United States onlyThis is a remote position.
Job Title: AWS Cloud Infrastructure Architect
Location: Remote
Duration: Full-Time
Clearance: IRS MBI Required
We are seeking an experienced AWS Cloud Architect to design, implement, and manage our organization's cloud infrastructure on Amazon Web Services. This role will be responsible for establishing and maintaining our AWS environment, including account structure, networking, security, and governance frameworks.
Key Responsibilities
AWS Account & Organization Management
- Design and implement AWS account structure using AWS Organizations
- Create and manage Organizational Units (OUs) based on business requirements and best practices
- Establish account governance policies and standards
- Implement consolidated billing and cost allocation strategies
- Deploy and manage AWS Control Tower for automated account provisioning and governance
- Implement Landing Zone Architecture (LZA) for scalable, secure multi-account environments
Network Architecture & Connectivity
- Design and deploy Virtual Private Clouds (VPCs) across multiple regions
- Configure and manage VPN connections (Site-to-Site VPN and Client VPN)
- Implement AWS Direct Connect for hybrid cloud connectivity
- Design network segmentation strategies using subnets, route tables, and network ACLs
- Configure Transit Gateway for multi-VPC connectivity
- Manage DNS using Route 53
- Architect network solutions for AWS GovCloud environments
Identity & Access Management (IAM)
- Design and implement IAM policies, roles, and permission boundaries
- Establish identity federation with corporate identity providers
- Implement least privilege access principles
- Create and manage service control policies (SCPs) at the organization level
- Configure multi-factor authentication (MFA) requirements
- Develop IAM governance and compliance frameworks
Security & Compliance
- Design and implement security policies across the organization
- Configure AWS Security Hub, GuardDuty, and AWS Config
- Implement encryption strategies for data at rest and in transit
- Establish security monitoring and incident response procedures
- Ensure compliance with industry standards (SOC 2, ISO 27001, HIPAA, etc.)
- Maintain FedRAMP compliance requirements and controls
- Design and implement security architectures for AWS GovCloud (US) regions
- Conduct security assessments and vulnerability management
- Implement AWS WAF and Shield for application protection
Additional Responsibilities
- Create infrastructure as code using AWS CloudFormation or Terraform
- Develop and maintain architectural documentation and diagrams
- Provide technical guidance and mentorship to engineering teams
- Participate in disaster recovery planning and testing
- Optimize cloud costs and resource utilization
Technical Skills
- 5+ years of experience in cloud architecture, with 3+ years specifically on AWS
- Deep understanding of AWS Organizations and multi-account strategies
- Hands-on experience with AWS Control Tower for account orchestration and governance
- Proficiency in Landing Zone Architecture (LZA) design and implementation
- Experience working with AWS GovCloud (US) environments
- Knowledge of FedRAMP compliance requirements, controls, and authorization processes
- Expert knowledge of AWS networking services (VPC, VPN, Direct Connect, Transit Gateway)
- Strong expertise in IAM, including policy design and identity federation
- Proven experience implementing security best practices and compliance frameworks
- Proficiency with infrastructure as code tools (CloudFormation, Terraform, CDK)
- Experience with AWS security services (Security Hub, GuardDuty, Config, CloudTrail)
Certifications (Preferred)
- AWS Certified Solutions Architect – Professional
- AWS Certified Security – Specialty
- AWS Certified Advanced Networking - Specialty
- Additional AWS certifications are a plus
