Cloud Architect
Brooksource
full-remoteseniorcontractbackend Kentucky, United States 5 days ago via LinkedIn
See how well this job matches your profile
Sign up to get an AI match score and generate a tailored application in seconds.
Get your match scoreTags
Cloud ArchitectureAWSAzureInfrastructure-as-Code (IaC)TerraformBicepCloudFormationNetworkingObservabilityDisaster Recovery
About the role
Role Overview
Design, build, and govern a secure cloud landing zone and enterprise architecture for IT systems supporting the Kentucky Department of Child Support Program. Ensure the environment is secure, resilient, observable, and ready for migration, cutover, and rollback.
Responsibilities
- Perform technical planning and architecture development for the cloud environment; maintain architecture specifications.
- Deliver cloud reference architectures that can pass security review.
- Define and implement the cloud landing zone using Infrastructure-as-Code (IaC):
- AWS: VPC/subnets, PrivateLink, ALB/NLB/WAF, KMS/Secrets Manager, RDS/Aurora/SQL Server patterns, backup/DR.
- Azure: VNets/subnets, Private Endpoint, Application Gateway/Firewall, Key Vault, Azure SQL patterns, backup/DR.
- Design observability and operational readiness:
- App Insights/Log Analytics or CloudWatch/CloudTrail/OpenSearch
- Baseline SLOs and alert runbooks
- Integrate enterprise identity and secrets management:
- Entra ID or AWS IAM/IAM Identity Center
- Key Vault or KMS/Secrets Manager
- Partner with the Database Architect on data connectivity, encryption, and performance; support cutover and rollback readiness.
Deliverables
- Cloud reference architecture and landing zone IaC templates (Bicep/Terraform or CloudFormation/Terraform)
- Identity and security integration blueprint
- Disaster recovery plan and DR test results; operational runbooks
- Cloud readiness findings and modernization work plans
Requirements (Must-Have)
- 8+ years enterprise cloud architecture/engineering experience (AWS or Azure) with at least one re-platform or migration delivered
- Hands-on with:
- Networking: VNets/VPCs, subnets, Private Endpoint/PrivateLink, routing, perimeter controls (AppGW/Firewall or ALB/NLB/WAF)
- Identity & secrets: Entra ID or AWS IAM/IAM Identity Center; Key Vault or KMS/Secrets Manager
- Data tier: Azure SQL or AWS RDS/Aurora/SQL Server, including encryption and DR patterns
- IaC: Bicep/Terraform or CloudFormation/Terraform
- Produced reference architectures that supported security sign-off and go-live
Preferred Qualifications
- State/federal modernization experience
- AWS Solutions Architect Professional and/or Azure Solutions Architect Expert
Tools & Platforms (Examples)
- Azure: Azure Portal/CLI; AWS: AWS Console/CLI
- Bicep/Terraform or CloudFormation/Terraform
- Entra ID or IAM/Identity Center
- App Insights/Log Analytics or CloudWatch/CloudTrail
- Key Vault or KMS
- GitHub/Azure DevOps
Performance Measures
- Landing zone reviews and security sign-offs completed
- Documented RPO/RTO and DR test pass rate
- Deployment reliability and baseline performance targets met
About Brooksource
Brooksource is a technology services and talent solutions firm that places and supports engineering teams for enterprise clients. The role described is focused on cloud architecture and engineering for a state government program, emphasizing secure, resilient, and observable cloud infrastructure on AWS or Azure.
Scraped 4/24/2026