Lead AWS Architect

Lead AWS Architect @ Bedford, MA (Hybrid - 2 days on site)

We are seeking a Lead AWS Architect with deep expertise in AWS infrastructure design, cloud networking, Kubernetes (EKS), and platform engineering to lead the architecture and implementation of scalable, secure, and reliable cloud platforms. This role will partner closely with engineering teams running Python-based services, building containerized and Kubernetes-native solutions, and modernizing infrastructure through Infrastructure as Code (IaC) and automation.

You will own end-to-end AWS platform architecture—from landing zone and network design to Kubernetes operations, CI/CD, observability, and security—while mentoring engineers and establishing best practices.

Key Responsibilities

Cloud Architecture & Platform Leadership

• Lead architecture and hands-on delivery of AWS infrastructure supporting modern application platforms (microservices, APIs, data workloads, Python services).
• Define target-state platform architecture for EKS/Kubernetes, networking, security controls, and operational standards.
• Establish cloud governance and foundational patterns (accounts, VPC design, security baselines, tagging, cost allocation, and operational guardrails).

AWS Infrastructure & Networking

• Design and implement highly available AWS environments using services such as VPC, IAM, EC2, ALB/NLB, Route 53, CloudFront, RDS/Aurora, EFS/FSx, S3, and KMS.
• Build and operate secure connectivity patterns: PrivateLink, VPC Peering, Transit Gateway, VPN/Direct Connect, and hybrid/cloud connectivity.

Kubernetes (EKS) & Container Platform Engineering

• Architect, deploy, and operate EKS clusters (multi-tenant / multi-environment) with best practices for scaling, security, and reliability.
• Implement Kubernetes platform components such as:
• Ingress controllers (ALB Ingress Controller / NGINX), external-dns, cert-manager
• Cluster autoscaling, node groups, spot/ondemand strategy
• Pod security, RBAC, network policies, secrets management
• Define standard patterns for deploying Python workloads to Kubernetes (Helm, Kustomize, GitOps, CI/CD-driven deployments).

Infrastructure as Code & Automation

• Build automated provisioning using Terraform/CloudFormation/CDK, and configuration management via Ansible or equivalent.
• Create reusable IaC modules and enforce standards with policy-as-code (e.g., OPA, Sentinel, AWS Config rules).
• Automate operational workflows: environment provisioning, cluster upgrades, patching, backup/restore, and disaster recovery testing.

CI/CD, Observability, Reliability

• Design CI/CD pipelines for containerized workloads (e.g., GitHub Actions, GitLab, Jenkins, CodePipeline) including artifact versioning, promotion, and rollback strategies.
• Implement observability (metrics, logging, tracing) using CloudWatch, Prometheus, Grafana, OpenTelemetry, and centralized logging stacks.
• Establish SRE practices: SLOs/SLIs, runbooks, incident response, on-call readiness, and performance tuning.

Security & Compliance

• Implement secure-by-design patterns: least-privilege IAM, encryption in transit/at rest, secrets management (AWS Secrets Manager/Vault), and vulnerability management.
• Drive compliance readiness (SOC2/HIPAA/ISO depending on environment) with audit-friendly controls and documentation.

Leadership & Collaboration

• Act as technical lead and mentor across cloud/platform teams.
• Partner with application and data teams to optimize architecture, improve resilience, and reduce cloud spend.
• Produce architecture diagrams, decision records, standards, and technical documentation.

Required Qualifications

• 8 years in infrastructure/cloud engineering, with 5 years designing on AWS.
• Strong hands-on AWS experience across compute, storage, networking, and security.
• Kubernetes expertise with production operations (preferably AWS EKS).
• Proven experience designing platforms for Python-based services, containerization, packaging, and runtime operations.
• Strong Infrastructure as Code skills (Terraform preferred; CloudFormation/CDK acceptable).
• Experience with CI/CD pipelines and deployment automation for containerized workloads.
• Strong Linux administration, scripting, and troubleshooting skills.
• Excellent communication skills; able to translate business requirements into technical architecture.

Preferred Qualifications

• AWS Certifications: AWS Solutions Architect – Professional (preferred), DevOps Engineer, Security Specialty.
• Experience with GitOps tooling (Argo CD / Flux), service mesh (Istio/Linkerd), API gateways, and workload identity patterns (IRSA).
• Experience with runtime security and supply chain controls (container scanning, SBOM, admission controllers).
• Experience with FinOps and cost optimization (rightsizing, savings plans/reserved instances, autoscaling efficiency).
• Experience in regulated environments (healthcare, finance, pharma) and formal change control processes.

Core Technical Skills (Keywords)

• AWS: VPC, IAM, EKS, EC2, ALB/NLB, Route 53, S3, RDS/Aurora, CloudWatch, KMS, CloudTrail, AWS Config
• Kubernetes: EKS, Helm, RBAC, Ingress, Autoscaling, Network Policies, Secrets
• IaC: Terraform, CloudFormation, CDK
• CI/CD: GitHub Actions, GitLab CI, Jenkins, CodePipeline
• Observability: Prometheus, Grafana, OpenTelemetry, ELK/EFK, CloudWatch
• Python Platform: containerized Python apps, dependency management, runtime performance, scalable deployment patterns
• Security: IAM least privilege, encryption, secrets management, vulnerability scanning

What Success Looks Like (First 90 Days)

• Assess current AWS and Kubernetes posture; identify quick wins in reliability, security, and cost.
• Deliver improved reference architecture for EKS and AWS networking/security baseline.
• Establish IaC standards/modules and implement at least one environment end-to-end.
• Improve CI/CD deployment consistency and observability coverage for Python services.
• Document runbooks and implement a repeatable upgrade/patching strategy for EKS.

Why Join Us

• Lead architecture for a modern cloud platform with real ownership and impact.
• Work with strong engineering teams building high-scale, Kubernetes-native services.
• Opportunity to define standards, mentor teams, and drive cloud transformation.