Job Description – Senior Cloud & DevOps Architect (Banking/FinTech Platforms)
Business Unit: UST FinX
Role: Senior Cloud & DevOps Architect
Experience: 15+ years (with strong Cloud + DevOps architecture depth)
Location: Bengaluru, India
Domain: Banking & FinTech (Products & Platforms for US & Europe)
Employment Type: Full Time
Job Objective
UST FinX is seeking a Senior Cloud & DevOps Architect to architect, standardize, and evolve secure, resilient, and compliant cloud foundations for banking and fintech products/platforms serving customers in the US and Europe. This role will lead architecture decisions across cloud infrastructure, platform engineering, CI/CD, DevSecOps, observability, reliability (SRE), and operational readiness for regulated environments.
The architect will work with product engineering, security, enterprise architecture, and client stakeholders to build cloud reference architectures, self-service delivery platforms, and automation-first pipelines that reduce time-to-market while ensuring banking-grade security, auditability, availability, and cost efficiency. The person is expected to be a hands-on technical leader who can both design and guide implementation across multiple teams.
Key Responsibilities
- Design and maintain enterprise cloud reference architectures for AWS and/or Azure (optionally GCP), aligned to banking compliance, client constraints, and regional requirements.
- Architect secure landing zones (multi-account/subscription strategies), network segmentation, identity boundaries, and governance guardrails.
- Define platform patterns for Kubernetes/container platforms (EKS/AKS), microservices, event-driven architectures, and multi-tenant SaaS deployments.
- Create standardized “golden paths” and reusable templates for product teams to onboard rapidly.
- Architect end-to-end CI/CD with quality gates (build, test, security scans, artifact management, deployment, rollback).
- Drive adoption of GitOps for declarative deployments and environment parity.
- Define strategies for branching, environment promotion, release governance, and deployment patterns (blue/green, canary, progressive delivery).
- Integrate CI/CD with change management and audit requirements typical of BFSI.
- Establish and enforce IaC standards using Terraform and/or native cloud IaC (CloudFormation, ARM/Bicep).
- Standardize configuration and automation across environments using Ansible and scripting (Python/Bash/PowerShell).
- Create reusable modules, libraries, and pipelines enabling consistent provisioning, policy enforcement, and compliance reporting.
- Embed security controls into the SDLC: SAST/DAST, dependency scanning, container scanning, secrets management, and policy-as-code.
- Architect solutions for IAM, encryption, key management, secure network patterns (WAF), and least-privilege access.
- Ensure audit readiness: immutable logs, evidence generation, segregation of duties, and traceable releases.
- Define and implement observability architecture using logs/metrics/traces and standard ing practices.
- Introduce SRE principles: SLIs/SLOs, error budgets, incident response, runbooks, and postmortems.
- Drive resilience engineering: DR strategy, HA patterns, backup/restore, chaos testing (where relevant), and performance tuning.
- Design cost-aware architectures and introduce FinOps guardrails: tagging, showback/chargeback, budget controls, and cost anomaly detection.
- Optimize cloud spend through autoscaling, right-sizing, storage lifecycle policies, and reserved capacity strategies.
- Participate in architecture reviews; influence engineering standards and guardrails across product lines.
- Collaborate with global stakeholders (US/Europe) for solutioning, technical workshops, and architecture sign-offs.
- Mentor engineers/architects and contribute to practice assets (playbooks, patterns, accelerators).
Mandatory Skills & Qualifications
- 15+ years in software/platform engineering with strong architecture experience across cloud, DevOps, and operations.
- Proven delivery of large-scale cloud transformations and DevOps modernization in product/platform environments.
- Ability to lead architecture discussions, document decisions (ADRs), and guide teams through implementation.
- Strong architectural depth in AWS and/or Azure:
- Networking: VPC/VNet design, routing, private connectivity, segmentation
- Identity: IAM, federation, RBAC, service principals
- Security: KMS/Key Vault, WAF, private endpoints, encryption patterns
- Governance: policies, guardrails, resource organization, landing zones
- Experience designing HA/DR, multi-region (or active-active) architectures for critical platforms.
- Expertise with Kubernetes and ecosystem tools:
- EKS/AKS, Helm/Kustomize, ingress controllers, autoscaling
- Container security and registry patterns
- Deep understanding of microservices design and distributed system patterns, including service-to-service security.
- Strong experience designing CI/CD using tools such as:
- Azure DevOps / Jenkins / GitHub Actions / GitLab CI (one or more)
- Strong Git practices: branching strategies, trunk-based development concepts, PR governance.
- Experience with artifact and dependency management: Nexus/Artifactory, package repositories.
- Expertise in Terraform and one native cloud IaC:
- CloudFormation or ARM/Bicep
- Automation scripting: Python/Bash/PowerShell.
- Configuration management: Ansible (preferred) or equivalent.
- Hands-on understanding of security scanning and enforcement:
- SAST, DAST, dependency scanning, container scanning
- Secrets management: Vault/AWS Secrets Manager/Azure Key Vault
- Policy-as-code: OPA/Gatekeeper or cloud-native policies
- Strong familiarity with secure SDLC, audit trails, and evidence generation.
- Experience implementing observability stacks:
- Prometheus/Grafana, ELK/OpenSearch, Splunk, Datadog, New Relic, OpenTelemetry
- Strong knowledge of incident management, ing strategy, and operational playbooks.
- Experience in BFSI/FinTech environments with regulated delivery expectations:
- Security, compliance, auditability, resilience, data protection
- Strong communication skills for collaborating with globally distributed teams and clients.
Good-to-Have Skills
- Multi-cloud and hybrid patterns: Direct Connect/ExpressRoute, on-prem integration, private connectivity.
- Serverless patterns: AWS Lambda / Azure Functions; managed services modernization.
- Service mesh exposure (Istio/Linkerd) and zero-trust service-to-service patterns.
- Event-driven platforms: Kafka, MSK/Event Hubs, streaming architectures.
- Familiarity with security/compliance frameworks relevant for regulated environments:
- ISO 27001, SOC 2, PCI DSS, GDPR, NIST-aligned controls
- Software supply chain practices:
- SBOM, artifact signing (e.g., Cosign), provenance, SLSA-aligned thinking
- Chaos engineering tools/practices and performance engineering.
- Strong DR testing automation and resilience validation approaches.
- FinOps maturity: forecasting, budgeting, unit economics, chargeback models.
- Experience implementing cloud governance tooling and enterprise guardrails at scale.
- Internal developer platforms (IDP) and portals (e.g., Backstage).
- Standardized golden paths, templates, and self-service catalog enablement.
cloud architecture,devops,cloud networking,aws,azure,cloud security,cloud governance,microservices architecture
