AWS Platform Architect

AWS Platform Architect

We are seeking a highly skilled and hands-on AWS Platform Architect to join Tata Consultancy Services. This pivotal role involves designing, automating, and governing a secure, scalable AWS foundation to support critical payment workloads, advanced data & AI platforms, and core enterprise applications.

You will blend deep technical implementation using Infrastructure as Code (IaC), robust CI/CD practices, and security automation, with program governance, compliance oversight, and strategic stakeholder leadership. This position requires 10-15 years of total experience, with 6-8 years specifically focused on AWS platform architecture and automation.

Key Responsibilities

• Platform Provisioning & Automation: Design and automate AWS Organizations, multi-account strategies, SCPs, VPC architectures, Transit Gateway, PrivateLink, and centralized egress. Implement comprehensive IAM controls (roles, permission boundaries, identity federation), AWS SSO, and enterprise-aligned guardrails. Automate security services like Config, GuardDuty, Security Hub, CloudTrail, KMS, Macie, and Detective, alongside monitoring solutions (CloudWatch, X-Ray). Build reusable Terraform modules and CI/CD pipelines for consistent environment provisioning.
• Security & Compliance Integration: Integrate FCB-defined (or customer-defined) security controls, IAM policies, and program guardrails across all accounts and workloads. Map controls to industry frameworks such as PCI DSS (for payments), SOC 2, ISO 27001, and NIST CSF, implementing automated evidence collection. Define and enforce least-privilege access, encryption standards, network segmentation, and operational monitoring baselines.
• CI/CD & Infrastructure-as-Code: Establish and manage CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Azure DevOps, CodePipeline) for both infrastructure and application workloads. Standardize Terraform workflows, including workspaces, state management, and policy as code enforcement using OPA, Conftest, or Terraform Cloud/Enterprise. Integrate automated testing, encompassing static analysis, drift detection, security scanning, and compliance validation.
• Workload Enablement (Payments, Data & AI, Core Apps): Architect secure payment environments, ensuring PCI-ready controls, tokenization patterns, and audit readiness. Design robust data platform services (data lakes, analytics, AI/ML) including ingestion pipelines, governance, data lineage, and secure access mechanisms. Enable core application services and platform components such as EKS/ECS, serverless functions, managed databases, caching, messaging, and comprehensive observability solutions.
• Program Governance & Reporting: Define and implement program guardrails, governance models, KPIs, and reporting cadences. Conduct compliance audits with automated evidence collection. Establish rigorous change management processes, incident response protocols, and cost governance (FinOps guardrails, tagging strategies, budgets, anomaly detection).
• Documentation & Handover: Produce detailed architecture diagrams, runbooks, technical standards, comprehensive Terraform module catalogs, and operational playbooks. Lead knowledge transfer sessions and facilitate operational handover to relevant platform and application teams.

Required Qualifications

• Hands-on expertise across key AWS services: Organizations, VPC networking, IAM, KMS, Security Hub, GuardDuty, Config, CloudTrail, CloudWatch, and various data services.
• Terraform mastery, including modules, state management, workspaces, and policy as code. Proven experience in setting up CI/CD pipelines for both infrastructure and application deployments.
• Strong background in security and compliance (PCI DSS, SOC 2, ISO 27001, NIST CSF), covering control design, automation, and audit readiness.
• Expertise in advanced networking concepts: multi-account networking, segmentation, Transit Gateway, Route 53, NAT/east-west patterns, PrivateLink, and hybrid connectivity (Direct Connect/VPN).
• Experience in data & AI platform design, including data lake architectures, analytics pipelines, access controls, and ML orchestration (e.g., SageMaker, EKS-based solutions).
• Proficiency with containers & serverless technologies: EKS/ECS, Lambda, API Gateway, event-driven patterns, and implementing observability and resilience.
• Demonstrated strong stakeholder leadership, including requirements gathering, current-state assessment, roadmap creation, and cross-functional alignment.

Nice-to-Have

• PCI-ready payment workload enablement experience.
• Knowledge of FinOps and cost optimization practices.
• Familiarity with policy-as-code tools such as OPA/Conftest, Checkov, and Infracost.
• Experience with specific CI/CD platforms: GitHub Actions, GitLab CI, Azure DevOps, CodePipeline.
• Understanding and application of SRE practices: error budgets, SLIs/SLOs, runbooks, chaos testing.
• Relevant certifications: AWS Solutions Architect – Professional, AWS Security Specialty, Certified Kubernetes Administrator (CKA).

Tools & Tech Stack

• IaC & Pipelines: Terraform, Terragrunt (optional), GitHub/GitLab/Azure DevOps/CodePipeline
• Security & Governance: AWS Config, Security Hub, GuardDuty, CloudTrail, KMS, IAM Identity Center, SCPs
• Networking: VPC, TGW, Route 53, PrivateLink, Direct Connect/VPN
• Observability: CloudWatch, CloudWatch Logs, X-Ray, OpenTelemetry (optional)
• Data & AI: S3, Lake Formation, Glue, Athena/Redshift, EMR, Kinesis/MSK, SageMaker, Step Functions

Key skills/competency

• AWS Architecture
• Cloud Security
• Terraform
• CI/CD
• PCI DSS Compliance
• IAM
• VPC Networking
• Data Platforms
• AI/ML
• Program Governance