Cloud Engineer

SENIOR AWS SITE RELIABILITY ENGINEERGlobal HFT Infrastructure Re-platform • Capital MarketsConfidential Engagement • New York, NYVery few engineers combine deep AWS platform engineering with live production HFT experience.If that is you, we will move fast.Location: New York, NY (on-site, open to remote)Type: Contract / ResidencyStart: ImmediateExperience: 5+ years (AWS)Industry: Capital Markets / High-Frequency TradingTHE OPPORTUNITYA Tier 1 global investment bank is executing a full replatform of its capital markets trading infrastructure onto AWS — live, in production, across five cities simultaneously. This is not a migration study or a proof of concept. It is an active build.The scope spans New York, London, Hong Kong, Tokyo, and Los Angeles — each city with its own exchange co-location requirements, latency constraints, and regulatory obligations. The target architecture is cloud-native with Direct Connect to co-location facilities, AWS Local Zones for proximity to exchange matching engines, and a full front-to-back trading desk readiness program covering execution, risk, and operations.The firm has chosen AWS as its platform. The rationale is well-grounded: AWS is the only cloud provider with the combination of global region footprint, Local Zones adjacent to major exchanges, and Direct Connect bandwidth for co-location grade connectivity. This is the direction the industry is moving — the largest exchange operators have already committed.The firm has selected a specialist technology partner with AWS Financial Services Competency and an established presence inside this institution to lead the engagement. We are building the delivery team now and need engineers who have operated at this level before.Why This Role Is Genuinely RareMost AWS SREs have never touched a trading environment. Most trading infrastructure engineers have never built on cloud-native AWS at scale. This role requires both — simultaneously, in production, across five global cities.To be specific, you need all of the following in combination:AWS platform depth — not just working knowledge, but architecture-level ownership of networking, compute, and security at enterprise scaleDirect Connect and co-location experience — designing low-latency connectivity between cloud and exchange infrastructure is a distinct discipline most cloud engineers have never doneCapital markets domain fluency — understanding front, middle, and back office workflows well enough to make infrastructure decisions that affect trade executionGlobal multi-region delivery — simultaneously building in New York, London, Hong Kong, Tokyo, and Los Angeles, each with different latency profiles and regulatory requirementsFull-stack operational ownership — not stopping at the cloud boundary, but owning the connection between infrastructure and application delivery all the way to the trading deskWe have been told by the client team that this profile is extremely hard to find. If you have this background, this conversation is worth your time.WHAT YOU WILL BUILDYou are not maintaining legacy systems. You are building the architecture from the ground up — strategy through execution — on a live platform where the output directly supports revenue-generating trading activity.Cloud ArchitectureDesign and implement the AWS Landing Zone and Control Tower for a multi-account, regulated financial services environmentArchitect Direct Connect solutions providing co-location grade connectivity between AWS and exchange matching enginesDeploy AWS Local Zones and Outposts for sub-millisecond proximity to exchanges in New York, London, Hong Kong, Tokyo, and Los AngelesBuild transactional networking architecture — VPC design, Transit Gateway, traffic segmentation, failover — for a global HFT platformDesign and implement security controls mapped to enterprise governance frameworks and regulatory requirements across five jurisdictionsInfrastructure & AutomationOwn infrastructure as code end-to-end: Terraform, CloudFormation, Ansible — not scripts, but production-grade reusable modulesBuild and operate CI/CD pipelines designed for rapid, reliable releases in a zero-downtime trading environmentContainer orchestration on EKS and ECS — designing for the performance and availability requirements of trading workloadsMonitoring, observability, and incident response aligned to trading desk SLAs where downtime is measured in lost trades, not ticketsTrading Environment IntegrationOwn the full stack from AWS infrastructure through application delivery — the gap between cloud and on-prem is where trades are lostIntegrate AWS infrastructure with market data platforms including FIS and Refinitiv, ensuring the data pipeline meets latency requirementsWork directly with front, middle, and back office trading desk teams to translate their requirements into infrastructure decisionsSequence a global rollout across five cities — each city has different exchange connectivity requirements, regulatory obligations, and latency profiles that must be accounted for in the architectureOperational ReadinessDefine and enforce SLAs for trading desk infrastructure where performance degradation has direct P&L impactBuild incident response playbooks and runbooks for a 24-hour global trading operationEstablish identity, access management, and privileged access controls aligned to enterprise security and SMBC-equivalent governance frameworksCross-functional collaboration with networking, security, application, and trading teams across multiple geographies and time zonesWHAT WE NEEDThe bar for this role is high because the environment demands it. Leadership is already in place. We need engineers who can sit down, understand the architecture, and start building. There is no ramp-up runway on a live trading platform.Non-Negotiable Requirements5+ years of hands-on AWS in production — not certifications, not sandbox environments. You need to have owned production AWS infrastructure at scale.Capital markets or trading technology background — you understand what a trading desk needs and why infrastructure decisions upstream affect execution downstream.Direct Connect architecture experience — you have designed and operated co-location connectivity, not just read the documentation.AWS Landing Zone / Control Tower implementation — you have built one, not advised on one.Infrastructure as Code at production scale — Terraform and/or CloudFormation, building reusable modules that other engineers depend on.Also RequiredAWS networking depth: VPC, Transit Gateway, Route 53, PrivateLink, security groups, NACLs — you can design this from scratchContainer orchestration: EKS and/or ECS in production, not just POC deploymentsCI/CD pipeline design and operation: GitHub Actions, Jenkins, or equivalent in a real delivery environmentMonitoring and observability: CloudWatch, Datadog, or equivalent — with alerting and response processes you have personally ownedComfort operating across multiple time zones and collaborating with globally distributed teamsWhat Will Separate the Best CandidatesAWS Local Zones or Outposts experience — deploying infrastructure for proximity to exchange matching engines is rare and directly relevantFIS or Refinitiv integration on AWS — hands-on experience connecting market data platforms to cloud infrastructurePrior work at or inside a Tier 1 investment bank, bulge bracket firm, or global trading operation in a technology capacityExperience with NYSE, Nasdaq, CME, or equivalent exchange co-location environmentsAWS Certified Solutions Architect — Professional or AWS Certified DevOps Engineer (as a signal of depth, not a box to check)Familiarity with capital markets regulatory frameworks: Fed, OCC, NYDFS, FINRA, SEC, FCA, MAS — understanding the compliance constraints you are building withinYou will work alongside a full-stack cloud SRE team with access to subject matter experts in financial services compliance, network architecture, and trading technology. You will not be an external consultant advising from a distance — you will be inside the build.