About The Position

The Director of Cloud & AI Platform Architecture is the most senior of PayCargo's platform engineering roles, sits on the DevSecOps team, and operates as the technical second-in-command to the VP of Infrastructure & Security. The role owns architecture across cloud infrastructure, identity and access, the secure AI platform, Bedrock and model strategy, security boundaries, egress design, tokenization and PII-protection patterns, application certification gates, resilience, and long-term platform direction. This is a hands-on director-level technical leadership role. The person will be expected to design, review, implement, troubleshoot, and operate critical cloud, security, and AI platform capabilities. This is an individual-contributor role with no direct reports; the role is primarily accountable for technical ownership and execution. This is not a diagram-only or strategy-only role. Every design the Director produces includes an ownership model, deployment path, security boundaries, logging and monitoring, cost controls, failure modes, rollback approach, and runbook expectations so the team can operate it. The role requires deep, current, hands-on experience and the judgment to balance long-term architecture with the practical realities of a modernizing platform. The Director of Cloud & AI Platform Architecture partners closely with DevOps, Security, Engineering, Product, Compliance, and executive stakeholders to ensure designs are runnable, supportable, and aligned to PayCargo's business and risk priorities. This position is an individual contributor with no direct reports and operates as a player-coach. The role leads through technical ownership – setting architecture standards, guiding engineers and DevOps through implementation, and ensuring every design can be operated and supported by the team.

Requirements

  • 7+ years of hands-on architecture, platform, and senior engineering experience
  • Deep, current, hands-on experience across cloud infrastructure, platform and security architecture, production operations, and AI/model infrastructure – or the demonstrated ability to own that architecture quickly
  • Strong experience designing and operating solutions on AWS (multi-account, networking, ECS/Fargate, Lambda), with working knowledge of Azure or Entra ID
  • Strong understanding of integration patterns, APIs, and data architecture
  • Experience designing identity and security boundaries: IAM, SSO/SAML, OAuth/OIDC, and PKI or mTLS
  • Experience designing for security, redundancy, disaster recovery, and cost control
  • Ability to produce designs with clear ownership, deployment, monitoring, failure modes, and rollback
  • Strong understanding of CI/CD (GitHub Actions and OIDC-based deploys), infrastructure-as-code (Terraform), and observability
  • Ability to translate architecture into standards engineers can implement and support
  • Strong communication and documentation skills, and the ability to influence without direct authority
  • Bachelor's degree in Computer Science, Information Technology, Engineering, or a related field, or equivalent practical experience
  • Demonstrated experience designing and operating production systems in cloud environments
  • Experience producing architecture that includes security, monitoring, cost, and operational ownership

Nice To Haves

  • Experience designing secure AI/LLM platforms, including model containment, tokenization, and egress control
  • Experience with AWS Bedrock or comparable managed model services
  • Experience with application certification, SDK/platform design, and reusable components
  • Experience with multi-region redundancy, failover, and resilience design
  • Experience in payments, fintech, SaaS, or other regulated, high-volume environments
  • Familiarity with SOC, PCI DSS, and ISO 27001 as they relate to architecture and controls
  • Payments, fintech, SaaS, or logistics experience is a plus

Responsibilities

  • Design architecture that can be implemented, monitored, secured, cost-managed, and supported by the team
  • Ensure every design includes ownership model, deployment path, security boundaries, logging and monitoring, cost controls, failure modes, rollback approach, and runbook expectations
  • Define reusable patterns, reference architectures, and Terraform standards that engineers can follow consistently
  • Balance long-term architecture with practical modernization of legacy systems and integrations
  • Architect scalable, resilient solutions across a multi-account, multi-region AWS estate (including VPC peering) and Azure, with redundancy, failover, and disaster recovery
  • Guide integration and API design across established systems (EC2-based services, file processing) and newer ECS and serverless workloads, including modernization of legacy integrations
  • Define cost-aware designs and help manage cloud and model-usage spend
  • Partner with DevOps to ensure designs map cleanly to Terraform and the GitHub Actions deployment pipelines
  • Own the identity and access architecture, including AWS IAM and IAM Identity Center, Microsoft Entra ID, GitHub OIDC federation for CI, and the SSO/SAML and OAuth2/OIDC patterns that connect them
  • Set standards for PKI and encryption in transit (AWS Private CA, ACM, mTLS, ALB trust stores) and for zero-trust network access (Entra ID groups, Tailscale)
  • Inform the design of a contained, secure AI platform, including a stateless model layer and an application layer that acts as the control plane
  • Define boundaries for tokenization, PII protection, and whitelisted egress so sensitive data is not exposed to model providers
  • Establish certification and approval expectations for applications before deployment
  • Plan for model-cost strategy, build-versus-buy optionality (including where AWS Bedrock fits), and resilience without over-engineering
  • Work with Security to ensure designs include controls, boundaries, and auditability from the start
  • Partner with Engineering and DevOps to validate that designs are implementable and supportable
  • Advise Product and executive stakeholders on trade-offs, sequencing, and risk
  • Document architecture decisions, standards, and runbook expectations clearly

Benefits

  • competitive salary and bonus plan
  • vacation, sick, personal time off policies
  • generous 401K match
  • strong healthcare benefits
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service