Cloud Architect

The Cloud Architect is the design authority and governance lead for our AWS multi-tenant platform. This role owns the Landing Zone, Organizational Unit (OU) structure, guardrails, and modernization

roadmap. The architect provides strategic direction across infrastructure, security, observability, and cost governance, ensuring scalable and compliant foundations for containerized workloads, databases, and tenant onboarding.

Responsibilities:

Landing zones and Governance

• Design and implement AWS Control Tower / Landing Zone Accelerator (LZA) with OUs, Service Control Policies (SCPs), Account Factory, and guardrails.
• Establish and maintain the multi-tenant silo model (one account per tenant with dev/stg/prod environments).
• Define and enforce tagging standards for cost visibility and compliance.
• Architect migration strategies for compute (EC2 → ECS Fargate/EKS), databases (EC2 → RDS/Aurora), and storage (on-prem/EC2 → S3/EFS).
• Oversee blue/green deployment strategies for application cutovers.
• Provide frameworks for future SSR refactoring (API-first and SPA-ready design).

Networking & Security:

• Define networking architecture: VPC design, Transit Gateway, Route53, cross-account networking.
• Establish security frameworks: IAM Identity Center, KMS, AWS Config, CloudTrail, GuardDuty, Security Hub, Inspector, Macie.
• Align platform with security standards (CIS, NIST, ISO, PCI DSS if required).

Platform Standards & Oversight

• Provide reference architectures for CI/CD pipelines, observability, and cost governance.
• Define observability standards (logs, metrics, traces, synthetic monitoring, budgets).
• Review and approve technical solutions proposed by DevOps, Full-Stack, and QA teams.