Senior AWS Architect

About WebBank

WebBank (the “Bank”) is a Utah chartered Industrial Bank headquartered in Salt Lake City, Utah. As “The Bank Behind the Brand®”, WebBank is a national issuer of consumer and small business credit products through Strategic Partner (Brand) platforms, which include retailers, manufacturers, finance companies, software as a service (SaaS) and financial technology (FinTech) companies.  The Bank is a leading player in the digital lending space, driving innovation in financial products through embedded finance with Strategic Partner platforms.  WebBank engages in a full range of banking activities including consumer and commercial loan products, revolving lines of credit, credit cards, private-label card issuance, auto-refinancing and more. The Bank provides capital in the form of asset-backed lending and other credit facilities to Strategic Partner platforms, credit funds, and other lenders with a targeted focus on specialty finance assets. The Bank is also a leading provider of commercial insurance premium finance products through its wholly owned subsidiary National Partners and Security Premium Finance, a wholly owned subsidiary of National Partners.

WebBank is named in Glassdoor’s Best Places to Work in 2023 and 2024. WebBank was also honored as one of the Best Places to Work in Financial Technology in 2023 by American Banker. "Some of the most intriguing technology advances in financial services are developed within fintech firms that partner or compete with banks,” said Penny Crosman, executive editor, technology at American Banker. “Best Places to Work in Financial Technology provides a closer look at these companies and the culture and benefits that help them attract top talent.”

Job Summary 

We are looking for a senior, expert-level AWS architect capable of taking WebBank’s cloud platform to the next level by taking ownership of and responsibility for the Bank’s critical infrastructure. The ideal candidate will possess a proven track record of designing and building highly secure, performant, resilient, and efficient infrastructure across a variety of applications and workloads on AWS. The first project will be a migration from the Bank’s single AWS account structure to a multi-account architecture. Creating and deploying Infrastructure as Code (IaC) with well-developed pipelines will be critical. The ability to spin up and down infrastructure (including entire accounts) on demand is required for the job.

In addition to core AWS architecture and administration competencies, the ideal candidate will possess at least one complementary engineering and/or administration skillset from amongst the following disciplines:

• Software engineer.
• Network engineer.
• Security engineer.
• Data engineer.
• Microsoft Windows system administration.

Primary Responsibilities

This role requires mandatory core competencies related to AWS architecture and administration as outlined below.

Core competencies for this position include:

• AWS Organizations: Expertise using AWS Organizations to manage and govern multiple AWS accounts. This includes knowledge of service control policies (SCPs) for permission boundaries, account structures (organizational units, or OUs), and consolidated billing. Understanding of how AWS Identity Center integrates with AWS Organizations, including managing SSO access for accounts within an organization and applying SCPs.
• AWS Identity Center & IAM: Expert in AWS Identity Center's features, including setting up and managing single sign-on (SSO) access, configuring permission sets, and understanding the service's integration points with other AWS services. Deep knowledge of IAM principles, including users, groups, roles, and policies. Ability to define and implement least privilege access controls is essential. Ability to diagnose and resolve issues related to identity federation, synchronization, and access management. This includes troubleshooting SSO issues, permission set problems, and connectivity issues with identity providers. Ability to automate the deployment and configuration of AWS Identity Center using tools such as AWS CloudFormation or AWS CLI. Proficiency in scripting languages (e.g., Python, PowerShell) for automating identity management tasks.
• Integration with Identity Providers (IdP): Experience integrating AWS Identity Center with external identity providers, such as Active Directory, Okta, or Azure AD. This includes configuring SAML 2.0 federations, understanding identity synchronization, and managing user authentications.
• Directory Services Knowledge: Skills in managing AWS Directory Service or integrating with on-premises directories. Understanding of directory synchronization and the nuances of managing identities across cloud and on-premises environments.
• AWS Storage Solutions: Deep understanding of AWS storage services like S3, Glacier, EBS, EFS, and the ability to design and implement storage architectures.
• Networking and Connectivity: Ability to design and implement advanced network architectures using services like Amazon Virtual Private Cloud (VPC), AWS Transit Gateway, and VPC peering for inter-account connectivity. Understanding how to configure route tables, network ACLs, security groups, and VPN connections is important. Expertise to securely connect AWS Identity Center with on-premises directories or third-party identity providers over the internet or AWS Direct Connect.
• Security and Compliance Awareness: Expertise creating and managing multi-account strategies for enhancing security, including the segregation of environments (dev, test, prod), roles, and resources to reduce the risk of unauthorized access or changes. Skills in implementing AWS services like AWS Shield, AWS WAF, and AWS Key Management Service (KMS) across multiple accounts. Understanding of compliance requirements related to identity management and access controls. Ability to implement AWS Identity Center in a way that complies with organizational policies and industry standards.
• Logging, Monitoring, and Auditing: Experience configuring AWS logging and monitoring tools such as AWS CloudTrail, Amazon CloudWatch, and AWS Config for centralized visibility and management. This includes setting up account-level aggregation of logs and metrics for operational and security monitoring.
• Automation and Infrastructure as Code (IaC): Skills in using AWS CloudFormation for automating the deployment of AWS resources in a consistent and repeatable manner across accounts. This includes understanding of Infrastructure as Code principles and best practices.
• Deployment and Continuous Integration/Continuous Deployment (CI/CD): Experience with AWS services for CI/CD workflows, such as AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, and AWS CodeCommit, to manage application deployment and updates across multiple environments and accounts. Proficiency in deploying and managing systems on AWS using services like OpsWorks, Elastic Beanstalk, and understanding of the AWS CLI and SDKs.
• Troubleshooting and Problem-Solving Skills: Ability to diagnose and resolve issues related to identity federation, synchronization, and access management. This includes troubleshooting SSO issues, permission set problems, and connectivity issues with identity providers.
• Cost Management and Optimization: Knowledge of tools and techniques for managing costs across multiple accounts, including AWS Cost Explorer, AWS Budgets, and the AWS Cost and Usage Report. Understanding how to leverage consolidated billing features and AWS Savings Plans or Reserved Instances for cost optimization.
• High Availability: Ability to design highly available, fault-tolerant, scalable systems on AWS. This includes utilizing services like S3, EFS, and Elastic Load Balancing.
• Disaster Recovery and Business Continuity: Understanding of strategies for backup, recovery, and failover across multiple AWS accounts to ensure business continuity. This includes knowledge of AWS services like Amazon S3, AWS Backup, and Amazon Route 53.
• Knowledge of AWS Best Practices and the Well-Architected Framework: Track record of adherence to the AWS Well-Architected Framework and its principles, particularly in the areas of security, reliability, performance efficiency, cost optimization, and operational excellence.
• Continuous Learning and Adaptability: Given the rapid pace of AWS service updates, continuous learning and staying updated with the latest AWS features, best practices, and security recommendations are crucial.

In addition to AWS architecture and administration core competencies, the ideal candidate will have additional, complementary competencies in one or more of the following areas:

• Software engineer – Primarily Python, Node, and React.
• Network engineer – Palo Alto, Silver Peaks, and Aruba switches. OSPF and BGP.
• Security engineer – Rapid7, Crowdstrike, AWS Security Hub, etc.
• Data engineer – SQL Server, DynamoDB, and RDS.
• Microsoft Windows system administration.

The role, compensation, and reporting line can be tailored to the candidate based on the universe of competencies the successful candidate possesses.

Qualifications

You Have: 

• Bachelor’s degree in computer science (or equivalent). 
• One or more advanced AWS certifications (or equivalent experience): DevOps Engineer (Professional), Solutions Architect (Professional), Security, Advanced Networking, and/or Machine Learning.

Even Better:

• Master’s degree in computer science, MBA, or similar.
• Excellent written communication skills (the Bank needs good writers).
• Excellent diagramming skills.
• Broad understanding of banking and financial regulatory environment and guidance like FFIEC CAT & FDIC Financial Institution Letters (FILs); audits like GLBA, ITGC, NSA, PCI; and controls like SOC 1&2; etc.

Company Perks:

You Get:

• Flexible work options – Flexible work-from-home opportunities and other hybrid workplace options are available.
• Paid Time Off (PTO) - Generous paid time off plus paid parental leave.
• Health insurance – Plans include an employer paid medical option, dental and vision coverage, plus we offer health savings accounts.
• 401(k) – WebBank matches up to the first 6 percent of employee contributions and both the employee’s contributions and WebBank’s match are fully vested immediately.
• Life and Disability Insurance – Life insurance and long and short-term disability insurance plans are 100% employer paid.
• Tuition Reimbursement – WebBank provides reimbursement for classes needed to obtain certain degrees, up to $5,250 per academic year.