Who we are looking for
We are seeking an experienced Cloud Architect to lead the design, implementation, and optimization of our cloud infrastructure. The ideal candidate has deep expertise in AWS architecture, networking, security, automation, and governance. This role will drive scalable, secure, and cost-efficient cloud solutions, working closely with platform engineering, DevOps, and security teams to ensure alignment with business and compliance requirements.

This position requires extensive experience with AWS services, multi-account strategies, AWS Control Tower, networking (VPC, subnets, Direct Connect, CloudWAN), security best practices, CI/CD automation (Terraform, AWS CodePipeline, Harness), and containerized environments (EKS, ECS).

What you will be responsible for

• Design and implement scalable, secure, and high-availability cloud architectures using AWS best practices.
• Define multi-account AWS strategies, leveraging AWS Control Tower, AWS Organization, AFT, IAM Identity Center (SSO), and SCPs.
• Optimize cloud networking (VPC, subnets, Direct Connect, CloudWAN, Transit Gateway, Route 53) for hybrid and multi-region environments.
• Develop cost optimization strategies, monitoring AWS usage and rightsizing resources.
• Implement security best practices using AWS security tools (GuardDuty, Security Hub, AWS KMS, WAF, AWS Config).
• Enforce least privilege access (IAM, SCPs, VPC security groups, NACLs) and automate compliance checks.
• Ensure cloud solutions meet SOC2, NIST, ISO, PCI, and financial services compliance requirements.
• Develop and maintain AWS infrastructure using Terraform
• Design and optimize CI/CD pipelines using Harness, Terraform AWS CodePipeline and GitHub Actions.
• Automate AWS account provisioning and governance using AWS Control Tower and AFT.
• Work with DevOps, security, and development teams to align cloud solutions with business needs.
• Document architecture, design decisions, and best practices in Confluence and JIRA.
• Lead architecture reviews, cloud governance meetings, and AWS Well-Architected Framework assessments.

What we value
These skills will help you succeed in this role

• Solid working experience on AWS for enterprise enablement.
• Automation focused and engineering mind set.
• Experience with design and development of solutions across on-prem and the cloud for large enterprises
• Strong understanding of cloud native design patterns and DevOps principles (including Infrastructure as Code)
• Openness and ability to learn new skills and technologies in a fast-paced environment.
• Self-motivated and passionate individual Team player
• Ability to effectively communicate ideas and escalate issues across teams in a timely manner
• Deep understanding of AWS services; networking and security constructs along with cloud native design patterns and DevOps principles (Infrastructure as Code)
• Experience in driving and establishing an AWS Landing Zone allowing a regulated firm to run core business workloads
• Developers' mindset with ability to drive proof of concepts independently.
• Expertise in a wide range of infrastructure related domains with a track record of large production grade service deployment and IT operations preferably in financial services or a highly regulated industry
• Experience in distilling complex technical challenges to actionable decisions for stakeholders and guiding teams by building consensus and mediating compromises when necessary
• Excellent technical architecture skills, enabling the creation of future-proof, complex global solutions
• Ability to rapidly gain knowledge of the organizational structure of the firm to facilitate work with groups outside of the immediate team.

Education & Preferred Qualifications

• Bachelor’s degree in any Engineering discipline
• 12+ years overall IT industry experience with atleast 4+ years in a AWS architecture role
• Experience in architecting and designing technical solutions for based on industry standards.
• Well versed with AWS foundational constructs around Compute, Networking, Security and Storage
• Strong understanding of multi-region environments and global connectivity requirements
• Knowledge of cloud security controls including tenant isolation, encryption at rest, encryption in transit, key management, vulnerability assessments, application firewalls, SIEM, etc.
• Extensive experience with AWS security tools, including: Security Hub, GuardDuty,Config, IAM & IAM Identity Center Detective
• Ability to design for scalability, fault tolerance, and disaster recovery.
• Experience with multi-tier system and service design and development for large enterprises
• Extensive, real-world experience designing technology components for enterprise solutions and defining solution architectures and reference architectures with a focus on cloud technologies
• Extensive experience with Terraform and cloud automation – is must
• Proven experience in CI/CD pipeline automation (AWS CodePipeline and Harness).
• Financial services or regulated industry experience a huge plus
• Deep expertise in AWS networking (VPC, Transit Gateway, Direct Connect, CloudWAN, Route 53, security groups, NACLs).
• Strong knowledge of AWS security tools and compliance frameworks.

Salary Range:

$140,000 - $222,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street's Speak Up Line