Gravity IT Resources
To Apply for this Job Click Here
Job Summary
As a Cloud Architect, you will design, implement, and maintain serverless and container-based infrastructure (Lambda, ECS) and data services (Aurora PostgreSQL with vector search) to support Retrieval-Augmented Generation with company data to connect diverse enterprise systems and deliver business outcomes at scale. This work will be foundational for the products supported by our shared technology services team in solving some of our hardest problems such as optimizing the supply chain, integrating 100+ manufacturing sites into an enterprise Data Fabric, and helping automate the proposal processes around multi-million dollar contracts, along with many other huge opportunities. You will work across multiple business programs to enable AI outcomes as a front-line builder for new applications and capabilities built in the AWS cloud. Your expertise in scalable serverless cloud architecture, cloud security, and multi-tier architectures will help drive infrastructure-as-code and automation-first approaches using AWS CloudFormation (CFT) and CI/CD to accelerate delivery of our AI-driven solutions across supply chain optimization, manufacturing operations, and enterprise analytics initiatives.
Daily Duties Include
Translate solution needs from app teams into AWS architectures and IaC templates; iterate designs through reviews and proofs-of-concept
Build, version, and maintain CloudFormation stacks/modules for core services (VPC, subnets, security groups/firewalls, IAM, S3, API Gateway, EventBridge, ECS, Lambda, Aurora PostgreSQL)
Engineer RAG-enabling data layers: configure Aurora PostgreSQL schemas, extensions, and vector search; define ingestion, embeddings, and retrieval patterns in collaboration with backend engineers
Operate and optimize serverless/container workloads: autoscaling, concurrency, cold-start mitigation, task sizing, and reliability tuning
Stand up and manage CI/CD (CodeBuild, CodeDeploy, CodePipeline) for infra and shared services; implement automated testing, gated promotions, and rollback strategies
Define and enforce IAM policies, roles, boundaries, and secrets/KMS practices; implement least-privilege access patterns for services and developers
Configure secure data flows in S3 (encryption, lifecycle policies), VPC networking (routing, private/public subnets, NACLs), and perimeter controls (WAF/security groups/firewalls)
Provide platform SRE support: logging, metrics, tracing, alarms, dashboards, error budgets, and incident response for shared cloud services
Conduct architecture and threat-model reviews; track risks, decisions, and corrective actions tied to SQDC outcomes
Partner with frontend and backend teams: expose well-documented interfaces (APIs, events, service endpoints), provision environments, and resolve cloud-side blockers
Perform cost reviews and right-sizing; implement tagging, budgets, and alerts to optimize spend without compromising Safety or Quality
Technical Skills
Deep hands-on expertise in AWS core services: Lambda, ECS, API Gateway, EventBridge, S3, VPC, subnets, NACLs, security groups/firewalls, Route 53, CloudWatch/CloudTrail
Deep hands-on experience with Infrastructure as Code with CloudFormation (modular stacks, nested stacks, change sets, parameters, stack policies) and IAM architecture: roles, policies, permission boundaries, service-linked roles, federation, least-privilege design, and KMS-based encryption
Aurora PostgreSQL proficiency: schema design, performance tuning, connections, and vector search patterns for RAG workloads
Familiarity with RAG platform engineering: embeddings pipelines, retrieval patterns, cache strategies, and collaboration with backend teams using Python/Node.js and LangChain
CI/CD: CodeBuild, CodeDeploy, CodePipeline; artifact/versioning strategy, blue/green and canary deploys, rollback and drift detection
Networking: VPC design, routing, NAT/IGW, DNS, private link/endpoints, egress patterns, and segmentation/zone models
Observability: structured logging, metrics, tracing, alarms; SLOs/error budgets; incident management and post-incident reviews
Security-by-design: defense-in-depth, secret management, data privacy, and compliance-aligned architectures
Cost management: tagging standards, budgets/alerts, right-sizing, workload patterns, and storage lifecycle optimization
Collaboration: ability to support and unblock frontend/backend developers, write clear runbooks, and coach teams on using platform capabilities safely and efficiently
Understanding of enterprise security patterns including encryption, tokenization, data masking, compliance frameworks (SOX, GDPR, HIPAA), and access control implementation
Soft Skills
Excellent teamwork and communication skills to collaborate with cross-functional teams, including data scientists, analysts, and stakeholders. Ability to articulate complex technical concepts to non-technical audiences.
Ability to showcase teamwork skills to achieve common goals, provide resolutions and share ideas.
Ego free, flexible and eager to collaborate and share ideas.
Equal Employment Opportunity Statement Gravity IT Resources is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other legally protected characteristic. All employment decisions are based on qualifications, merit, and business needs.
#J-18808-Ljbffr
Daily Duties Include
Translate solution needs from app teams into AWS architectures and IaC templates; iterate designs through reviews and proofs-of-concept
Build, version, and maintain CloudFormation stacks/modules for core services (VPC, subnets, security groups/firewalls, IAM, S3, API Gateway, EventBridge, ECS, Lambda, Aurora PostgreSQL)
Engineer RAG-enabling data layers: configure Aurora PostgreSQL schemas, extensions, and vector search; define ingestion, embeddings, and retrieval patterns in collaboration with backend engineers
Operate and optimize serverless/container workloads: autoscaling, concurrency, cold-start mitigation, task sizing, and reliability tuning
Stand up and manage CI/CD (CodeBuild, CodeDeploy, CodePipeline) for infra and shared services; implement automated testing, gated promotions, and rollback strategies
Define and enforce IAM policies, roles, boundaries, and secrets/KMS practices; implement least-privilege access patterns for services and developers
Configure secure data flows in S3 (encryption, lifecycle policies), VPC networking (routing, private/public subnets, NACLs), and perimeter controls (WAF/security groups/firewalls)
Provide platform SRE support: logging, metrics, tracing, alarms, dashboards, error budgets, and incident response for shared cloud services
Conduct architecture and threat-model reviews; track risks, decisions, and corrective actions tied to SQDC outcomes
Partner with frontend and backend teams: expose well-documented interfaces (APIs, events, service endpoints), provision environments, and resolve cloud-side blockers
Perform cost reviews and right-sizing; implement tagging, budgets, and alerts to optimize spend without compromising Safety or Quality
Technical Skills
Deep hands-on expertise in AWS core services: Lambda, ECS, API Gateway, EventBridge, S3, VPC, subnets, NACLs, security groups/firewalls, Route 53, CloudWatch/CloudTrail
Deep hands-on experience with Infrastructure as Code with CloudFormation (modular stacks, nested stacks, change sets, parameters, stack policies) and IAM architecture: roles, policies, permission boundaries, service-linked roles, federation, least-privilege design, and KMS-based encryption
Aurora PostgreSQL proficiency: schema design, performance tuning, connections, and vector search patterns for RAG workloads
Familiarity with RAG platform engineering: embeddings pipelines, retrieval patterns, cache strategies, and collaboration with backend teams using Python/Node.js and LangChain
CI/CD: CodeBuild, CodeDeploy, CodePipeline; artifact/versioning strategy, blue/green and canary deploys, rollback and drift detection
Networking: VPC design, routing, NAT/IGW, DNS, private link/endpoints, egress patterns, and segmentation/zone models
Observability: structured logging, metrics, tracing, alarms; SLOs/error budgets; incident management and post-incident reviews
Security-by-design: defense-in-depth, secret management, data privacy, and compliance-aligned architectures
Cost management: tagging standards, budgets/alerts, right-sizing, workload patterns, and storage lifecycle optimization
Collaboration: ability to support and unblock frontend/backend developers, write clear runbooks, and coach teams on using platform capabilities safely and efficiently
Understanding of enterprise security patterns including encryption, tokenization, data masking, compliance frameworks (SOX, GDPR, HIPAA), and access control implementation
Soft Skills
Excellent teamwork and communication skills to collaborate with cross-functional teams, including data scientists, analysts, and stakeholders. Ability to articulate complex technical concepts to non-technical audiences.
Ability to showcase teamwork skills to achieve common goals, provide resolutions and share ideas.
Ego free, flexible and eager to collaborate and share ideas.
Equal Employment Opportunity Statement Gravity IT Resources is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other legally protected characteristic. All employment decisions are based on qualifications, merit, and business needs.
#J-18808-Ljbffr