Cloud Architect

Cloud EngineerW2 Contract100% RemoteDesign, build, and govern a cloud landing zone and enterprise architecture for systems & IT services supporting the Kentucky Department of Child Support Program on a major cloud provider (AWS or Azure) so it is secure, resilient, observable, and ready for migration and cutover.Duties and ResponsibilitiesPerform technical planning, architecture development, and specification updates for the cloud environment; deliver reference architectures that pass security review.Define and implement the landing zone with Infrastructure-as-Code:o AWS: VPC/subnets, PrivateLink, ALB/NLB/WAF, KMS/Secrets Manager, RDS/Aurora/SQL Server patterns, backup/DR.o Azure: VNets/subnets, Private Endpoint, Application Gateway/Firewall, Key Vault, Azure SQL patterns, backup/DR.Design observability (App Insights/Log Analytics or CloudWatch/CloudTrail/OpenSearch) and baseline SLOs with alert runbooks.Integrate enterprise identity (Entra ID or AWS IAM/IAM Identity Center) and secrets management (Key Vault or KMS/Secrets Manager).Partner with the Database Architect on data connectivity, encryption, and performance; support cutover and rollback readiness.DeliverablesCloud reference architecture and landing zone with IaC templates (Bicep/Terraform or CloudFormation/Terraform).Identity and security integration blueprint.Disaster recovery plan and test results; operational runbooks.Cloud readiness findings and modernization work plans.MUST-HAVE Requirements (non-negotiable)≥ 8 years enterprise cloud architecture/engineering (AWS or Azure), with at least one re-platform or migration delivered.Hands-on with:o Networking: VNets/VPCs, subnets, Private Endpoint/PrivateLink, routing, perimeter controls (AppGW/Firewall or ALB/NLB/WAF).o Identity/secrets: Entra ID or AWS IAM/Identity Center; Key Vault or KMS/Secrets Manager.o Data tier: Azure SQL or AWS RDS/Aurora/SQL Server; encryption and DR patterns.o IaC: Bicep/Terraform or CloudFormation/Terraform.Produced reference architectures that supported security sign-off and go-live.Preferred QualificationsState/federal modernization AWS Solutions Architect Professional. And/or Azure Solutions Architect ExpertTools and PlatformsAzure Portal/CLI or AWS Console/CLI; Bicep/Terraform or CloudFormation/Terraform; Entra ID or IAM/Identity Center; App Insights/Log Analytics or CloudWatch/CloudTrail; Key Vault or KMS; GitHub/Azure DevOps.Performance MeasuresSuccessful landing zone reviews and security sign-offs.Documented RPO/RTO and DR test pass rate.Deployment reliability and baseline performance targets met.