AWS Cloud Infrastructure Architect, IRS MBI Clearance

This is a fully remote position, open to applicants in United States.

📋 Description

• Design and implement an AWS account structure utilizing AWS Organizations.

• Create and manage Organizational Units (OUs) according to business needs and best practices.

• Establish policies and standards for account governance.

• Implement strategies for consolidated billing and cost allocation.

• Deploy and oversee AWS Control Tower for automated account provisioning and governance.

• Implement Landing Zone Architecture (LZA) for scalable and secure multi-account environments.

• Design and deploy Virtual Private Clouds (VPCs) across various regions.

• Configure and manage VPN connections, including Site-to-Site VPN and Client VPN.

• Implement AWS Direct Connect for hybrid cloud connectivity.

• Design strategies for network segmentation using subnets, route tables, and network ACLs.

• Configure Transit Gateway for connectivity across multiple VPCs.

• Manage DNS using Route 53.

• Architect network solutions tailored for AWS GovCloud environments.

• Design and implement IAM policies, roles, and permission boundaries.

• Establish identity federation with corporate identity providers.

• Implement principles of least privilege access.

• Create and manage service control policies (SCPs) at the organizational level.

• Configure requirements for multi-factor authentication (MFA).

• Develop IAM governance and compliance frameworks.

• Design and enforce security policies organization-wide.

• Configure AWS Security Hub, GuardDuty, and AWS Config.

• Implement encryption strategies for data both at rest and in transit.

• Establish monitoring and incident response procedures for security.

• Ensure compliance with industry standards such as SOC 2, ISO 27001, HIPAA, etc.

• Maintain requirements and controls for FedRAMP compliance.

• Design and implement security architectures for AWS GovCloud (US) regions.

• Conduct security assessments and manage vulnerabilities.

• Implement AWS WAF and Shield for application protection.

• Create infrastructure as code using AWS CloudFormation or Terraform.

• Develop and maintain architectural documentation and diagrams.

• Provide technical guidance and mentorship to engineering teams.

• Participate in disaster recovery planning and testing activities.

• Optimize cloud costs and resource utilization.

⛳️ Requirements

• Over 5 years of experience in cloud architecture, with at least 3 years focused on AWS.

• Comprehensive understanding of AWS Organizations and multi-account strategies.

• Practical experience with AWS Control Tower for account orchestration and governance.

• Proficiency in the design and implementation of Landing Zone Architecture (LZA).

• Experience in working with AWS GovCloud (US) environments.

• Knowledge of FedRAMP compliance requirements, controls, and authorization procedures.

• Expert knowledge of AWS networking services, including VPC, VPN, Direct Connect, and Transit Gateway.

• Strong expertise in IAM, particularly in policy design and identity federation.

• Proven track record in implementing security best practices and compliance frameworks.

• Proficiency with infrastructure as code tools, such as CloudFormation, Terraform, or CDK.

• Experience with AWS security services, including Security Hub, GuardDuty, Config, and CloudTrail.

• Preferred certifications include: AWS Certified Solutions Architect – Professional, AWS Certified Security – Specialty, AWS Certified Advanced Networking - Specialty; additional AWS certifications are advantageous.

🏝️ Benefits

• Competitive salary and performance-based bonuses.

• Comprehensive health, dental, and vision insurance.

• Generous paid time off and flexible work hours.

• Opportunities for professional development and training.

• A collaborative and inclusive work environment.