Primary Skill Area: Azure Networking (Critical & Mandatory)
The successful candidate
must be a strong Azure Network Architect first
, with SAP, IaaS, and FinOps capabilities built on top of this foundation.
Azure Networking Responsibilities
Architect and own
enterprise Azure networking designs
, including:
* Hub‑and‑spoke topology
* Virtual WAN (where applicable)
* Design SAP‑optimised Azure network architectures, covering:
* VNet and subnet design per SAP tier
* Latency, throughput, MTU, and routing considerations
* SAP inter‑tier communication flows
* Lead hybrid connectivity architecture, including:
* ExpressRoute (mandatory, primary connectivity)
* Site‑to‑Site VPN (secondary / DR)
* Design and govern:
* Network Security Groups (NSGs)
* User Defined Routes (UDRs)
* Azure Firewall and/or NVAs
* Architect secure ingress and egress using:
* Azure Load Balancer
* Application Gateway (WAF)
* Define DNS, routing, and traffic‑flow strategies for SAP users, integrations, and management services
* Ensure networking aligns with Zero Trust, enterprise security, and SAP certification requirements
Azure IaaS Architecture (Secondary, Cost‑Aware)
* Architect enterprise‑scale Azure IaaS platforms for SAP workloads
* Design and govern:
* SAP‑certified Azure Virtual Machines
* Managed disks (Premium / Ultra)
* Availability Sets and Availability Zones
* Own infrastructure sizing, capacity planning, and performance tuning for SAP HANA
* Define OS‑level standards (Linux / Windows) for SAP
* Design HA/DR‑ready infrastructure meeting strict RTO/RPO targets
SAP on Azure IaaS – Migration & Runtime
* Lead SAP ECC and SAP S/4HANA migrations to Azure IaaS
* Architect SAP‑certified designs including:
* ASCS/ERS high availability
* HANA scale‑up and scale‑out
* Cross‑zone and cross‑region resilience
* Design SAP disaster recovery using Azure Site Recovery
* Work closely with SAP Basis teams to ensure SAP supportability
* Support cutover, go‑live, and post‑migration stabilisation
Azure Landing Zones – Network‑ & Cost‑Centric
* Design and implement Azure Landing Zones with a network‑first and cost‑aware approach
* Define:
* Management group and subscription hierarchy
* Network‑centric landing zone patterns
* Shared services and connectivity hubs
* Build SAP‑ready landing zones, ensuring:
* Network isolation per SAP tier
* Controlled ingress/egress
* Hybrid integration with on‑prem SAP landscapes
* Act as the design authority for Azure network, platform, and cost governance standards
FinOps & Cost Optimisation (Explicit Responsibility)
* Embed FinOps principles into Azure IaaS and SAP architecture decisions
* Design cost‑optimised Azure network and infrastructure architectures, including:
* Right‑sizing SAP VMs and HANA instances
* Storage tier selection and performance‑cost trade‑offs
* Network cost optimisation (ExpressRoute, egress, traffic flows)
* Define and enforce:
* Resource tagging standards
* Cost allocation by SAP system, environment, and business unit
* Use Azure Cost Management to:
* Monitor SAP infrastructure spend
* Identify cost anomalies and optimisation opportunities
* Support forecasting and budgeting for SAP landscapes
* Advise stakeholders on cost vs resilience vs performance trade‑offs
* Support ongoing cost optimisation post‑migration, not just initial design
Infrastructure Automation & Azure DevOps
* Deliver networking, IaaS, and cost‑governance automation using:
* Terraform (preferred)
* ARM / Bicep
* Build Azure DevOps pipelines for:
* Landing zone deployment
* Network and connectivity provisioning
* SAP infrastructure rollout
* Enforce governance, cost controls, and consistency through code
Required Skills & Experience
Mandatory (Primary Screening Criteria)
* Deep Azure Networking expertise (PRIMARY SKILL)
* Proven experience designing enterprise Azure network architectures
* Strong ExpressRoute and hybrid connectivity experience
* Extensive experience as an Azure IaaS / Infrastructure Architect
* Proven SAP on Azure IaaS experience
* Azure Landing Zone design and implementation
* Strong FinOps / cost optimisation experience for Azure IaaS
* Infrastructure as Code (Terraform preferred)
* Azure DevOps CI/CD experience
* High availability and disaster recovery design