Sr. AWS Architect

Title: Sr. AWS Architect

Location: Dallas, TX - 5 days onsite (no exceptions) (Local only)

Duration: 6+ Months Contract

Job Description

Role Overview

Client has a firmwide mandate to exit/minimize all datacenters by 2030. Core Engineering is the platform backbone enabling this shift. We're searching for an elite AWS Architect to lead a 4 person engineering pod (Architect + Tech Manager + 2 Sr. Cloud Engineers) delivering repeatable migration patterns, secure landing zones, and multi team adoption across BUs-no hand holding.

This is not a junior or mid level role. The architect must be equally strong in design and hands on leadership, with a proven track record of moving complex, regulated workloads and data to AWS at enterprise scale.

What You Will Lead & Deliver

• Architecture & Team Leadership
• Technical lead for the 4 person pod; mentor, review, unblock; drive delivery cadence.
• Convert business/regulatory constraints into platform designs and migration plans.
• Platform & IaC (CDK forward)
• Author AWS CDK constructs (TypeScript/Python) for network, identity, logging, encryption, data foundations; manage CDK Pipelines across accounts/environments.
• Define versioning/deprecation strategy for constructs; ensure frictionless consumption by 10 20+ teams.
• Security & Compliance (bank grade)
• Enforce least privilege IAM, permission boundaries, SCPs, key policies (KMS), private endpoints, guardrails.
• Centralize CloudTrail/GuardDuty/Security Hub; codify controls as policy as code; maintain evidence.
• Migration Execution (Apps + Data)
• Drive discovery, wave planning, and execution using AWS migration tooling:
• Workloads/servers: AWS MGN (CloudEndure), Migration Hub, ADS.
• Databases/data: DMS, SCT, DataSync, Snowball Edge/Snow Family, S3 Transfer Acceleration, Glue ETL.
• Stateful cutovers: blue/green, canary, DNS strategies; performance baselines and smoke tests.
• Connectivity / Networking
• Design Direct Connect/VPN, routing, VPC topologies, endpoint policies, NACL/SG strategy; multi region HA/DR.
• Observability & Operations
• Implement CloudWatch/OTel, metric/trace/log standards; error budgets, runbooks; define SLO/SLIs for shared services.
• FinOps & Cost Controls
• Establish tagging standards, cost allocation, rightsizing; RI/SP strategy; dashboards and alerts.
• Adoption Enablement (MAP KPI)
• Publish reference architectures, docs/playbooks, sample repos, workshops/office hours; track adoption KPIs.

Required Experience

15+ years overall; 10+ years deep AWS architecture in regulated (bank/DoD/health) environments.

Led 3 large enterprise migrations (100s of servers and multi TB data) including plan migrate cutover hypercare.

Built multi account platforms with Control Tower/Organizations, SCPs, IAM SSO, and centralized logging & security.

Hands on CDK (not just Terraform): authored reusable constructs adopted by multiple teams, with CDK Pipelines.

Demonstrated audit readiness: control mapping, Config rules, exceptions workflow, evidence packs.

Required Certifications (must be current or recently lapsed)

• AWS Solutions Architect Professional (required)
• AWS Security Specialty (required)
• AWS DevOps Engineer Professional (strongly preferred)
• AWS Advanced Networking Specialty (preferred for DX/VPC design)

Nice to have: AWS Database Specialty or Data Analytics Specialty (DMS/SCT strategy), CKA/CKAD (EKS adjacent).

Core Technical Skills (must have depth)

AWS CDK (TypeScript/Python), CDK Pipelines, CloudFormation; Terraform literacy welcome but CDK is primary.

Security: IAM/SCPs/permission boundaries, KMS (envelope encryption), Secrets Manager, S3 bucket & endpoint policies, private subnets, WAF/Shield, detective controls.

Networking: VPC design, Transit Gateway, DX/VPN, routing, multi region failover.

Data & Migration: DMS, SCT, DataSync, Snowball, S3 transfer strategies, RDS/Aurora patterns, schema conversion, replication lag/cutover.

Workload Migration: AWS MGN, image/agent planning, dependency mapping, perf baselines, blue/green cutover.

Observability & Ops: CloudWatch, metrics/logging, runbooks, chaos/failover testing, MTTR/MTTD improvements.

FinOps: tagging, cost allocation, RI/SP, dashboards.

Soft Skills

• Executive presence; crisp communicator with architects, security, and BU leaders.
• Bias to action; operates independently, sets and meets aggressive timelines.
• Pragmatic decision maker; documents tradeoffs, risks, and mitigations.
• Coaches senior engineers; raises the team's bar.

Team You'll Lead (4 person pod)

You - Senior AWS Architect (Lead)

1. Technical Manager / Lead Engineer
2. Senior AWS Cloud Engineers (CDK capable)

You own architecture, backlog, code reviews of CDK modules, security posture, migration wave plans, and MAP adoption.

Knockout Criteria (use for fast screening)

• No AWS SA Pro and Security Specialty
• No enterprise CDK (constructs + CDK Pipelines adopted by multiple teams)
• Never led multi wave app + data migrations with cutover in regulated environments
• Can't articulate audit evidence (Config/Security Hub/Control Tower + exceptions/remediation)
• Won't work onsite 5 days/week in Dallas

What "Great" Looks Like (candidate signals)

• Describes a recent datacenter exit program with wave plans, RTO/RPO, and rollback proof.
• Shows a CDK construct library they authored and how it was versioned/deprecated without breaking teams.
• Explains DX/VPN design, endpoint policies, private S3/Dynamo access, and cross account patterns.
• Produces a sample evidence pack story (control rule alert ticket remediation audit trail).
• Quantifies MAP style adoption: "14 teams onboarded in 5 months; TTFD cut from 3 weeks to 4 days."