Job Title: AWS Architect
Location: Remote
Duration: Fulltime
Responsibilities include:
Must Have Technical/Functional Skills
AWS Platform Architect (Hands-On)
Experience Level: 10–15 years total; 6–8 years in AWS platform architecture and automation
Role Summary
We’re seeking a hands-on AWS Platform Architect to design, automate, and govern a secure, scalable AWS foundation—
enabling payment workloads, data & AI platforms, and core applications. The role blends deep technical implementation (IaC, CI/CD, security automation) with program governance, compliance, and stakeholder leadership.
Key Responsibilities
Platform Provisioning & Automation
•Design and automate AWS Organizations, multi-account strategy, SCPs, VPC architectures, Transit Gateway, Private Link, and centralized egress.
•Implement IAM (roles, permission boundaries, identity federation), AWS SSO, and guardrails aligned to enterprise controls.
•Automate security services (Config, Guard Duty, Security Hub, CloudTrail, KMS, Macie, Detective) and monitoring (CloudWatch, CloudWatch Logs, X-Ray).
•Build reusable Terraform modules and pipelines for repeatable environment provisioning.
Security & Compliance Integration
•Integrate FCB-defined (or customer-defined) security controls, IAM policies, and program guardrails across accounts and workloads.
•Map controls to frameworks (PCI DSS for payments, SOC 2/ISO 27001, NIST CSF) and implement evidence collection via automation.
•Define and enforce least-privilege access, encryption, network segmentation, and operational monitoring baselines.
CI/CD & Infrastructure-as-Code
•Establish CI/CD pipelines (GitHub Actions/GitLab CI/Azure DevOps/Code Pipeline) for infra and app workloads.
•Standardize Terraform workflows (workspaces, state management, policy as code with OPA/Conftest/Terraform Cloud/Enterprise).
•Integrate automated testing (static analysis, drift detection, security scanning, compliance validation).
Workload Enablement (Payments, Data & AI, Core Apps)
•Architect secure payment environments with PCI-ready controls, tokenization patterns, and audit readiness.
•Design data platform services (data lakes, analytics, AI/ML) including ingestion pipelines, governance, lineage, and secure access.
•Enable core application services and platform components (EKS/ECS, serverless, managed databases, caching, messaging, observability).
Program Governance & Reporting
•Define program guardrails, governance model, KPIs, and reporting cadence; run compliance audits with automated evidence.
•Establish change management, incident response, and cost governance (FinOps guardrails, tagging, budgets, anomaly detection).
Documentation & Handover
•Produce architecture diagrams, runbooks, standards, Terraform module catalogs, and operational playbooks.
•Lead knowledge transfer and operational handover to platform and app teams.
Required Qualifications
•Hands-on AWS expertise across Organizations, VPC networking, IAM, KMS, Security Hub/GuardDuty/Config/CloudTrail, CloudWatch, and data services.
•Terraform mastery (modules, state, workspaces, policy as code) and CI/CD pipeline setup for infra and app deployments.
•Security & compliance experience (PCI DSS, SOC 2, ISO 27001, NIST CSF)—control design, automation, and audit readiness.
•Networking: Multi-account networking, segmentation, TGW, Route 53, NAT/east-west patterns, PrivateLink, hybrid connectivity (Direct Connect/VPN).
•Data & AI platform design: Data lake architecture, analytics pipelines, access controls, ML orchestration (SageMaker/EKS-based).
•Containers & serverless: EKS/ECS, Lambda, API Gateway, event-driven patterns; observability and resilience.
•Strong stakeholder leadership: Requirements, current-state assessment, roadmap creation, and cross-functional alignment.
Nice-to-Have
•PCI-ready payment workload enablement experience.
•FinOps and cost optimization practices.
•Policy-as-code tools: OPA/Conftest, Checkov, Infracost.
•GitHub Actions/GitLab CI/Azure DevOps/CodePipeline experience.
•SRE practices: error budgets, SLIs/SLOs, runbooks, chaos testing.
•Certifications: AWS Solutions Architect – Professional, AWS Security Specialty, Certified Kubernetes Administrator (CKA).
Tools & Tech Stack
•IaC & Pipelines: Terraform, Terragrunt (optional), GitHub/GitLab/Azure DevOps/CodePipeline
•Security & Governance: AWS Config, Security Hub, GuardDuty, CloudTrail, KMS, IAM Identity Center, SCPs
•Networking: VPC, TGW, Route 53, PrivateLink, Direct Connect/VPN
•Observability: CloudWatch, CloudWatch Logs, X-Ray, OpenTelemetry (optional)
•Data & AI: S3, Lake Formation, Glue, Athena/Redshift, EMR, Kinesis/MSK, SageMaker, Step Functions
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.
