Cloud Architect

Job Summary

Own the Cloud design, and governance of AWS-first cloud platforms, with strong focus on enterprise networking, hybrid connectivity, disaster recovery, and Infrastructure as Code. Drive secure, scalable, and cost-optimized architectures across multi-account AWS environments with supporting Azure integration.

What is the Role Expected to Do

Cloud Architecture & Landing Zone

• Design and manage AWS Landing Zone (multi-account, OUs, account vending, SCPs) using Control Tower or custom frameworks
• Define centralized networking and shared services architecture
• Establish governance guardrails and baseline standards
• Design AWS DR strategies- Pilot Light, Warm Standby, Active-Active

AWS Networking (Core Focus)

• Architect and operate: VPC design (CIDR strategy, subnet segmentation, route tables, IGW/NAT, NACLs, SGs),Transit Gateway (TGW) with route propagation and segmentation, Private connectivity: Private Link, VPC Endpoints
• Design hybrid connectivity Direct Connect (DX), Site-to-Site VPN (BGP-based)
• Define North-south and east-west traffic flows and Ingress/egress patterns and NAT strategies
• Design DNS architecture using Route53 (private/public zones, resolver endpoints)
• Define Hub-Spoke/hub-mesh topologies and architect multi-region connectivity

Cost Optimization

• Drive AWS & Azure cost optimization initiatives, including monitoring usage, implementing tagging standards, managing Savings Plans and Reserved Instances, and providing cost-saving recommendations based on FinOps model.

Cloud Operations & Reliability

• Define architecture and best practices for Kubernetes clusters on AWS (EKS) including node groups/node pools, cluster networking, autoscaling, upgrades, monitoring, and troubleshooting.
• Define and govern Azure-to-Amazon RDS migration strategies, including workload assessment, target architecture, cutover planning, and post-migration validation.
• Execute application and database migrations to AWS and Azure, supporting on-premises and cross-cloud migration initiatives.
• Monitor and optimize AWS and Azure environments, manage production incidents, perform RCA, and support SLA-driven operations.

Security & Governance

• Implement WAF, NGFW, DDoS protection, micro-segmentation
• Define and enforce guardrails (SCPs, policies, CSPM)

Qualifications

• 10+ years of industry experience on AWS.
• Strong expertise in:

AWS Networking (VPC, TGW, DX, PrivateLink, Route53)

Terraform/CloudFormation

• Strong fundamentals on Routing (BGP), DNS, VPN, firewall architectures
• Certifications:
• AWS: Solutions Architect Associate/Professional (preferred)
• AWS Certifies DevOps Engineer-Professional(nice-to-have)
• HashiCorp Certified: Terraform Associate (nice-to-have)
• AZ-104 (nice-to-have)