Cloud Platform Architect

KLA•Ann Arbor, MI

About The Position

KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. Virtually every electronic device in the world is produced using our technologies. No laptop, smartphone, wearable device, voice-controlled gadget, flexible screen, VR device or smart car would have made it into your hands without us. KLA invents systems and solutions for the manufacturing of wafers and reticles, integrated circuits, packaging, printed circuit boards and flat panel displays. The innovative ideas and devices that are advancing humanity all begin with inspiration, research and development. KLA focuses more than average on innovation and we invest 15% of sales back into R&D. Our expert teams of physicists, engineers, data scientists and problem-solvers work together with the world’s leading technology providers to accelerate the delivery of tomorrow’s electronic devices. Life here is exciting and our teams thrive on tackling really hard problems. There is never a dull moment with us. The Information Technology (IT) group at KLA is involved in every aspect of the global business. IT’s mission is to enable business growth and productivity by connecting people, process, and technology. It focuses not only on enhancing the technology that enables our business to thrive but also on how employees use and are empowered by technology. This integrated approach to customer service, creativity and technological excellence enables employee productivity, business analytics, and process excellence. The Cloud Architect will be responsible for designing, implementing, securing, and governing cloud based solutions across multiple cloud platforms, including AWS, Microsoft Azure, and Google Cloud Platform (GCP). This role requires a strong understanding of cloud security architecture, identity and access management, networking, and secure by design architecture principles, in addition to IaaS and PaaS best practices.

Requirements

Bachelor’s level degree in Computer Science, Computer Engineering or related field with eight (8) years of related experience.
Seven (7) years of hands‑on cloud architecture or engineering experience, including ownership of secure production environments.
Proficient in at least one major cloud platform such as Microsoft Azure, AWS, or GCP, with strong cross‑cloud security fundamentals.
In‑depth understanding of cloud networking, cloud security, containers, Kubernetes, serverless technologies, and microservices.
Confirmed experience with cloud security controls, including IAM, encryption, key management, network security, and zero‑trust principles.
Extensive knowledge of cloud governance, monitoring, observability, FinOps, and cost management.
Strong understanding of compliance and regulatory frameworks (e.g., NIST, ISO, SOC, CIS, PCI, or similar).
Experience embedding security into architecture design, IaC, and CI/CD pipelines (DevSecOps).
Exceptional communication, leadership, and customer‑management skills, with the ability to influence engineering, security, and executive stakeholders.

Responsibilities

Design and architect scalable, highly available, resilient, and secure cloud solutions leveraging IaaS and PaaS services across AWS, Azure, and Google Cloud Platform (GCP).
Lead cloud migration initiatives, including re‑hosting, re‑platforming, refactoring, and re‑architecting legacy and on‑premises workloads with a strong emphasis on security posture improvement and risk reduction.
Drive application and infrastructure modernization programs to improve scalability, performance, security, and operational efficiency.
Partner with engineering, platform, and security teams to define cloud‑native reference architectures, security guardrails, and modernization roadmaps.
Optimize cloud infrastructure for performance, availability, reliability, security hardening, and cost efficiency.
Establish and manage cloud security architectures and governance frameworks, aligned with industry standards and internal security policies.
Design and enforce identity‑first security, including IAM strategies, least‑privilege access controls, role‑based access, identity federation, and secrets management.
Design and implement secure cloud networking architectures, including VPN, Direct Connect, ExpressRoute, and Cloud Interconnect.
Configure and enforce network segmentation, micro‑segmentation, zero‑trust architectures, and advanced network security controls.
Secure containers, Kubernetes, serverless, and microservices environments, including image scanning, runtime protection, and policy enforcement.
Implement Infrastructure as Code (IaC) using Terraform, AWS CloudFormation, and Azure ARM/Bicep templates with built‑in security, policy, and compliance controls.
Design and evolve DevSecOps CI/CD pipelines, integrating security scanning, policy enforcement, and automated compliance validation.
Define and implement cloud security observability, including logging, monitoring, alerting, and incident response integration.
Evaluate emerging cloud and security technologies, driving continuous improvement of platform security and resilience.
Develop, document, and present architecture diagrams, security models, threat assessments, technical documentation, roadmaps, and executive‑level presentations.
Define and operate cloud operating models, including security governance, FinOps, tagging standards, resource governance, and operational excellence frameworks