Employer简体中文Login/Signup

Senior AWS Cloud Security & Platform Architect

Chicago 2 days agoContractor External
Negotiable
Avance Consulting

Avance Consulting

Key Responsibilities Architecture Design Design and implement scalable secure and high performance architectures using AWS services Create API first solutions leveraging Amazon API Gateway with integrations to Lambda microservices and backend systems Architect secure and isolated Amazon VPC environments including subnets routing NAT security groups and NACL configurations Implement authentication and authorization flows using Amazon Cognito including user pools identity pools federation and OAuth flows Design resilient content delivery and edge security solutions using Amazon CloudFront and AWS WAF Ensure secure secrets storage and rotation using AWS Secrets Manager Security Compliance Implement best practices for cloud security IAM network segmentation and data protection Develop WAF rulesets to mitigate OWASP top10 risks and other applicationlevel threats Ensure designs comply with security frameworks CIS NIST ISO etc Operational Excellence Build Infrastructure as Code IaC using CloudFormation or Terraform Optimize system performance cost and reliability using AWS Well Architected principles Troubleshoot production issues across networking authentication API management and edge delivery layers Implement monitoring logging and observability using CloudWatch XRay or equivalent tools Collaboration Work closely with developers DevOps security teams and stakeholders to translate business requirements into technical designs Participate in architectural reviews and provide guidance on AWS best practices Required Skills Experience 10 years of handson AWS cloud architecture or engineering experience Strong expertise in API Gateway REST APIs JWT authorizers throttling usage plans VPC peering PrivateLink transit gateway subnet design Cognito MFA hosted UI federation token management WAF rule groups bot mitigation CloudFront integration CloudFront cache policies edge functions origin configuration Secrets Manager rotation access control kms integration Strong understanding of networking fundamentals TCPIP DNS VPN routing load balancing Experience with serverless or microservices architectures Lambda ECS Fargate Proficiency with IaC tools Cloud Formation Terraform Solid understanding of IAM policies and identity management"