RQ09921 - Technology Architect - Senior

Deliverables: The resources will serve as subject matter experts supporting a range of cloud initiatives across the Government of Ontario’s enterprise environments.

• Designing and enabling cloud solutions primarily in Azure, AWS, and GCP, with some support for Oracle Cloud Infrastructure (OCI).
• Engineering and configuring advanced security controls for both existing and new cloud platforms.
• Supporting complex migrations from on-premises infrastructure to public cloud environments.
• Developing, updating, and maintaining provisioning pipelines and infrastructure-as-code to enable scalable, automated delivery of cloud services.
• Creating tools and scripts for data collection, reporting, and operational insights across multi-cloud environments.

Key Responsibilities:

• Develop, maintain, and enhance environment provisioning pipelines and infrastructure-as-code to support scalable cloud service delivery.
• Integrate and secure cloud services for enterprise applications across Azure, AWS, GCP, and OCI.
• Design and document reusable technology patterns for IaaS, PaaS, SaaS, including low-code/no-code deployments and AI solutions.
• Advance the GoCLOUD product by implementing new features and capabilities aligned with its maturity roadmap.
• Contribute to product planning activities including roadmap development, service documentation, process optimization, and communication strategies.

Experience and Skill Set Requirements:

• Develop, maintain, and enhance environment provisioning pipelines and infrastructure-as-code to support scalable cloud service delivery.
• Integrate and secure cloud services for enterprise applications across Azure, AWS, GCP, and OCI.
• Design and document reusable technology patterns for IaaS, PaaS, SaaS, including low-code/no-code deployments and AI solutions.
• Advance the GoCLOUD product by implementing new features and capabilities aligned with its maturity roadmap.
• Contribute to product planning activities including roadmap development, service documentation, process optimization, and communication strategies.

The candidate must have advanced design and implementation knowledge for Azure or AWS

• Compute: Azure Virtual Machines, AKS, App Services
• Networking: VNet, NSG, Load Balancer, Front Door, ExpressRoute
• Storage: Blob, Files, Data Lake
• Identity & Security: Azure AD, RBAC, Key Vault, Policies
• Monitoring: Azure Monitor, Log Analytics
• Automation: ARM Templates, Bicep, Terraform
• Data Services: Azure SQL, Synapse, Cosmos DB
• CI/CD: Azure DevOps, GitHub Actions
• Cost Management: Azure Cost Analysis, Reservations
• Data skills for AI familiar with data bricks, fabric
• know ledge vector embeddings, chunking strategies
• LLM integration experience and knowledge

• Compute: EC2, ECS, EKS, Lambda
• Networking: VPC, Route 53, ALB/NLB, Direct Connect
• Storage: S3, EBS, EFS, Glacier
• Identity & Security: IAM, KMS, Secrets Manager
• Monitoring: CloudWatch, X-Ray
• Automation: CloudFormation, Terraform
• Data Services: RDS, DynamoDB, Redshift
• CI/CD: CodePipeline, CodeBuild
• Cost Management: AWS Cost Explorer, Savings Plan

Data skills for AI experience with data bricks know ledge vector embeddings

LLM integration experience and knowledge

• Compute Engine (VMs), Google Kubernetes Engine (GKE)
• GCP AI knowledge and skills (data to LLM)
• VPC design, subnets, firewall rules, Cloud Load Balancing
• Hybrid connectivity (Cloud VPN, Interconnect)
• Cloud Storage (buckets, lifecycle policies)
• BigQuery (data warehouse), Cloud SQL, Firestore
• Dataflow and Pub/Sub for streaming and ETL
• Load Balancer and FastConnect for hybrid connectivity
• OCI Identity Domains and IAM policies

All solution require security be default, describe key parts of cloud security and how you have enabled as part of an application or environment deployment. The applicant should have a high level of knowledge in these areas.

• Entra Permissions Management (CIEM)
• Entra Verified ID (Decentralized Identity)
• Advanced governance with Identity Protection

• Complex policy design for multiple apps and roles
• Integration with Intune for device compliance
• Policy simulation and troubleshooting

• Microsoft Sentinel (SIEM) deployment and playbooks
• Defender for Identity integration

• Implementing Zero Trust principles across identity, network, and endpoints

• Automating security policies with PowerShell and Graph API
• Azure Blueprints for compliance frameworks (ISO, NIST, CIS)

Terraform

• Writing reusable modules
• State management and remote backends
• Workspaces for multi-environment deployments

• GitHub Actions, Azure DevOps, AWS CodePipeline

• Integration with Key Vault (Azure), Secrets Manager (AWS)

• Sentinel (Terraform), Azure Policy, AWS Config

• Azure AI, AWS AI, Google Vertex AI for OCR and document processing
• LangChain For building RAG pipelines
• Document parsing and data cleaning

• Stakeholder engagement and requirement gathering
• Risk assessment and mitigation strategies
• Vendor and third-party integration management
• Leading technical teams through design and build phases
• Strong communication for reporting
• Decision-making under constraints
• Mentoring and knowledge transfer