Principal Cloud Infrastructure Engineer - Azure (Architect Track)

Principal Cloud Infrastructure Engineer, Azure (Architect Track)

Location: US Remote | Reports to: CTO | US Work Authorization Required

Alt Legal is a fast-growing SaaS-based legal technology company focused on making trademark professionals’ lives easier. Our intuitive and automated software helps IP professionals create, maintain, and analyze trademarks and other IP assets. Nearly 2,000 leading law firms and global companies trust our software to manage hundreds of thousands of filings daily.

We are a diverse and multi-talented virtual team. We thrive in a collaborative, open, positive environment, and we care about our mission, customers, prospects, each other, and the broader community. We are committed to ensuring that everyone on the team can grow by being around equally exceptional and kind people.

We are hiring a Principal Cloud Infrastructure Engineer with deep experience in Microsoft Azure to take full ownership of our Azure environment - architecture, security, reliability, and execution.

You will be the senior technical authority on infrastructure, working directly with the CTO and providing technical direction to our distributed DevOps team. This is a hands-on ownership role: you are expected to design systems, raise engineering standards, and execute when needed, while remaining accountable for real production outcomes.

• Own Azure architecture across all environments (prod, staging, dev). 
• Build, review & improve existing Terraform IaC.
• Design and implement secure cloud landing zones (networking, IAM, governance). 
• Design and drive infrastructure patterns for environment separation, multi-tenant, single-tenant, and regional deployments. 
• Continuously work on improvement of Identity & Access Management (RBAC, PIM, Conditional Access)  
• Drive improvement of existing backup and disaster recovery capabilities (RTO/RPO), including testing and ensuring full environment rebuild from IaC.
• Design and enforce network architecture (segmentation, private endpoints, firewall/WAF). 
• Lead infrastructure-related incident response, root cause analysis and production support. 
• Improve logging, monitoring, and alerting architecture.
• Implement security controls in infrastructure aligned with SOC 2 and ISO 27001 requirements. 
• Provide technical direction and quality control for remote Platform/DevOps engineers. 
• Document current architecture, identify gaps, and drive improvements. 
• Optimize cloud cost, performance, and reliability.
• Establish runbooks and operational processes. 

• 7+ years in cloud infrastructure, SRE, or cloud security roles, with experience operating production systems.
• 4+ years deep, hands-on Azure experience in production SaaS environments.
• Experience operating at Staff-level scope, shaping infrastructure decisions and standards.
• Strong Terraform/Bicep experience at production scale (module design, environment structure, governance).
• Proven experience designing cloud architecture, not just implementing existing designs.
• Experience owning production systems, including uptime, reliability, and incident response.
• Experience designing and executing disaster recovery strategies (RTO/RPO, restore procedures).
• Strong hands-on experience across Azure core platform components (App Services, networking, managed databases, IAM, storage, monitoring, and logging)
• Deep experience with Entra ID / Azure AD (RBAC, PIM, Conditional Access).
• Strong understanding of cloud networking and security (segmentation, private endpoints, firewall/WAF, zero trust).
• Experience designing or evolving infrastructure for multi-tenant SaaS platforms.
• Experience designing or contributing to regional or multi-region architectures, including data residency considerations. 
• Experience in working with distributed or offshore engineering teams.
• Experience mentoring team members or leading technical teams.
• Strong written and verbal communication skills in English.
• Legally authorized to work in the United States on a permanent basis without need for current or future employer-sponsored immigration support. This role is not eligible for visa sponsorship now or in the future.

• Experience managing PostgreSQL or other cloud databases.
• Familiarity with Cloudflare (WAF, Access, Zero Trust) (real plus)
• Experience defining or implementing single-tenant deployment models (real plus)
• Experience with Azure Defender for Cloud, Microsoft Sentinel, or similar cloud security tooling.

• Familiarity with containerization (Docker, Kubernetes/AKS).
• Experience supporting SOC 2, ISO 27001, or similar frameworks (technical implementation).
• Azure certification (AZ-305, AZ-500)

• High ownership mindset with ability to operate independently, make decisions, and drive outcomes in a fast-moving environment.

• Full ownership of Azure infrastructure transitioned from CTO, and CTO is no longer the bottleneck for infrastructure decisions.
• Terraform and infrastructure changes governed by clear standards and review processes.
• Hardened IAM and improved security posture.
• Validated and strengthened disaster recovery with known and tested RTO/RPO.
• Clear architecture documentation and roadmap for platform evolution.
• Infrastructure supports environment separation, single-tenant deployments, and multi-region/data residency requirements.

• Impact: Direct collaboration with the CTO and senior engineers — real ownership from day one. 
• Innovation: Opportunity to design and implement core platform architecture for multi-tenant and single-tenant deployments, multi-region infrastructure, and data residency — directly impacting product capabilities and company growth.Work on an evolving security maturity roadmap covering Identity, Endpoint, Network, and DR.
• Modern stack: Azure, Terraform, CI/CD, Sentinel, Cloudflare, PostgreSQL, ELK 
• Autonomy: Ability to impact and shape our full infrastructure roadmap.
• Growth: Clear path toward infrastructure leadership as the platform and team scale.
• Flexible remote culture and a pragmatic engineering environment.
• Salary: $130,000 - $250,000, depending on location and experience, plus competitive benefits package.

Alt Legal offers a collaborative and challenging work environment and the opportunity to be part of a growing company. We're a team of intellectually curious individuals who love learning and developing new skills. Our company was founded on the belief that a team with diverse backgrounds and identities will have the greatest range of experiences, the best selection of ideas, and the most inclusive and supportive culture.

We also offer all employees a variety of perks such as flexible vacation, remote work options, and the opportunity to determine your own growth path.

We are an equal opportunity employer. We welcome applications from all qualified candidates. We're happy to discuss reasonable adjustments at any stage of the recruitment process.

• Your background is primarily M365, Exchange, Teams, or SharePoint
• You've spent most of your career in corporate IT, helpdesk, or endpoint/Intune management
• You're looking for a pre-sales, consulting, or diagram-and-handoff architect role 
• You want to design systems but not write Terraform or lead incidents

If you’re interested, you should apply via Breezy with:

• A resume in PDF format
• ESSENTIAL - A short statement (3-5 sentences) telling us: (1) the single most impactful architectural decision you've made in the last 2 years — what the tradeoff was and what you'd do differently now; and (2) why this specific role at Alt Legal is interesting to you.
• At least one link to work you've authored or contributed to (blog post, open-source contribution, technical documentation, conference talk, or architecture write-up). If you don't have public material available, note that in your statement.

Applications must be submitted by the candidate directly, not through a recruiting agent. We review applications on a rolling basis.

We are not engaging external recruiting partners for this search. Unsolicited resumes sent by agencies will not be considered, and no fee will be owed for candidates introduced through agency outreach. Please do not contact us on behalf of candidates.