RAPID EAGLE INC
Benefits:
401(k) matching
Dental insurance
Health insurance
AWS Architect, Fremont, CA Skills – Role overview Own the end‑to‑end cloud architecture and security posture for the MVP, translating requirements into a pragmatic, production‑ready design that can be delivered by a small, focused team (2× Cloud Engineers, DevOps Engineer). Lead architecture decisions, risk trade‑offs, and go‑live readiness.
Key Responsibilities
Architecture ownership: Map requirements to AWS managed services; maintain Architecture.md and decision records (ADRs).
Content delivery: Design CloudFront with Origin Access Control (OAC), Origin Shield, cache policies, WAF baseline, and short‑TTL signed URLs (Key Groups).
Storage & data: Define S3 buckets with versioning/lifecycle/KMS; enable Multi‑Region Access Point (MRAP) for read path; DynamoDB schema and Global Tables for metadata.
Services: Guide API Gateway + AWS Lambda patterns (metadata‑service, upload‑service with multipart + checksum, link‑service issuing signed URLs) with JWT authorizers.
Identity: Integrate Salesforce Partner Portal SAML with Amazon Cognito (User Pool as SP); internal admin SSO via IAM Identity Center; token/claims design and session security.
Security: Enforce least‑privilege IAM, KMS multi‑Region keys, Secrets Manager/SSM, TLS policies, WAF managed rules and suppressions.
Observability: CloudFront logs → Kinesis Firehose → S3; CloudTrail (incl. S3 data events); CloudWatch metrics, dashboards, and alarms.
DR & reliability: Propose RTO/RPO; enable DynamoDB PITR; plan MRAP read‑path failover drill; create runbooks for failover/rollback.
Performance & scale: Tune large‑file handling (multipart, range, resume), cache hit ratios, and edge performance; guide load testing targets.
Cost & sustainability: Set cache and lifecycle strategies; review cost reports; recommend optimizations post‑MVP.
Delivery leadership: Sequence scope for a 12‑week plan; de‑risk critical paths; partner with DevOps on Terraform modules, CI/CD, and environment promotion gates.
Minimum Qualifications
8+ years hands‑on with AWS; proven lead/architect on production systems.
Deep expertise in: CloudFront (OAC, signed URLs, WAF), S3 (versioning, lifecycle, MRAP), DynamoDB (Global Tables, PITR), API Gateway, Lambda, Cognito (SAML SP), IAM/IAM Identity Center.
Multi‑account Organizations experience (OUs, SCPs, baselines) and OIDC‑based CI/CD.
Strong Terraform design for multi‑region/multi‑account, with immutable deployments and drift detection.
Security best practices: KMS, Secrets Manager, SSM, WAF, TLS, least‑privilege IAM policy design.
Observability setup: CloudTrail, CloudWatch, structured logging, alarms, and metrics for SLOs.
Excellent written architecture artifacts and stakeholder communication.
Preferred Qualifications Large‑object distribution performance (range/resume, Origin Shield tuning, cache key s)
#J-18808-Ljbffr
401(k) matching
Dental insurance
Health insurance
AWS Architect, Fremont, CA Skills – Role overview Own the end‑to‑end cloud architecture and security posture for the MVP, translating requirements into a pragmatic, production‑ready design that can be delivered by a small, focused team (2× Cloud Engineers, DevOps Engineer). Lead architecture decisions, risk trade‑offs, and go‑live readiness.
Key Responsibilities
Architecture ownership: Map requirements to AWS managed services; maintain Architecture.md and decision records (ADRs).
Content delivery: Design CloudFront with Origin Access Control (OAC), Origin Shield, cache policies, WAF baseline, and short‑TTL signed URLs (Key Groups).
Storage & data: Define S3 buckets with versioning/lifecycle/KMS; enable Multi‑Region Access Point (MRAP) for read path; DynamoDB schema and Global Tables for metadata.
Services: Guide API Gateway + AWS Lambda patterns (metadata‑service, upload‑service with multipart + checksum, link‑service issuing signed URLs) with JWT authorizers.
Identity: Integrate Salesforce Partner Portal SAML with Amazon Cognito (User Pool as SP); internal admin SSO via IAM Identity Center; token/claims design and session security.
Security: Enforce least‑privilege IAM, KMS multi‑Region keys, Secrets Manager/SSM, TLS policies, WAF managed rules and suppressions.
Observability: CloudFront logs → Kinesis Firehose → S3; CloudTrail (incl. S3 data events); CloudWatch metrics, dashboards, and alarms.
DR & reliability: Propose RTO/RPO; enable DynamoDB PITR; plan MRAP read‑path failover drill; create runbooks for failover/rollback.
Performance & scale: Tune large‑file handling (multipart, range, resume), cache hit ratios, and edge performance; guide load testing targets.
Cost & sustainability: Set cache and lifecycle strategies; review cost reports; recommend optimizations post‑MVP.
Delivery leadership: Sequence scope for a 12‑week plan; de‑risk critical paths; partner with DevOps on Terraform modules, CI/CD, and environment promotion gates.
Minimum Qualifications
8+ years hands‑on with AWS; proven lead/architect on production systems.
Deep expertise in: CloudFront (OAC, signed URLs, WAF), S3 (versioning, lifecycle, MRAP), DynamoDB (Global Tables, PITR), API Gateway, Lambda, Cognito (SAML SP), IAM/IAM Identity Center.
Multi‑account Organizations experience (OUs, SCPs, baselines) and OIDC‑based CI/CD.
Strong Terraform design for multi‑region/multi‑account, with immutable deployments and drift detection.
Security best practices: KMS, Secrets Manager, SSM, WAF, TLS, least‑privilege IAM policy design.
Observability setup: CloudTrail, CloudWatch, structured logging, alarms, and metrics for SLOs.
Excellent written architecture artifacts and stakeholder communication.
Preferred Qualifications Large‑object distribution performance (range/resume, Origin Shield tuning, cache key s)
#J-18808-Ljbffr