Overview
We are looking for an experienced AWS Solution Architect to help design, guide, and support secure cloud architectures across commercial AWS and AWS GovCloud-style environments. This role requires a deep understanding of AWS services, multi-account architecture, cloud security, infrastructure design, and practical cloud troubleshooting. The ideal candidate is not just someone who can draw architecture diagrams. We need someone who can understand real cloud problems, design practical solutions, work with engineering teams, and help turn cloud architecture into reliable, secure, deployable systems. An active AWS Solution Architect certification is required. Ideal Candidate Traits - Strong cloud problem solver who can investigate difficult issues without needing step-by-step direction. - Able to balance architecture best practices with real-world operational constraints. - Comfortable leading technical discussions while still being hands-on when needed. - Self-starter who continues making progress without waiting for constant direction. - Detail-oriented, especially around security, networking, IAM, and documentation. - Strong communicator who can explain complex AWS designs in practical terms. - Able to work with engineers, managers, customers, and security stakeholders. - Focused on building systems that are secure, supportable, repeatable, and ready for production use. Example Work Design a secure multi-account AWS environment with separate Shared Services, Network, Security, Logging, and workload accounts. - Review CDK-based infrastructure designs and identify risks in IAM, networking, logging, or deployment structure. - Troubleshoot a failed application deployment by reviewing GitLab pipeline logs, CloudFormation events, CloudWatch logs, and CloudTrail activity. - Design a private networking model using Transit Gateway, VPC endpoints, DNS forwarding, NAT, and workload account routing. - Create architecture guidance for serverless applications using Lambda, API Gateway, EventBridge, SQS, DynamoDB, and S3. - Help define cloud standards for tagging, logging, encryption, access control, account separation, and operational monitoring.
Responsibilities
- Design secure, scalable, and maintainable AWS cloud architectures across multi-account environments.
- Support AWS account structures such as Shared Services, Network, Security, Logging, Development, QA, Stage, and Production workload accounts.
- Provide architectural guidance for infrastructure built with AWS CDK, TypeScript, CloudFormation, and related automation tools.
- Work closely with IaC engineers, platform engineers, security teams, and operations teams to translate architecture into deployable infrastructure.
- Review and validate cloud designs for security, reliability, scalability, cost, and operational supportability.
- Troubleshoot complex AWS issues using CloudWatch, CloudTrail, VPC Flow Logs, IAM policy analysis, Config, GuardDuty, and other AWS-native tools.
- Design and review networking patterns involving VPCs, Transit Gateway, routing, private subnets, NAT, security groups, VPC endpoints, DNS, VPN, and hybrid connectivity.
- Support serverless and event-driven architectures using services such as Lambda, EventBridge, SQS, SNS, Step Functions, API Gateway, DynamoDB, and S3.
- Provide architectural guidance for container and cluster-based platforms such as ECS, EKS, Kubernetes, and related AWS services.
- Assist with CI/CD and deployment workflows using GitLab, Jira, merge requests, branch naming, commit discipline, and ticket-based delivery.
- Help define standards, reusable patterns, reference architectures, and technical documentation.
- Participate in design reviews, troubleshooting sessions, and customer or stakeholder technical discussions.
- Identify gaps in current cloud environments and recommend practical improvements.
Requirements
- Active AWS Certified Solutions Architect certification.
- Deep hands-on experience with AWS cloud architecture and operations.
- Strong understanding of AWS multi-account environments and account separation models.
- Experience with AWS GovCloud or regulated cloud environments.
- Strong understanding of core AWS services, including IAM, VPC, EC2, S3, KMS, CloudWatch, CloudTrail, Lambda, Route 53, ALB/NLB, RDS, DynamoDB, and AWS Organizations.
- Strong cloud troubleshooting experience, especially around IAM, networking, logging, deployment failures, and service integration issues.
- Experience designing secure architectures using least privilege, encryption, logging, monitoring, tagging, and compliance-aligned controls.
- Experience with infrastructure as code, preferably AWS CDK with TypeScript.
- Experience working with GitLab and Jira in structured engineering environments.
- Ability to review infrastructure code, architecture diagrams, deployment plans, and operational designs.
- Ability to communicate technical decisions clearly to engineers, managers, and stakeholders.
Preferred Qualifications
- AWS Certified Solutions Architect — Professional.
- Experience with AWS GovCloud, CMMC, FedRAMP, IL4, IL5, or similar compliance-driven environments.
- Experience with AWS Control Tower, Landing Zone Accelerator, AWS Organizations, SCPs, and centralized logging/security patterns.
- Experience designing Shared Services, Network, Security, Audit/Logging, and workload account architectures.
- Experience with EKS, ECS, Kubernetes, service meshes, container networking, and cluster observability.
- Experience with serverless architectures and Lambda-based automation.
- Experience with hybrid cloud connectivity, Active Directory, DNS, VPN, Direct Connect, private endpoints, and Transit Gateway.
- Experience with GitLab CI/CD, AWS CDK pipelines, or automated infrastructure deployment workflows.
- Experience with cost optimization, high availability, disaster recovery, and operational readiness planning.