FamilySearch Software Dev Eng - Cloud Platform Architect; Lehi, UT

Family Search Software Dev Eng 6-Staff Cloud Platform Architect (Lehi, UT)

Join to apply for the Family Search Software Dev Eng 6‑Staff Cloud Platform Architect (Lehi, UT) role at The Church of Jesus Christ of Latter‑day Saints
. This position focuses on cloud networking and IAM (AWS).

• Lead cloud networking architecture: design new networks, oversee routing, traffic flows across Cloud Front, ALB/ELB/NLB, third‑party DDOS/WAF, reverse proxies, on‑prem load balancing, and cross‑domain controls.
• Re‑architect network boundaries and firewalls (e.g., migrating from legacy firewalls to AWS‑native constructs) to simplify reasoning, improve security, and reduce operational toil.
• Govern DNS posture (Route 53), ensuring resilient, least‑privilege automation for DNS updates with auditable workflows.
• Provide oversight for AWS Organizations: OU structure, Service Control Policies (SCPs), guardrails, account vending, and associated automation.
• Define and evolve IAM strategy—RBAC/ABAC, permission boundaries, cross‑account patterns—for secure service‑to‑service access across accounts and regions.
• Partner with Security on threat modeling, controls codification, and incident readiness; contribute to security governance.
• Serve on cross‑org committees:
  Architecture Review Board, URI Naming, Privacy, Technical Plan, and Business Continuity.
• Enable platform users by synthesizing pain points, generalizing solutions, and collaborating with product managers on roadmap and implementation.
• Provide design/implementation leadership for key services (e.g., Russian Access/Yandex admin, Family Search Center proxies, Blaze Proxy, Correctional Facilities, OLIB decommissioning, Germany Redaction) ensuring secure, performant, compliant architectures.

• Bachelor’s degree in computer science or closely related field or equivalent experience.
• 12+ years of progressive, relevant professional experience, including 8+ years in large‑scale cloud networking and security architecture in multi‑account AWS environments.
• Completed at least two major cycles of system architecture, successfully rolling out through at least two development cycles.
• Strong understanding of Agile Software Development principles.
• Demonstrated external industry validation and enterprise‑grade vision.
• Exceptional written and verbal communication across all business levels.
• Leadership of cross‑functional and inter‑departmental teams, ability to mentor peers, and drive technical decisions without supervision.
• Expertise in AWS networking (VPC, TGW, Direct Connect, Private Link), IAM, security primitives, and Dev Sec Ops .
• High‑level understanding of CI/CD principles, troubleshooting under pressure, and incident management.
• Experience participating in security and architecture governance, and readiness for business continuity planning.
• Ability to stay current with technology trends relevant to the organization.
• Experience in a regulated, high‑availability environment at enterprise scale.
• Physical requirements:
  
  ability to sit for extended periods and use computer equipment.

• Master’s degree in a related field.
• Hands‑on expertise with VPC, TGW, Direct Connect, Private Link, Route 53, Cloud Front, ALB/ELB, WAF/Shield/Imperva, NAT, NACLs/SGs, and traffic engineering across regions.
• Advanced knowledge of AWS IAM (roles, policies, permission boundaries, federation/SSO, cross‑account patterns), SCPs, RBAC/ABAC, and service‑to‑service authentication.
• Proven track record designing segmented, well‑architected network topologies applying zero‑trust principles and migrating legacy firewalls to AWS‑native controls.
• Strong DNS competency (A, CNAME, NS, MX, DKIM, DMARC, SPF) and domain lifecycle governance.
• Experience partnering with Security, participating in architecture governance, and ensuring incident/BCP readiness.
• Excellent critical‑thinking, communication, and influence skills.
• Experience in regulated, high‑availability enterprise environments and audit evidence collection.
• Hands‑on with edge policies, CDN tuning, and bot/abuse mitigation.
• Familiarity with AWS Work Mail, account vending/landing‑zone automation, drift detection.
• Track record driving organization‑wide…