Job Summary:
The Infrastructure Architect will lead the strategic design and implementation of enterprise-grade cloud
infrastructure solutions on AWS. This senior role architects scalable, secure, and highly available
infrastructure supporting multi-tenant SaaS applications, comprehensive monitoring systems, and
mission-critical operations. The position requires deep AWS expertise, multi-tenant architecture proficiency, and ability to integrate AWS Marketplace and third-party solutions while delivering robust, cost-effective infrastructure at scale.
QUALIFICATIONS AND BACKGROUND
Education
Required: Bachelor's degree in computer science or information systems
Preferred: Master's degree in computer science or information systems
Certifications Required: AWS Certified DevOps Engineer Professional
Experience Required:
10+ years in infrastructure architecture and cloud engineering
Extensive hands-on AWS infrastructure expertise across core services
Deep expertise with Terraform, AWS CDK, and CloudFormation Templates (CFT)
Proven track record architecting production-grade AWS infrastructure for enterprise
environments
Expert-level infrastructure CI/CD pipeline design using GitLab CI/CD
Strong proficiency in SaaS infrastructure and multi-tenant design principles
Experience architecting large-scale infrastructure for multi-tenant SaaS platforms
Proven success integrating AWS Marketplace products and third-party SaaS platforms
Experience with enterprise monitoring and observability platforms including Nagios
Preferred:
Experience building/operating SaaS infrastructure at scale
Multi-cloud experience (Azure, Google Cloud Platform)
AWS SaaS Factory program participation
AWS Marketplace seller/ISV experience
Advanced FinOps and infrastructure cost optimization expertise
Skills
AWS Cloud Infrastructure (Expert Level):
Compute: EC2, ECS/Fargate, EKS, Lambda, Auto Scaling, Batch
Storage: S3, EBS, EFS, FSx, Storage Gateway, Backup
Database: RDS, Aurora, DynamoDB, Redshift, ElastiCache, DocumentDB
Networking: VPC, Route 53, CloudFront, API Gateway, Direct Connect, Transit Gateway,
PrivateLink, VPN
Security: IAM, KMS, Secrets Manager, Cognito, GuardDuty, Security Hub, WAF, Shield,
Macie
Management: CloudWatch, CloudTrail, Systems Manager, Config, Control Tower,
Organizations, Service Catalog
Infrastructure as Code (Advanced):
Terraform (advanced modules, state management, workspaces, complex architectures)
AWS CDK (TypeScript/Python with constructs, patterns, custom resources)
CloudFormation (nested stacks, StackSets, custom resources, drift detection)
Policy-as-code (AWS Config Rules, Service Control Policies, OPA)
Git version control with GitFlow and trunk-based development
SaaS & Multi-Tenant Infrastructure:
Tenant isolation patterns (VPC isolation, account-level, database-level, row-level security)
Identity & access management (Cognito, tenant-aware IAM, RBAC)
API Gateway (usage plans, tenant routing, rate limiting, throttling)
Metering, billing, usage tracking, cost allocation tags
Resource pooling, capacity planning, workload management
Well-Architected SaaS Lens implementation
CI/CD & Infrastructure Automation:
GitLab CI/CD (advanced pipelines, runners, security scanning, artifact management)
AWS Developer Tools (CodePipeline, CodeBuild, CodeDeploy, CodeArtifact)
Containers (Docker, ECS/Fargate, EKS, ECR, Helm charts, Kubernetes operators)
Deployment strategies (blue-green, canary, rolling updates, feature flags)
GitOps practices and infrastructure drift detection
Infrastructure testing frameworks
Monitoring & Observability:
Nagios (Core/XI, NRPE, NCPA, custom plugin development)
CloudWatch (Metrics, Logs, Alarms, Dashboards, Synthetics, Insights), X-Ray
Prometheus, Grafana, Managed Prometheus, Managed Grafana
Log management (CloudWatch Logs Insights, OpenSearch Service)
Distributed tracing (X-Ray, OpenTelemetry)
Alerting (SNS, EventBridge, PagerDuty, Opsgenie)
APM tools integration (Datadog, New Relic, Dynatrace)
Tenant-aware monitoring with isolated metrics and dashboards
Security & Compliance:
IAM policies, roles, SCPs, permission boundaries
Encryption (KMS, at-rest, in-transit), secrets management, data masking
Zero-trust architectures and least privilege principles
Compliance frameworks (HIPAA, PCI-DSS, SOC 2, GDPR, ISO 27001)
Security scanning, vulnerability management, AWS Security Hub
Network security (security groups, NACLs, WAF, Shield)
Infrastructure Optimization:
Cost optimization (Cost Explorer, Trusted Advisor, Compute Optimizer, Savings Plans, RI,
Spot)
Performance tuning and capacity planning
High availability and fault tolerance design
Disaster recovery and backup strategies (AWS Backup, cross-region replication)
Multi-region and multi-account architectures
Development & Automation:
Scripting (Python, Bash, PowerShell, Go)
Git workflows and version control
REST APIs, GraphQL integration
AWS CLI and SDKs (boto3)
Configuration management (Ansible, Chef, Puppet - preferred)