What You Will Lead & Deliver
Architecture & Team Leadership
- Technical lead for the 4‑person pod; mentor, review, unblock; drive delivery cadence.
- Convert business/regulatory constraints into platform designs and migration plans.
Platform & IaC (CDK‑forward)
- Author AWS CDK constructs (TypeScript/Python) for network, identity, logging, encryption, data foundations; manage CDK Pipelines across accounts/environments.
- Define versioning/deprecation strategy for constructs; ensure frictionless consumption by 10–20+ teams.
Security & Compliance (bank‑grade)
- Enforce least‑privilege IAM, permission boundaries, SCPs, key policies (KMS), private endpoints, guardrails.
- Centralize CloudTrail/GuardDuty/Security Hub; codify controls as policy‑as‑code; maintain evidence.
Migration Execution (Apps + Data)
- Drive discovery, wave planning, and execution using AWS migration tooling:
- Workloads/servers: AWS MGN (CloudEndure), Migration Hub, ADS.
- Databases/data: DMS, SCT, DataSync, Snowball Edge/Snow Family, S3 Transfer Acceleration, Glue ETL.
- Stateful cutovers: blue/green, canary, DNS strategies; performance baselines and smoke tests.
Connectivity / Networking
- Design Direct Connect/VPN, routing, VPC topologies, endpoint policies, NACL/SG strategy; multi‑region HA/DR.
Observability & Operations
- Implement CloudWatch/OTel, metric/trace/log standards; error budgets, runbooks; define SLO/SLIs for shared services.
FinOps & Cost Controls
- Establish tagging standards, cost allocation, rightsizing; RI/SP strategy; dashboards and alerts.
Adoption Enablement (MAP KPI)
- Publish reference architectures, docs/playbooks, sample repos, workshops/office hours; track adoption KPIs.
Required Experience
- 15+ years overall; 10+ years deep AWS architecture in regulated (bank/DoD/health) environments.
- Led ≥3 large enterprise migrations (100s of servers and multi‑TB data) including plan → migrate → cutover → hypercare.
- Built multi‑account platforms with Control Tower/Organizations, SCPs, IAM SSO, and centralized logging & security.
- Hands‑on CDK (not just Terraform): authored reusable constructs adopted by multiple teams, with CDK Pipelines.
- Demonstrated audit readiness: control mapping, Config rules, exceptions workflow, evidence packs.
Required Certifications (must be current or recently lapsed)
- AWS Solutions Architect – Professional (required)
- AWS Security – Specialty (required)
- AWS DevOps Engineer – Professional (strongly preferred)
- AWS Advanced Networking – Specialty (preferred for DX/VPC design)
Nice‑to‑have: AWS Database – Specialty or Data Analytics – Specialty (DMS/SCT strategy), CKA/CKAD (EKS‑adjacent).
Core Technical Skills (must‑have depth)
- AWS CDK (TypeScript/Python), CDK Pipelines, CloudFormation; Terraform literacy welcome but CDK is primary.
- Security: IAM/SCPs/permission boundaries, KMS (envelope encryption), Secrets Manager, S3 bucket & endpoint policies, private subnets, WAF/Shield, detective controls.
- Networking: VPC design, Transit Gateway, DX/VPN, routing, multi‑region failover.
- Data & Migration: DMS, SCT, DataSync, Snowball, S3 transfer strategies, RDS/Aurora patterns, schema conversion, replication lag/cutover.
- Workload Migration: AWS MGN, image/agent planning, dependency mapping, perf baselines, blue/green cutover.
- Observability & Ops: CloudWatch, metrics/logging, runbooks, chaos/failover testing, MTTR/MTTD improvements.
- FinOps: tagging, cost allocation, RI/SP, dashboards.
Never miss an opportunity! Create an alert based on the job you applied for.
