AWS Architect

R

RAPID EAGLE INC

AWS Architect

Sunnyvale, CA
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k) matching

    Dental insurance

    Health insurance

    AWS Architect Fremont CA

    Skills:- Role overview

    Own the end‑to‑end cloud architecture and security posture for the MVP, translating requirements into a pragmatic,

    production‑ready design that can be delivered by a small, focused team (2× Cloud Engineers, DevOps Engineer).

    Lead

    architecture decisions, risk trade‑offs, and go‑live readiness.

    Key responsibilities

    Architecture ownership: Map requirements to AWS managed services; maintain Architecture.md and decision

    records (ADRs).

    Content delivery: Design CloudFront with Origin Access Control (OAC), Origin Shield, cache policies, WAF

    baseline, and short‑TTL signed URLs (Key Groups).

    Storage & data: Define S3 buckets with versioning/lifecycle/KMS; enable Multi‑Region Access Point (MRAP) for

    read path; DynamoDB schema and Global Tables for metadata.

    Services: Guide API Gateway + AWS Lambda patterns (metadata‑service, upload‑service with multipart +

    checksum, link‑service issuing signed URLs) with JWT authorizers.

    Identity: Integrate Salesforce Partner Portal SAML with Amazon Cognito (User Pool as SP); internal admin SSO via

    IAM Identity Center; token/claims design and session security.

    Security: Enforce least‑privilege IAM, KMS multi‑Region keys, Secrets Manager/SSM, TLS policies, WAF managed

    rules and suppressions.

    Observability: CloudFront logs → Kinesis Firehose → S3; CloudTrail (incl. S3 data events); CloudWatch metrics,

    dashboards, and alarms.

    DR & reliability: Propose RTO/RPO; enable DynamoDB PITR; plan MRAP read‑path failover drill; create runbooks

    for failover/rollback.

    Performance & scale: Tune large‑file handling (multipart, range, resume), cache hit ratios, and edge performance;

    guide load testing targets.

    Cost & sustainability: Set cache and lifecycle strategies; review cost reports; recommend optimizations post‑MVP.

    Delivery leadership: Sequence scope for a 12‑week plan; de‑risk critical paths; partner with DevOps on Terraform

    modules, CI/CD, and environment promotion gates.

    Minimum qualifications

    8+ years hands‑on with AWS; proven lead/architect on production systems.

    Deep expertise in: CloudFront (OAC, signed URLs, WAF), S3 (versioning, lifecycle, MRAP), DynamoDB (Global

    Tables, PITR), API Gateway, Lambda, Cognito (SAML SP), IAM/IAM Identity Center.

    Multi‑account Organizations experience (OUs, SCPs, baselines) and OIDC‑based CI/CD.

    Strong Terraform design for multi‑region/multi‑account, with immutable deployments and drift detection.

    Security best practices: KMS, Secrets Manager, SSM, WAF, TLS, least‑privilege IAM policy design.

    Observability setup: CloudTrail, CloudWatch, structured logging, alarms, and metrics for SLOs.

    Excellent written architecture artifacts and stakeholder communication.

    Preferred qualifications

    Large‑object distribution performance (range/resume, Origin Shield tuning, cache key s