Sr. AWS Architect

Client has a firmwide mandate to exit/minimize all datacenters by 2030. Core Engineering is the platform backbone enabling this shift. We re searching for an elite AWS Architect to lead a 4person engineering pod (Architect + Tech Manager + 2 Sr. Cloud Engineers) delivering repeatable migration patterns, secure landing zones, and multiteam adoption across BUs no handholding.

This is not a junior or midlevel role. The architect must be equally strong in design and handson leadership, with a proven track record of moving complex, regulated workloads and data to AWS at enterprise scale.

What You Will Lead & Deliver

• Architecture & Team Leadership
• Technical lead for the 4person pod; mentor, review, unblock; drive delivery cadence.
• Convert business/regulatory constraints into platform designs and migration plans.
• Platform & IaC (CDKforward)
• Author AWS CDK constructs (TypeScript/Python) for network, identity, logging, encryption, data foundations; manage CDK Pipelines across accounts/environments.
• Define versioning/deprecation strategy for constructs; ensure frictionless consumption by 10 20+ teams.
• Security & Compliance (bankgrade)
• Enforce leastprivilege IAM, permission boundaries, SCPs, key policies (KMS), private endpoints, guardrails.
• Centralize CloudTrail/GuardDuty/Security Hub; codify controls as policyascode; maintain evidence.
• Migration Execution (Apps + Data)
• Drive discovery, wave planning, and execution using AWS migration tooling:
• Workloads/servers: AWS MGN (CloudEndure), Migration Hub, ADS.
• Databases/data: DMS, SCT, DataSync, Snowball Edge/Snow Family, S3 Transfer Acceleration, Glue ETL.
• Stateful cutovers: blue/green, canary, DNS strategies; performance baselines and smoke tests.
• Connectivity / Networking
• Design Direct Connect/VPN, routing, VPC topologies, endpoint policies, NACL/SG strategy; multiregion HA/DR.
• Observability & Operations
• Implement CloudWatch/OTel, metric/trace/log standards; error budgets, runbooks; define SLO/SLIs for shared services.
• FinOps & Cost Controls
• Establish tagging standards, cost allocation, rightsizing; RI/SP strategy; dashboards and alerts.
• Adoption Enablement (MAP KPI)
• Publish reference architectures, docs/playbooks, sample repos, workshops/office hours; track adoption KPIs.

Required Experience

• 15+ years overall; 10+ years deep AWS architecture in regulated (bank/DoD/health) environments.
• Led 3 large enterprise migrations (100s of servers and multiTB data) including plan migrate cutover hypercare.
• Built multiaccount platforms with Control Tower/Organizations, SCPs, IAM SSO, and centralized logging & security.
• Handson CDK (not just Terraform): authored reusable constructs adopted by multiple teams, with CDK Pipelines.
• Demonstrated audit readiness: control mapping, Config rules, exceptions workflow, evidence packs.

Required Certifications (must be current or recently lapsed)

• AWS Solutions Architect Professional (required)
• AWS Security Specialty (required)
• AWS DevOps Engineer Professional (strongly preferred)
• AWS Advanced Networking Specialty (preferred for DX/VPC design)

Nicetohave: AWS Database Specialty or Data Analytics Specialty (DMS/SCT strategy), CKA/CKAD (EKSadjacent).

Core Technical Skills (musthave depth)

• AWS CDK (TypeScript/Python), CDK Pipelines, CloudFormation; Terraform literacy welcome but CDK is primary.
• Security: IAM/SCPs/permission boundaries, KMS (envelope encryption), Secrets Manager, S3 bucket & endpoint policies, private subnets, WAF/Shield, detective controls.
• Networking: VPC design, Transit Gateway, DX/VPN, routing, multiregion failover.
• Data & Migration: DMS, SCT, DataSync, Snowball, S3 transfer strategies, RDS/Aurora patterns, schema conversion, replication lag/cutover.
• Workload Migration: AWS MGN, image/agent planning, dependency mapping, perf baselines, blue/green cutover.
• Observability & Ops: CloudWatch, metrics/logging, runbooks, chaos/failover testing, MTTR/MTTD improvements.
• FinOps: tagging, cost allocation, RI/SP, dashboards.

Soft Skills

• Executive presence; crisp communicator with architects, security, and BU leaders.
• Bias to action; operates independently, sets and meets aggressive timelines.
• Pragmatic decisionmaker; documents tradeoffs, risks, and mitigations.
• Coaches senior engineers; raises the team s bar.

Team You ll Lead (4person pod)

• You Senior AWS Architect (Lead)
• 1 Technical Manager / Lead Engineer
• 2 Senior AWS Cloud Engineers (CDKcapable)

You own architecture, backlog, code reviews of CDK modules, security posture, migration wave plans, and MAP adoption.

Knockout Criteria (use for fast screening)

• No AWS SAPro and Security Specialty
• No enterprise CDK (constructs + CDK Pipelines adopted by multiple teams)
• Never led multiwave app + data migrations with cutover in regulated environments
• Can t articulate audit evidence (Config/Security Hub/Control Tower + exceptions/remediation)
• Won t work onsite 5 days/week in Dallas

What Great Looks Like (candidate signals)

• Describes a recent datacenterexit program with wave plans, RTO/RPO, and rollback proof.
• Shows a CDK construct library they authored and how it was versioned/deprecated without breaking teams.
• Explains DX/VPN design, endpoint policies, private S3/Dynamo access, and crossaccount patterns.
• Produces a sample evidence pack story (control rule alert ticket remediation audit trail).
• Quantifies MAPstyle adoption: 14 teams onboarded in 5 months; TTFD cut from 3 weeks to 4 days.