAM, governance)
• Design and drive infrastructure patterns for environment separation, multi-tenant, single-tenant, and regional deployments
• Continuously work on improvement of Identity & Access Management (RBAC, PIM, Conditional Access)
• Drive improvement of existing backup and disaster recovery capabilities (RTO/RPO), including testing and ensuring full environment rebuild from IaC
• Design and enforce network architecture (segmentation, private endpoints, firewall/WAF)
• Lead infrastructure-related incident response, root cause analysis and production support
• Improve logging, monitoring, and alerting architecture
• Implement security controls in infrastructure aligned with SOC 2 and ISO 27001 requirements
• Provide technical direction and quality control for remote Platform/DevOps engineers
• Document current architecture, identify gaps, and drive improvements
• Optimize cloud cost, performance, and reliability
• Establish runbooks and operational processes

Requirements:

• 7+ years in cloud infrastructure, SRE, or cloud security roles, with experience operating production systems
• 4+ years deep, hands-on Azure experience in production SaaS environments
• Experience operating at Staff-level scope, shaping infrastructure decisions and standards
• Strong Terraform/Bicep experience at production scale (module design, environment structure, governance)
• Proven experience designing cloud architecture, not just implementing existing designs
• Experience owning production systems, including uptime, reliability, and incident response
• Experience designing and executing disaster recovery strategies (RTO/RPO, restore procedures)
• Strong hands-on experience across Azure core platform components (App Services, networking, managed databases, IAM, storage, monitoring, and logging)
• Deep experience with Entra ID / Azure AD (RBAC, PIM, Conditional Access)
• Strong understanding of cloud networking and security (segmentation, private endpoints, firewall/WAF, zero trust)
• Experience designing or evolving infrastructure for multi-tenant SaaS platforms
• Experience designing or contributing to regional or multi-region architectures, including data residency considerations
• Experience in working with distributed or offshore engineering teams
• Experience mentoring team members or leading technical teams
• Strong written and verbal communication skills in English
• Legally authorized to work in the United States on a permanent basis without need for current or future employer-sponsored immigration support. This role is not eligible for visa sponsorship now or in the future
• Experience managing PostgreSQL or other cloud databases
• Familiarity with Cloudflare (WAF, Access, Zero Trust) (real plus)
• Experience defining or implementing single-tenant deployment models (real plus)
• Experience with Azure Defender for Cloud, Microsoft Sentinel, or similar cloud security tooling
• Familiarity with containerization (Docker, Kubernetes/AKS)
• Experience supporting SOC 2, ISO 27001, or similar frameworks (technical implementation)
• Azure certification (AZ-305, AZ-500)
• High ownership mindset with ability to operate independently, make decisions, and drive outcomes in a fast-moving environment