Job Title- AWS Solutions Architect (+Hands on)
Location- 100% Remote
Long Term Contract
Deliverables Owned / Accountable by AWS Solutions Architect
- Landing Zone Assessment Report
- Minimum Viable Standards (MVS) Document
- Guardrails Architecture (IAM, network, tagging, encryption, security)
- Policy‑as‑Code Framework (design & coverage)
- Architecture standards for IaC, CI/CD, Observability, AMIs
- Service Catalog Framework (design)
- ServiceNow Cloud Intake Architecture
- Cloud COE Portal Information Architecture
- ARB (Architecture Review Board) Governance Model & Templates
Scope of work in detail
Phase 1 – Foundation Capabilities
3.1 Cloud COE (Governance & Enablement)
Landing Zone & Account Strategy
- Conduct Landing Zone Assessment (current vs best practices)
- Modernize AWS Control Tower account provisioning process
- Define integration approach for account provisioning with ServiceNow ticketing approval
- Define account and global customizations based on AWS best practices
Governance & Control
- Define Service Control Policies for top 5 compliance risks
- Define Core Guardrails:
- IAM structure and access controls
- Network segmentation and boundaries
- Enterprise tagging strategy
- Encryption standards
- Security guardrails
Architecture Standards & Golden Paths
- Define Golden Paths (top 3–5 patterns)
- Create pre‑approved templates for IaC (design and standards)
- Define Logging and Monitoring / Observability templates
- Define architecture standards for:
- IAM Roles
- Containers
- Networking
- Serverless
Infrastructure & Platform Standards
- Define architecture standards for Core IaC Modules:
- Networking (VPC/VNet, subnets, routing)
- Base computing standards
- Kubernetes platform (EKS/AKS, etc.)
- Patching framework
- Container base images
- Security baseline
Infrastructure Image Management (Design & Governance)
- Define AMI hardening and usage standards aligned to TCH security requirements
- Define architectural standards for image lifecycle and usage
Central Infrastructure Strategy
- Define Central Infrastructure Management Account architecture
- Define usage model for central teams (middleware, patching, databases, etc)
CI/CD & Platform Enablement Standards
- Define CI/CD standards:
- Branching strategies
- Infrastructure provisioning and application deployment strategies
- Rollback strategies
- Artifacts management
- Access and sensitive data management strategies
- Multi‑account / multi‑environment deployment strategies
Service Enablement & Intake
- Define Service Catalog Framework and identify top 3 initial catalog items:
- Infrastructure provisioning (S3, EC2, etc.)
- Account management and multi‑tier application architecture
- IaC deployment pipeline
- EKS portfolio
- Define intake process for Cloud services via ServiceNow:
- Intake workflows
- Approval gates
- SLAs
- Standard request forms (provisioning, access, changes)
- Integration points with Service Catalog and CI/CD
Cloud COE Portal
- Define Cloud COE Portal / Page:
- Information architecture for artifacts (standards, IaC modules, runbooks, policies)
- Documentation standards and templates
- Access model and publishing workflow
Phase 2 – Targeted Build & Expansion
4.1 Cloud COE
Governance & Architecture Expansion
- Expand Policy‑as‑Code to broader compliance domains
- Enhance IaC library with additional reusable blueprints and patterns
- Define governance model for self‑service provisioning via Service Catalog
- Define DevSecOps control architecture for pipeline integration
Advanced Service Intake Architecture
- Define Advanced ServiceNow‑based Cloud Intake architecture:
- Workflow design
- Approval and automation patterns
- Intake SLA and throughput reporting model
- Define integration architecture:
- ServiceNow with AWS Identity Center for access management
- ServiceNow with Control Tower AFT account vending
Advanced Cloud COE Portal
- Architect and define Advanced Cloud COE Portal / Page:
- Publishing standards, IaC modules, runbooks, policies
- Search and versioning design
- Access control model
- Documentation lifecycle management
Your sincerely,
Ajay Sharma | Sr. Technical Recruiter.
Net2Source Inc.
Fax: (201) 221-8131 | Email: ajays@net2source.com
Global HQ Address: 270 Davidson Ave, Suite 704, Somerset, NJ 08873, USA
