Remote: Cloud Architect
Why This Role Stands Out
This fully remote Cloud Architect role offers an exciting opportunity to significantly enhance cloud infrastructure security and modernization using Terraform, perfect for a skilled professional eager to make a tangible impact. You'll thrive by leveraging your expertise in AWS, IAM, and containerization within a dynamic, project-driven environment. Apply now to contribute your deep technical skills to a critical modernization effort.
Quick Overview
Job Description
Cloud Architect + Gitlab
100% Remote
6+ Months
Job Description:
Overview
We are looking for a hands-on Cloud Architect for a 3–6-month contract engagement focused on hardening and modernizing infrastructure across three AWS accounts. The scope is practical and resource-level: cleaning up IAM, securing S3, rationalizing RDS, and migrating workloads from EC2 to EKS where it makes sense. We already have CSPM and observability tooling in place — this role is about fixing the infrastructure itself, not deploying more monitoring. All changes are to be implemented and maintained via Terraform; the contractor will leave behind clean, reviewable IaC rather than ad-hoc console changes.
WHAT YOU''LL WORK ON
Priorities will be driven by findings and account state, but the primary areas of focus are:
- IAM cleanup and least-privilege enforcement — removing stale users and roles, scoping down overly permissive policies, replacing long-lived access keys with OIDC federation and instance profiles, and hardening root account controls.
- S3 security and compliance — bucket inventory and classification, enforcing public access blocks, tightening bucket policies and ACLs, KMS encryption, TLS-only access, and versioning/lifecycle hygiene.
- RDS and Aurora rationalization — right-sizing over-provisioned instances using Performance Insights and CloudWatch data, identifying clusters for consolidation or decommissioning, and hardening remaining clusters (encryption, security group lockdown, public accessibility disabled).
- EC2-to-EKS migration — assessing the EC2 fleet for containerization feasibility, migrating appropriate workloads to EKS with IRSA replacing instance profiles, and cleanly decommissioning migrated instances including Terraform state cleanup.
- General IaC hygiene — importing unmanaged resources into Terraform, refactoring existing modules for consistency, and ensuring all changes across the three accounts are tracked in version control.
REQUIRED QUALIFICATIONS
- 5+ years of hands-on AWS experience across IAM, compute, storage, and networking — working directly in accounts, not just designing on whiteboards.
- Required: Valid AWS certification:
- AWS Solutions Architect – Associate or Professional
- AWS Security Specialty a strong plus given the IAM and S3 scope
- Expert Terraform: authoring and refactoring modules, importing existing resources, managing remote state across multiple accounts, and shipping changes through CI pipelines.
- Deep IAM knowledge: policy evaluation logic, permission boundaries, OIDC federation, IRSA, cross-account roles, and Access Analyzer.
- S3: bucket policy authoring, KMS CMK integration, public access controls, and lifecycle configuration.
- RDS / Aurora: right-sizing methodology, Performance Insights, parameter group hardening, and security group configuration.
- Kubernetes / EKS: cluster operations, IRSA, RBAC, Helm, and migrating workloads from EC2.
- GitLab CI/CD: OIDC-based AWS authentication and Terraform pipeline workflows.
- HashiCorp Vault: dynamic AWS credentials to replace static IAM access keys.
NICE TO HAVE
- Terraform Enterprise or Terraform Cloud: Sentinel policy enforcement, workspace-per-account patterns.
- AWS Organizations / SCPs for preventive guardrails across accounts.
- Experience triaging findings from CSPM tools (Upwind, Wiz, or similar) to prioritize remediation.
- Familiarity with Lumos or similar IGA tooling for access review workflows.
TECH STACK
AWS
- IAM | S3 | KMS | RDS / Aurora | EC2 | EKS | VPC | Secrets Manager | SSM
IaC & Delivery
- Terraform / Terraform Cloud or Enterprise
- GitLab CI/CD (OIDC AWS auth)
- HashiCorp Vault Enterprise
- Helm / Kustomize
Compliance Targets
- CIS AWS Foundations Benchmark | AWS Foundational Security Best Practices (FSBP)
Skills
Similar jobs
Mid Cloud Computing Infrastructure Architect
Booz Allen Hamilton · Warner Robins, United States
1 hour ago$86.8k - $198k/yrCloud Software Engineer 3 with Security Clearance
Wyetech, LLC · Annapolis Junction, United States
3 hours ago$88 - $125/hrCloud Architect
SAIC · United States
3 hours ago$160.0k - $200k/yrMicrosoft Azure Cloud Engineer - Atlas Tech with Security Clearance
Atlas Tech · Charleston, United States
4 hours ago$98k - $120k/yrJunior Cloud Software Engineer with Security Clearance
Visionist, Inc. · Columbia, United States
4 hours ago$115k - $159k/yrCloud Systems Architect L3 with Security Clearance
Power3 Solutions · Annapolis Junction, United States
4 hours ago$200k - $275k/yr