Remote: Cloud Architect

Remote • Posted 7 hours ago • Updated 7 hours ago
Contract Independent
Contract W2
12 Months
No Travel Required
Remote
$60 - $65/hr
Company Branding Image
Fitment

Dice Job Match Score™

🛠️ Calibrating flux capacitors...

Job Details

Skills

  • Cloud Architect + Gitlab

Summary

Cloud Architect + Gitlab

100% Remote

6+ Months

 

Job Description:

Overview

We are looking for a hands-on Cloud Architect for a 3–6-month contract engagement focused on hardening and modernizing infrastructure across three AWS accounts. The scope is practical and resource-level: cleaning up IAM, securing S3, rationalizing RDS, and migrating workloads from EC2 to EKS where it makes sense. We already have CSPM and observability tooling in place — this role is about fixing the infrastructure itself, not deploying more monitoring. All changes are to be implemented and maintained via Terraform; the contractor will leave behind clean, reviewable IaC rather than ad-hoc console changes.

 

WHAT YOU''LL WORK ON

Priorities will be driven by findings and account state, but the primary areas of focus are:

  • IAM cleanup and least-privilege enforcement — removing stale users and roles, scoping down overly permissive policies, replacing long-lived access keys with OIDC federation and instance profiles, and hardening root account controls.
  • S3 security and compliance — bucket inventory and classification, enforcing public access blocks, tightening bucket policies and ACLs, KMS encryption, TLS-only access, and versioning/lifecycle hygiene.
  • RDS and Aurora rationalization — right-sizing over-provisioned instances using Performance Insights and CloudWatch data, identifying clusters for consolidation or decommissioning, and hardening remaining clusters (encryption, security group lockdown, public accessibility disabled).
  • EC2-to-EKS migration — assessing the EC2 fleet for containerization feasibility, migrating appropriate workloads to EKS with IRSA replacing instance profiles, and cleanly decommissioning migrated instances including Terraform state cleanup.
  • General IaC hygiene — importing unmanaged resources into Terraform, refactoring existing modules for consistency, and ensuring all changes across the three accounts are tracked in version control.

 

REQUIRED QUALIFICATIONS

  • 5+ years of hands-on AWS experience across IAM, compute, storage, and networking — working directly in accounts, not just designing on whiteboards.
  • Required: Valid AWS certification:
  • AWS Solutions Architect – Associate or Professional
  • AWS Security Specialty a strong plus given the IAM and S3 scope
  • Expert Terraform: authoring and refactoring modules, importing existing resources, managing remote state across multiple accounts, and shipping changes through CI pipelines.
  • Deep IAM knowledge: policy evaluation logic, permission boundaries, OIDC federation, IRSA, cross-account roles, and Access Analyzer.
  • S3: bucket policy authoring, KMS CMK integration, public access controls, and lifecycle configuration.
  • RDS / Aurora: right-sizing methodology, Performance Insights, parameter group hardening, and security group configuration.
  • Kubernetes / EKS: cluster operations, IRSA, RBAC, Helm, and migrating workloads from EC2.
  • GitLab CI/CD: OIDC-based AWS authentication and Terraform pipeline workflows.
  • HashiCorp Vault: dynamic AWS credentials to replace static IAM access keys.

 

NICE TO HAVE

  • Terraform Enterprise or Terraform Cloud: Sentinel policy enforcement, workspace-per-account patterns.
  • AWS Organizations / SCPs for preventive guardrails across accounts.
  • Experience triaging findings from CSPM tools (Upwind, Wiz, or similar) to prioritize remediation.
  • Familiarity with Lumos or similar IGA tooling for access review workflows.

 

TECH STACK

AWS

  • IAM | S3 | KMS | RDS / Aurora | EC2 | EKS | VPC | Secrets Manager | SSM

IaC & Delivery

  • Terraform / Terraform Cloud or Enterprise
  • GitLab CI/CD (OIDC AWS auth)
  • HashiCorp Vault Enterprise
  • Helm / Kustomize

Compliance Targets

  • CIS AWS Foundations Benchmark | AWS Foundational Security Best Practices (FSBP)
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 91093412
  • Position Id: 9019828
  • Posted 7 hours ago

Company Info

About Montek System

Montek Systems is an engineering and technology services firm providing client-focused solutions in select global industries. Montek Systems provides global engineering and technology solutions and professional staffing services through its global business operations.

We deliver staffing solutions and recruitment services to leading companies with operations worldwide. Montek Systems allows you to obtain or fill a variety of different positions and opportunities. We offer five years of experience contracting full-time positions with clients in a wide range of industries, specializing in IT and engineering recruiting. Our main focus is within the Unites States and Canada.

Contact the job poster
Ravi Nigam

Ravi Nigam

Recruiter @ Montek System
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

It looks like there aren't any Similar Jobs for this job yet.

Search all similar jobs