AWS Cloud Infrastructure Architect with IRS MBI Clearance

This is a remote position.Job Title: AWS Cloud Infrastructure Architect Location: RemoteDuration: Full-TimeClearance: IRS MBI RequiredWe are seeking an experienced AWS Cloud Architect to design, implement, and manage our organization's cloud infrastructure on Amazon Web Services. This role will be responsible for establishing and maintaining our AWS environment, including account structure, networking, security, and governance frameworks.Key ResponsibilitiesAWS Account & Organization ManagementDesign and implement AWS account structure using AWS Organizations Create and manage Organizational Units (OUs) based on business requirements and best practices Establish account governance policies and standards Implement consolidated billing and cost allocation strategies Deploy and manage AWS Control Tower for automated account provisioning and governance Implement Landing Zone Architecture (LZA) for scalable, secure multi-account environments Network Architecture & ConnectivityDesign and deploy Virtual Private Clouds (VPCs) across multiple regions Configure and manage VPN connections (Site-to-Site VPN and Client VPN) Implement AWS Direct Connect for hybrid cloud connectivity Design network segmentation strategies using subnets, route tables, and network ACLs Configure Transit Gateway for multi-VPC connectivity Manage DNS using Route 53 Architect network solutions for AWS GovCloud environments Identity & Access Management (IAM)Design and implement IAM policies, roles, and permission boundaries Establish identity federation with corporate identity providers Implement least privilege access principles Create and manage service control policies (SCPs) at the organization level Configure multi-factor authentication (MFA) requirements Develop IAM governance and compliance frameworks Security & ComplianceDesign and implement security policies across the organization Configure AWS Security Hub, GuardDuty, and AWS Config Implement encryption strategies for data at rest and in transit Establish security monitoring and incident response procedures Ensure compliance with industry standards (SOC 2, ISO 27001, HIPAA, etc.) Maintain FedRAMP compliance requirements and controls Design and implement security architectures for AWS GovCloud (US) regions Conduct security assessments and vulnerability management Implement AWS WAF and Shield for application protection Additional ResponsibilitiesCreate infrastructure as code using AWS CloudFormation or Terraform Develop and maintain architectural documentation and diagrams Provide technical guidance and mentorship to engineering teams Participate in disaster recovery planning and testing Optimize cloud costs and resource utilization Technical Skills5+ years of experience in cloud architecture, with 3+ years specifically on AWS Deep understanding of AWS Organizations and multi-account strategies Hands-on experience with AWS Control Tower for account orchestration and governance Proficiency in Landing Zone Architecture (LZA) design and implementation Experience working with AWS GovCloud (US) environments Knowledge of FedRAMP compliance requirements, controls, and authorization processes Expert knowledge of AWS networking services (VPC, VPN, Direct Connect, Transit Gateway) Strong expertise in IAM, including policy design and identity federation Proven experience implementing security best practices and compliance frameworks Proficiency with infrastructure as code tools (CloudFormation, Terraform, CDK) Experience with AWS security services (Security Hub, GuardDuty, Config, CloudTrail) Certifications (Preferred)AWS Certified Solutions Architect – Professional AWS Certified Security – Specialty AWS Certified Advanced Networking - Specialty Additional AWS certifications are a plus Originally posted on Himalayas