Apply on Employer Site

The Church of Jesus Christ of Latter-day Saints · 2 days ago

FamilySearch Software Dev Eng 6-Staff Cloud Platform Architect (Lehi, UT)

Lehi, UT

Full-time

Onsite

Lead/Staff

12+ years exp

The Church of Jesus Christ of Latter-day Saints is seeking a Staff Cloud Platform Architect to lead their cloud networking architecture and IAM strategy. This role involves overseeing network design, DNS management, and collaborating with security teams to enhance infrastructure posture and compliance.

Non ProfitReligion

Comp. & Benefits

No H1B

Responsibilities

Provide architecture oversight for existing network topologies and lead the design of all new networks (layered/segmented, multi-AZ/region)

Own end-to-end routing architecture and traffic flows across CloudFront, ALB/ELB/NLB, 3rd Party DDOS/WAF, reverse proxies, on-prem load balancing, BCP-47 language tags, and cross-domain controls

Lead the re-architecture of complex network boundaries and firewalls (e.g., ICS firewall → AWS-native constructs) to simplify reasoning, improve security, and reduce operational toil

Govern DNS for product and corporate domains, including MX, DKIM, DMARC, SPF records and domain registration approvals

Ensure resilient, least-privilege automation for DNS updates and changes with auditable workflows

Set direction and provide oversight for AWS Organizations: OU structure, Service Control Policies (SCPs), service integrations, account vending, and guardrails

Define and continuously evolve RBAC/ABAC and IAM policy strategies—identity-, resource-, and permission-boundary patterns—for secure service-to-service access across accounts and regions

Partner with AWS Support and internal stakeholders to keep pace with platform advances and to resolve high-severity issues swiftly

Oversee secure email hosting used in account creation (AWS WorkMail) and related provisioning flows

Partner closely with Security to validate infrastructure posture, drive threat-modeling, codify controls, and contribute to Security Committee discussions with deep IAM expertise

Champion production-readiness and compliance expectations within the FamilySearch SDLC

Actively serve on/advise: Architecture Review Board (ARB), URI Naming governance (approve URI paths & domain names), future platform strategy, Privacy, Tech Plan, and Business Continuity work

Set and maintain standards that prevent drift and namespace chaos, especially for URI/Domain usage

Meet with platform users, synthesize pain points, convert point solutions → generalized platform capabilities, and partner with PM for roadmap/implementation

Advance shared data and observability initiatives (e.g., Cloud Intelligence Dashboards, data lake direction) that improve cost, performance, and decision making

Provide design/implementation leadership or advisory support for key services (e.g., Russian Access/Yandex admin, Family Search Center Proxies, Blaze Proxy, Correctional Facilities, OLIB decommissioning, Germany Redaction), ensuring secure, performant, and compliant architectures that follow SDLC patterns

Qualification

AWS networking/IAM expertiseCloud Based PlatformsDevSecOpsCloud architecture designAgile Software DevelopmentDNS managementSecurity partnershipContinuous IntegrationLeadership skillsCommunication skillsMentoring skills

Required

Bachelor's degree in computer science, closely related field or equivalent experience

12 years of industry-recognized, progressive and relevant professional experience

+ 8+ years in large-scale cloud networking and security architecture, including multi-account AWS environments

Experience completing two or more major cycles in architecting entire systems and successfully implemented through two or more development cycles

Strong understanding of Agile Software Development methodologies and principles

Demonstrate clear evidence of external industry validation and enterprise-grade vision

Demonstrated experience evaluating vendors and their solutions and can identify critical gaps in their offerings, when applicable

Exceptional written and verbal communications at all levels of the business

Able to interact effectively with customers and present solutions, as well as lead customers through making decisions

Strong understanding of the technical use cases supported by the stack/platform

Able to lead cross-functional and interdepartmental product or project teams, define work processes, and lead a team of highly educated and skilled engineers and managers

Must keep abreast of trends and directions in technology, understanding their relevance to the Church

Expert in Cloud Based Platforms and services

High-level understanding of DevSecOps

Able to make architectural choices based on solid principles and practical experience without unsubstantiated bias

Able to set technical architectural direction without supervision

Leader of Continuous Integration and Continuous Delivery principles

Outstanding troubleshooter, with the ability to think under pressure and drive the hardest problems to resolution

Demonstrated leadership skills

Demonstrated ability to mentor and train peers

Expert-level knowledge of applicable software, computer languages, and code to perform the responsibilities of the role

This job operates in a professional office environment

To successfully perform the essential functions of the job there may be physical requirements which need to be met such as sitting for long periods of time and using computer monitors/equipment

Preferred

Master's degree in a related field

Deep hands-on with: VPC, TGW, Direct Connect, PrivateLink, Route 53, CloudFront, ALB/ELB, WAF/Shield/Imperva, NAT, IPSec, NACLs/SGs, and traffic engineering across regions

Expert in AWS IAM (roles, policies, permission boundaries, federation/SSO, cross-account patterns), SCPs, RBAC/ABAC, and service-to-service authentication/authorization

Proven experience designing segmented, well-architected network topologies (layered trust zones, zero-trust principles) and migrating legacy firewalls to AWS-native controls

Strong DNS competency (A, CNAME, NS, MX, DKIM, DMARC, SPF) and domain lifecycle governance

Demonstrated partnership with Security, participation in architecture governance, and incident/BCP readiness within an SDLC

Excellent critical thinking, communication, and influence skills—able to translate complex platform needs into clear, usable patterns for product teams

Experience operating in a regulated, high-availability environment at enterprise scale; comfortable with audit and evidence collection

Hands-on with edge policies (CORS, geo/language routing), CDN tuning, and bot/abuse mitigation

Familiarity with AWS WorkMail, account vending/landing-zone automation, and drift detection

Track record of driving org-wide migrations/upgrades (e.g., SDK/OS baselines) and aligning teams to accessibility and production-readiness standards

Certifications (nice to have): AWS Advanced Networking Specialty, Security Specialty, or equivalent portfolio

Company

The Church of Jesus Christ of Latter-day Saints

Glassdoor4.5

"This work is so liberating: to be employed in an organization wherein we have the ultimate freedom to use true principles of the restored gospel of Jesus Christ in our work each day.

Founded in 1830

Salt Lake City, Utah, USA

10001+ employees