AWS Solution architect

Role:- AWS Architect
Location:- Dallas, TX
Onsite Interview

Client has a firmwide mandate to exit/minimize all datacenters by 2030. Core Engineering is the platform backbone enabling this shift. We’re searching for an elite AWS Architect to lead a 4‑person engineering pod (Architect + Tech Manager + 2 Sr. Cloud Engineers) delivering repeatable migration patterns, secure landing zones, and multi‑team adoption across BUs—no hand‑holding.

This is not a junior or mid‑level role. The architect must be equally strong in design and hands‑on leadership, with a proven track record of moving complex, regulated workloads and data to AWS at enterprise scale.

What You Will Lead & Deliver

• Architecture & Team Leadership
• Technical lead for the 4‑person pod; mentor, review, unblock; drive delivery cadence.
• Convert business/regulatory constraints into platform designs and migration plans.
• Platform & IaC (CDK‑forward)
• Author AWS CDK constructs (TypeScript/Python) for network, identity, logging, encryption, data foundations; manage CDK Pipelines across accounts/environments.
• Define versioning/deprecation strategy for constructs; ensure frictionless consumption by 10–20+ teams.
• Security & Compliance (bank‑grade)
• Enforce least‑privilege IAM, permission boundaries, SCPs, key policies (KMS), private endpoints, guardrails.
• Centralize CloudTrail/GuardDuty/Security Hub; codify controls as policy‑as‑code; maintain evidence.
• Migration Execution (Apps + Data)
• Drive discovery, wave planning, and execution using AWS migration tooling:
• Workloads/servers: AWS MGN (CloudEndure), Migration Hub, ADS.
• Databases/data: DMS, SCT, DataSync, Snowball Edge/Snow Family, S3 Transfer Acceleration, Glue ETL.
• Stateful cutovers: blue/green, canary, DNS strategies; performance baselines and smoke tests.
• Connectivity / Networking
• Design Direct Connect/VPN, routing, VPC topologies, endpoint policies, NACL/SG strategy; multi‑region HA/DR.
• Observability & Operations
• Implement CloudWatch/OTel, metric/trace/log standards; error budgets, runbooks; define SLO/SLIs for shared services.
• FinOps & Cost Controls
• Establish tagging standards, cost allocation, rightsizing; RI/SP strategy; dashboards and alerts.
• Adoption Enablement (MAP KPI)
• Publish reference architectures, docs/playbooks, sample repos, workshops/office hours; track adoption KPIs.

Required Experience

• 15+ years overall; 10+ years deep AWS architecture in regulated (bank/DoD/health) environments.
• Led ≥3 large enterprise migrations (100s of servers and multi‑TB data) including plan → migrate → cutover → hypercare.
• Built multi‑account platforms with Control Tower/Organizations, SCPs, IAM SSO, and centralized logging & security.
• Hands‑on CDK (not just Terraform): authored reusable constructs adopted by multiple teams, with CDK Pipelines.
• Demonstrated audit readiness: control mapping, Config rules, exceptions workflow, evidence packs.

Required Certifications (must be current or recently lapsed)

• AWS Solutions Architect – Professional (required)
• AWS Security – Specialty (required)
• AWS DevOps Engineer – Professional (strongly preferred)
• AWS Advanced Networking – Specialty (preferred for DX/VPC design)

Nice‑to‑have: AWS Database – Specialty or Data Analytics – Specialty (DMS/SCT strategy), CKA/CKAD (EKS‑adjacent).

Core Technical Skills (must‑have depth)

• AWS CDK (TypeScript/Python), CDK Pipelines, CloudFormation; Terraform literacy welcome but CDK is primary.
• Security: IAM/SCPs/permission boundaries, KMS (envelope encryption), Secrets Manager, S3 bucket & endpoint policies, private subnets, WAF/Shield, detective controls.
• Networking: VPC design, Transit Gateway, DX/VPN, routing, multi‑region failover.
• Data & Migration: DMS, SCT, DataSync, Snowball, S3 transfer strategies, RDS/Aurora patterns, schema conversion, replication lag/cutover.
• Workload Migration: AWS MGN, image/agent planning, dependency mapping, perf baselines, blue/green cutover.
• Observability & Ops: CloudWatch, metrics/logging, runbooks, chaos/failover testing, MTTR/MTTD improvements.
• FinOps: tagging, cost allocation, RI/SP, dashboards.

Soft Skills

• Executive presence; crisp communicator with architects, security, and BU leaders.
• Bias to action; operates independently, sets and meets aggressive timelines.
• Pragmatic decision‑maker; documents tradeoffs, risks, and mitigations.
• Coaches senior engineers; raises the team’s bar.

Team You’ll Lead (4‑person pod)

• You — Senior AWS Architect (Lead)
• 1 Technical Manager / Lead Engineer
• 2 Senior AWS Cloud Engineers (CDK‑capable)

You own architecture, backlog, code reviews of CDK modules, security posture, migration wave plans, and MAP adoption.

Knockout Criteria (use for fast screening)

•  No AWS SA‑Pro and Security Specialty
•  No enterprise CDK (constructs + CDK Pipelines adopted by multiple teams)
•  Never led multi‑wave app + data migrations with cutover in regulated environments
•  Can’t articulate audit evidence (Config/Security Hub/Control Tower + exceptions/remediation)
•  Won’t work onsite 5 days/week in Dallas

What “Great” Looks Like (candidate signals)

• Describes a recent datacenter‑exit program with wave plans, RTO/RPO, and rollback proof.
• Shows a CDK construct library they authored and how it was versioned/deprecated without breaking teams.
• Explains DX/VPN design, endpoint policies, private S3/Dynamo access, and cross‑account patterns.
• Produces a sample evidence pack story (control → rule → alert → ticket → remediation → audit trail).
• Quantifies MAP‑style adoption: “14 teams onboarded in 5 months; TTFD cut from 3 weeks to 4 days.”