AWS Cloud Infrastructure Architect

This is a remote position.

About This Opportunity

CTI Staffing is partnering with a leading healthcare technology organization to place an AWS Cloud Infrastructure Architect for a high-impact cloud migration engagement. This team is executing a full VMware-to-AWS migration for an enterprise healthcare environment and needs an experienced architect who can own the technical design end-to-end - from landing zone and networking to identity integration, remote access, and compliance. This is a delivery role, not advisory: you'll be producing architecture diagrams, build documentation, and working directly with client stakeholders from kickoff through MVP validation.

What You'll Do

• Design and build a customized AWS landing zone using Infrastructure as Code (Terraform and/or CloudFormation), including AWS Organization structures, SCPs, and Control Tower guardrails aligned to HIPAA and HITRUST requirements
  
• Architect hub-and-spoke network topology using Transit Gateway with Site-to-Site VPN connections, workload VPCs, and an inspection VPC with AWS Network Firewall
  
• Design AWS Client VPN deployments integrated with Active Directory Connector and multi-factor authentication
  
• Architect AWS Workspaces Pools with ADFS and SAML 2.0 authentication for enterprise remote access
  
• Plan and execute Minimum Viable Product server migrations to validate the overall migration approach
  
• Establish AWS Backup architecture with continuous backups and Point-in-Time Recovery configured to compliance requirements
  
• Lead and participate in kickoff meetings, technical design sessions, and client training
  
• Produce comprehensive architecture diagrams and build documentation for client handoff
  

Requirements

What You Bring

Must-Have:

• 5+ years of AWS cloud architecture experience with a track record of delivering production environments, not just designing them
  
• Proven hands-on experience designing and building AWS landing zones, including Control Tower configuration, OUs, and SCPs
  
• Strong Infrastructure as Code delivery experience with Terraform and/or CloudFormation
  
• Advanced AWS networking skills: VPC design, Transit Gateway, Site-to-Site VPN, Client VPN, and inspection/firewall architectures
  
• Active Directory integration with AWS services, including AD Connector, ADFS, and SAML 2.0 federation
  
• HIPAA and HITRUST compliance expertise applied directly to cloud infrastructure architecture
  
• Experience leading or co-leading VMware-to-AWS workload migrations
  

Nice-to-Have:

• AWS Solutions Architect Professional certification or equivalent advanced certification
  
• AWS Workspaces Pools deployment and management experience
  
• AWS Security Hub, GuardDuty, and Firewall Manager implementation experience
  
• Prior experience in healthcare IT environments or health system infrastructure
  
• AWS WAF configuration and certificate management experience
  

Technical Environment:

• AWS services: Control Tower, Organizations, VPC, Transit Gateway, Client VPN, Workspaces, Network Firewall, Security Hub, GuardDuty, Firewall Manager, Backup
  
• Identity: Active Directory, AD Connector, ADFS, SAML 2.0, MFA solutions
  
• Infrastructure as Code: Terraform, CloudFormation
  
• Compliance frameworks: HIPAA, HITRUST
  
• Additional: encryption and certificate management, DNS/DHCP design
  

What Success Looks Like:

• A fully documented, HIPAA/HITRUST-compliant AWS landing zone delivered within scope and timeline
  
• Hub-and-spoke network, Client VPN, and Workspaces Pools fully operational with AD/ADFS integration validated
  
• MVP server migrations completed and client teams trained and capable of managing the environment