Senior Principal Cloud Architect - AWS

MiniMed•Los Angeles, CA

3d•$169,600 - $254,400

About The Position

The Senior Principal Cloud Architect - AWS, is responsible for defining and governing the end-to-end architecture for ingesting data from devices, mobile applications, and partner systems into the cloud platform. This role ensures scalable, reliable, and secure data pipelines that support analytics, reporting, and healthcare integrations. Responsibilities may include the following and other duties may be assigned. Own the end-to-end serverless architecture for ingesting, validating, processing, and storing diabetes data (PHI) from connected devices, mobile apps, and clinical systems. Mentor engineers and elevate engineering practices across teams. Design multi-channel ingestion using AWS serverless patterns: API Gateway + Lambda for app/API traffic Event-driven workflows with EventBridge, Step Functions, SQS/SNS for decoupling, retries, and DLQs. Streaming pipelines via Kinesis Data Streams/Firehose; define schemas, versioning, and replay strategies. Define processing pipelines in Lambda/Step Functions (and EMR/Spark if needed for large transforms): Normalize, validate, deduplicate, and enrich time-series data (CGM/insulin events), handle clock skew, units, and data quality rules. Implement idempotent handlers, backpressure controls, and at-least/exactly-once semantics where appropriate. Expose secure APIs via API Gateway with OAuth2/OIDC, fine-grained scopes, consent-aware access, and full auditability. Architect storage and data models: DynamoDB for high-throughput operational workloads (session/state, telemetry indexes, consent/access metadata); design keys, GSIs, TTLs, and global tables as needed. Amazon DocumentDB for semi-structured clinical/event documents; define collections, indexes, and consistency/read/write strategies. Amazon Redshift for analytics and longitudinal studies; model distribution/sort keys, data marts, and federated queries (Athena/Redshift Spectrum). Amazon S3 as the data lake (raw/curated zones) with lifecycle policies, compression/columnar formats (Parquet), and Glue Data Catalog for discovery. Implement security, privacy, and compliance by design: PHI safeguards: encryption at rest/in transit (KMS, TLS), least‑privilege IAM, VPC isolation, PrivateLink/VPC endpoints, WAF/Shield as applicable. Secrets and key management (Secrets Manager/KMS), rotation policies, and tamper-evident audit trails (CloudTrail, Config). Ensure reliability, observability, and performance: Define SLOs (ingestion latency, freshness) and build resilient, multi‑AZ serverless designs with retries, DLQs, and circuit breakers. Instrument metrics/logs/traces (CloudWatch, X‑Ray), alarms and runbooks; conduct load/performance and chaos/resilience testing. Optimize cold starts, concurrency, and throughput; apply caching and batching patterns when appropriate. FinOps leadership: Own unit economics (per million messages, per API call, per active device), forecasts, and variance analysis. Tagging/Cost Categories, CUR dashboards (Athena/QuickSight), Budgets/Anomaly Detection, showback/chargeback; service-level cost playbooks (DynamoDB capacity/table class, DocumentDB rightsizing, Lambda power tuning, log retention, NAT/data transfer reductions), and Savings Plans/RI strategy.

Requirements

Requires a bachelor’s degree and minimum of 10 years of relevant experience OR Master's degree with a minimum of 8 years relevant experience OR PhD with 6 years relevant experience.

Nice To Haves

Experience on AWS serverless
CloudWatch
DynamoDB
DocumentDB
FinOps experience
Analytics using RedShift

Responsibilities

Own the end-to-end serverless architecture for ingesting, validating, processing, and storing diabetes data (PHI) from connected devices, mobile apps, and clinical systems.
Mentor engineers and elevate engineering practices across teams.
Design multi-channel ingestion using AWS serverless patterns: API Gateway + Lambda for app/API traffic Event-driven workflows with EventBridge, Step Functions, SQS/SNS for decoupling, retries, and DLQs.
Streaming pipelines via Kinesis Data Streams/Firehose; define schemas, versioning, and replay strategies.
Define processing pipelines in Lambda/Step Functions (and EMR/Spark if needed for large transforms): Normalize, validate, deduplicate, and enrich time-series data (CGM/insulin events), handle clock skew, units, and data quality rules.
Implement idempotent handlers, backpressure controls, and at-least/exactly-once semantics where appropriate.
Expose secure APIs via API Gateway with OAuth2/OIDC, fine-grained scopes, consent-aware access, and full auditability.
Architect storage and data models: DynamoDB for high-throughput operational workloads (session/state, telemetry indexes, consent/access metadata); design keys, GSIs, TTLs, and global tables as needed.
Amazon DocumentDB for semi-structured clinical/event documents; define collections, indexes, and consistency/read/write strategies.
Amazon Redshift for analytics and longitudinal studies; model distribution/sort keys, data marts, and federated queries (Athena/Redshift Spectrum).
Amazon S3 as the data lake (raw/curated zones) with lifecycle policies, compression/columnar formats (Parquet), and Glue Data Catalog for discovery.
Implement security, privacy, and compliance by design: PHI safeguards: encryption at rest/in transit (KMS, TLS), least‑privilege IAM, VPC isolation, PrivateLink/VPC endpoints, WAF/Shield as applicable.
Secrets and key management (Secrets Manager/KMS), rotation policies, and tamper-evident audit trails (CloudTrail, Config).
Ensure reliability, observability, and performance: Define SLOs (ingestion latency, freshness) and build resilient, multi‑AZ serverless designs with retries, DLQs, and circuit breakers.
Instrument metrics/logs/traces (CloudWatch, X‑Ray), alarms and runbooks; conduct load/performance and chaos/resilience testing.
Optimize cold starts, concurrency, and throughput; apply caching and batching patterns when appropriate.
FinOps leadership: Own unit economics (per million messages, per API call, per active device), forecasts, and variance analysis.
Tagging/Cost Categories, CUR dashboards (Athena/QuickSight), Budgets/Anomaly Detection, showback/chargeback; service-level cost playbooks (DynamoDB capacity/table class, DocumentDB rightsizing, Lambda power tuning, log retention, NAT/data transfer reductions), and Savings Plans/RI strategy.