AWS Architect

Overview

Remote

Depends on Experience

Full Time

Skills

Workflow

Step-Functions

Regulatory Compliance

Orchestration

Payment Card Industry

System On A Chip

Payments

Testing

Provisioning

Microsoft Azure

Roadmaps

Security Controls

Kubernetes

GitLab

DevOps

Documentation

PCI DSS

Messaging

Encryption

Continuous Integration

Data Lake

Design Automation

Knowledge Transfer

Oracle Policy Automation

Machine Learning (ML)

API

Amazon Kinesis

Amazon Route 53

Amazon SageMaker

Amazon S3

Amazon Web Services

Amazon Redshift

Access Control

Caching

Change Management

Artificial Intelligence

Analytics

Job Details

AWS Architect

AWS Platform Architect (Hands-On)

Experience Level: 10 15 years total; 6 8 years in AWS platform architecture and automation

Role Summary

We re seeking a hands-on AWS Platform Architect to design, automate, and govern a secure, scalable AWS foundation

enabling payment workloads, data & AI platforms, and core applications. The role blends deep technical implementation (IaC, CI/CD, security automation) with program governance, compliance, and stakeholder leadership.

________________________________________

Key Responsibilities

Platform Provisioning & Automation

Design and automate AWS Organizations, multi-account strategy, SCPs, VPC architectures, Transit Gateway, PrivateLink, and centralized egress.

Implement IAM (roles, permission boundaries, identity federation), AWS SSO, and guardrails aligned to enterprise controls.

Automate security services (Config, GuardDuty, Security Hub, CloudTrail, KMS, Macie, Detective) and monitoring (CloudWatch, CloudWatch Logs, X-Ray).

Build reusable Terraform modules and pipelines for repeatable environment provisioning.

Security & Compliance Integration

Integrate FCB-defined (or customer-defined) security controls, IAM policies, and program guardrails across accounts and workloads.

Map controls to frameworks (PCI DSS for payments, SOC 2/ISO 27001, NIST CSF) and implement evidence collection via automation.

Define and enforce least-privilege access, encryption, network segmentation, and operational monitoring baselines.

CI/CD & Infrastructure-as-Code

Establish CI/CD pipelines (GitHub Actions/GitLab CI/Azure DevOps/CodePipeline) for infra and app workloads.

Standardize Terraform workflows (workspaces, state management, policy as code with OPA/Conftest/Terraform Cloud/Enterprise).

Integrate automated testing (static analysis, drift detection, security scanning, compliance validation).

Workload Enablement (Payments, Data & AI, Core Apps)

Architect secure payment environments with PCI-ready controls, tokenization patterns, and audit readiness.

Design data platform services (data lakes, analytics, AI/ML) including ingestion pipelines, governance, lineage, and secure access.

Enable core application services and platform components (EKS/ECS, serverless, managed databases, caching, messaging, observability).

Program Governance & Reporting

Define program guardrails, governance model, KPIs, and reporting cadence; run compliance audits with automated evidence.

Establish change management, incident response, and cost governance (FinOps guardrails, tagging, budgets, anomaly detection).

Documentation & Handover

Produce architecture diagrams, runbooks, standards, Terraform module catalogs, and operational playbooks.

Lead knowledge transfer and operational handover to platform and app teams.

________________________________________

Required Qualifications

Hands-on AWS expertise across Organizations, VPC networking, IAM, KMS, Security Hub/GuardDuty/Config/CloudTrail, CloudWatch, and data services.

Terraform mastery (modules, state, workspaces, policy as code) and CI/CD pipeline setup for infra and app deployments.

Security & compliance experience (PCI DSS, SOC 2, ISO 27001, NIST CSF) control design, automation, and audit readiness.

Networking: Multi-account networking, segmentation, TGW, Route 53, NAT/east-west patterns, PrivateLink, hybrid connectivity (Direct Connect/VPN).

Data & AI platform design: Data lake architecture, analytics pipelines, access controls, ML orchestration (SageMaker/EKS-based).

Containers & serverless: EKS/ECS, Lambda, API Gateway, event-driven patterns; observability and resilience.

Strong stakeholder leadership: Requirements, current-state assessment, roadmap creation, and cross-functional alignment.

________________________________________

Nice-to-Have

PCI-ready payment workload enablement experience.

FinOps and cost optimization practices.

Policy-as-code tools: OPA/Conftest, Checkov, Infracost.

GitHub Actions/GitLab CI/Azure DevOps/CodePipeline experience.

SRE practices: error budgets, SLIs/SLOs, runbooks, chaos testing.

Certifications: AWS Solutions Architect Professional, AWS Security Specialty, Certified Kubernetes Administrator (CKA).

________________________________________

Tools & Tech Stack

IaC & Pipelines: Terraform, Terragrunt (optional), GitHub/GitLab/Azure DevOps/CodePipeline

Security & Governance: AWS Config, Security Hub, GuardDuty, CloudTrail, KMS, IAM Identity Center, SCPs

Networking: VPC, TGW, Route 53, PrivateLink, Direct Connect/VPN

Observability: CloudWatch, CloudWatch Logs, X-Ray, OpenTelemetry (optional)

Data & AI: S3, Lake Formation, Glue, Athena/Redshift, EMR, Kinesis/MSK, SageMaker, Step Functions

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Job Details

Share