Job Title: Cloud Infrastructure Architect
Job Type: Full-time
Work Setting: Remote
Experience Level: Senior (5+ years)
---
ABOUT THE ROLE
We're hiring a Cloud Infrastructure Architect to own our edge security and Azure cloud platform, serving a multi-tenant B2B SaaS e-commerce platform with hundreds of business customers across North America and Europe.
Your primary mandate: Cloudflare Web Application Firewall (WAF) is mandatory. You'll architect and manage our WAF policies, tuning rules for real-world attack patterns without breaking legitimate traffic. You'll also own our Azure IaaS/PaaS foundation, ensuring uptime, performance, and cost efficiency across VMs, App Services, databases, and container workloads.
This is not a role for architects who hand off execution to operators. You architect, build, monitor, and troubleshoot in production daily.
---
WHAT YOU'LL DO
**Cloudflare & Edge Security (Primary Focus)**
- Own all Cloudflare configuration: DNS, CDN, page rules, and caching rules
- Design, implement, and continuously tune Cloudflare WAF rules — balancing security against legitimate traffic patterns for B2B/e-commerce use cases
- Manage WAF rule sets: OWASP ModSecurity Core Rule Set, custom rules, rate limiting, bot management, and DDoS protection
- Monitor Cloudflare analytics and adjust policies based on attack patterns, false positives, and business needs
- Implement Cloudflare Workers for edge-side logic (request filtering, authentication, redirects)
- Manage Cloudflare Tunnels for secure origin connectivity
- Handle SSL/TLS at the edge: certificate management, minimum TLS version enforcement, cipher suite tuning
**Azure IaaS/PaaS**
- Manage production Azure Virtual Machines (Windows Server 2019/2022): sizing, networking, disk performance, and patching
- Deploy and manage Azure App Services hosting .NET Core applications across multiple tiers
- Administer Azure Virtual Networks, Network Security Groups, and hybrid connectivity
- Manage Azure SQL Database: performance baseline configuration, automatic tuning, backup/restore, and failover group management
- Monitor and optimize Azure App Service Plans, auto-scaling policies, and slot deployments
- Manage Docker-based workloads on Azure Container Apps
- Implement and monitor Azure Failover Groups for regional redundancy
- Optimize Azure spend using Cost Management and reservation strategies
**Windows Server & IIS**
- Manage IIS 10 on production Windows Server instances: application pools, bindings, URL rewrite rules, and request filtering
- Tune Windows Server for e-commerce workload performance (connection limits, registry tweaks, disk I/O optimization)
- Apply OS-level hardening: Windows Firewall rules, security baselines, and patch management
**SQL Server Administration**
- Maintain SQL Server production instances: backup strategies, job scheduling, and performance baselines
- Monitor and respond to performance issues: slow queries, blocking, and resource contention
- Manage database growth, replication, and availability group configurations
- Write T-SQL scripts for operational tasks and monitoring
**CI/CD & Deployment**
- Understand GitHub Actions workflows for application and infrastructure deployments
- Support deployment pipeline reliability and rollback procedures
- Coordinate infrastructure changes with application deployments
**Monitoring & Observability**
- Configure and maintain Azure Monitor, Application Insights, and Log Analytics
- Write KQL queries to diagnose issues across hundreds of tenants and multi-region deployments
- Build dashboards and alerts for infrastructure health, WAF events, and application performance
- Respond to incidents: escalation, triage, and resolution documentation
**Security & Compliance**
- Harden all layers: Cloudflare WAF, Windows Firewall, NSGs, TLS configuration
- Manage SSL/TLS certificates across Cloudflare, IIS, and Azure services
- Implement Azure Key Vault for secrets and certificate lifecycle management
- Ensure compliance with security baselines and vulnerability remediation
**General Operations**
- Manage Microsoft 365 and Entra ID: user lifecycle, conditional access, MFA, and SSO
- Administer Tailscale for remote infrastructure access
- Write PowerShell scripts for automation, monitoring, and maintenance
- Document infrastructure, runbooks, and disaster recovery procedures
- Support multi-region deployment across US and Germany datacenters
---
WHAT YOU BRING
**Required**
- 5+ years hands-on managing production cloud infrastructure (Azure, AWS, or GCP)
- **Mandatory: Production experience with Cloudflare WAF** — you've tuned rules, debugged false positives, and responded to attack patterns
- Advanced Azure IaaS/PaaS experience: VMs, App Services, Azure SQL, Virtual Networks, NSGs
- Strong Windows Server and IIS administration (production environments)
- Solid SQL Server operations knowledge: backups, jobs, performance baselines, availability groups
- Proficient in PowerShell scripting for automation and operational tasks
- Hands-on SSL/TLS certificate management across cloud and on-prem (commercial CAs, Let's Encrypt, certificate stores)
- Strong understanding of web security: OWASP fundamentals, WAF logic, DDoS mitigation, TLS best practices
- Experience with Azure Monitor and Log Analytics; able to write basic KQL queries
- Familiarity with CI/CD pipeline concepts and deployment automation
- Comfortable troubleshooting multi-tenant SaaS infrastructure in production
**Preferred**
- Azure Cost Management and spend optimization
- Azure Failover Groups and disaster recovery planning
- Cloudflare Workers for edge-side logic
- Docker and container operations (Azure Container Apps or similar)
- Conditional Access and Privileged Identity Management (PIM) in Entra ID
- Solr administration or search platform operations
- .NET application hosting experience (ASP.NET Core on IIS and App Services)
- Familiarity with SAP B1 integration requirements
- Multi-region infrastructure management
- GitHub Actions or similar CI/CD platform
---
WHY THIS ROLE
- **Direct impact** — your Cloudflare WAF rules protect hundreds of businesses and their customers daily
- **Ownership** — you have operational authority and design accountability, not ticket-driven handoffs
- **Modern stack** — Cloudflare edge security, Azure cloud, Docker containers, GitHub Actions; no legacy datacenter work
- **Technical depth** — you're solving real problems: WAF tuning for e-commerce traffic patterns, multi-region failover, performance optimization
- **Small team, big scope** — you'll own everything from Cloudflare rules to database failover to container deployments
---
Work Location: Remote
Salary: Competitive, based on experience
Pay: $50.00 - $60.00 per hour
Benefits:
Work Location: Remote