Sr Principal Cloud Architect (GCP)

Aven Hospitality•Dallas, TX

2d•Hybrid

About The Position

Aven Hospitality is an innovative technology provider powered by SynXis®, the leading global hospitality commerce and distribution platform. We empower hoteliers around the world to exceed expectations, solve daily challenges, and stay ahead of the competition. With our comprehensive portfolio of solutions, hoteliers can manage distribution, retailing, payments, operations, and more. Providing hoteliers the tools to maximize revenue, improve operational efficiency, and deliver personalized guest experiences that drive satisfaction. Our tools are built to seamlessly integrate with each hotelier’s unique strategy, elevating guest satisfaction and creating meaningful connections. We are pioneering AI in hospitality technology to unlock new opportunities, drive efficiency, and personalize the guest experience. By prioritizing stability, scalability, and data-driven insights, we equip hoteliers to adapt and thrive in an ever-changing landscape, ready for whatever comes next. Senior Principal Cloud Architect (GCP) Position Summary The Senior Principal Cloud Architect is a hands-on technical leader responsible for defining, building, and governing Google Cloud Platform (GCP) foundations and cloud-native architecture. The role focuses on scalable infrastructure design, infrastructure-as-code (Terraform), secure identity and access management (IAM), and enabling platform capabilities for application teams—spanning GKE, GCE, Cloud Run, secrets management, CI/CD pipelines, and API management via Apigee. This role partners closely with CloudOps/SRE, Security, and Engineering to deliver secure-by-default, reliable, and cost-effective cloud platforms aligned to business outcomes.

Requirements

10+ years in cloud/infrastructure/architecture roles, with significant hands-on depth in GCP; proven delivery of cloud foundations, IAM, networking, and governance.
Strong knowledge of GCP services, including Compute Engine (GCE), GKE, Cloud Run, and broader ecosystem services required to operate production platforms.
Deep hands-on Terraform experience (modules, state, automation, repeatability).
Strong understanding of IAM role design, service accounts, least-privilege access, audit logging, encryption, and secure workload identity patterns.
Experience integrating infrastructure and platform delivery into CI/CD pipelines and engineering workflows.
Strong Kubernetes fundamentals and practical experience operating or enabling GKE-based platforms.
Ability to translate complex technical concepts to engineers, security leaders, and executives; strong documentation habits.

Nice To Haves

Apigee (design, security policies, lifecycle governance, and operations).
Cloud Armor / edge protection patterns, WAF/rate limiting, API threat protection.
Platform security tooling and practices (policy-as-code, vulnerability scanning, supply-chain security).
Experience with hybrid or multi-cloud patterns (as needed), and migration/modernization initiatives.
Observability experience (logging/metrics/tracing) and SRE operating models.
Google Cloud Professional Cloud Architect certification.

Responsibilities

Architect and evolve GCP landing zone/foundation including resource hierarchy, networking (VPCs/subnets/firewalls), governance controls, logging/monitoring baselines, and operational guardrails.
Design scalable, secure, highly-available architectures using core GCP services (including GCE, GKE, Cloud Run, and supporting services).
Establish reference architectures, patterns, and reusable blueprints for product/application teams.
Own the cloud IAM strategy: least-privilege access models, role engineering, service account strategy, Workload Identity patterns, and policy-as-code guardrails.
Implement and standardize secrets and key management using Secret Manager (and KMS where appropriate), including rotation patterns and secure runtime identity.
Partner with Security to embed cloud security best practices (encryption, audit logging, baseline controls, threat mitigation) into platform standards.
Drive protection of workloads and APIs using controls such as Cloud Armor (a.k.a. “Cloud Armory” as referenced) and complementary platform security controls.
Lead development and governance of Terraform-based infrastructure (modules, environments, state strategy, automated validation, policy checks), ensuring repeatability and standardization.
Establish golden-path workflows for provisioning projects, networks, GKE clusters, service identities, and common platform components via IaC.
Drive engineering excellence: module versioning, code reviews, CI gating, drift detection, and automated documentation.
Define and implement CI/CD patterns to deploy infrastructure and platform components safely (e.g., GitHub Actions / Jenkins / GitLab CI as applicable).
Standardize build/release pipelines for platform services and shared components, integrating security scanning, artifact management, and environment promotions.
Partner with engineering teams to integrate cloud deployments with platform pipelines and operational readiness requirements.
Lead GKE platform architecture: cluster standards, multi-tenancy/namespace strategy, network policies, ingress patterns, workload identity, and operational controls.
Establish runtime best practices across GKE, GCE, and Cloud Run including scaling, resilience, rollout patterns, and cost/performance tuning.
Build guardrails and reusable templates to accelerate application onboarding while maintaining compliance and stability.
Own API management architecture using Apigee (X/Hybrid as applicable): environment strategy, gateway policies, security controls (OAuth/JWT/mTLS), traffic management, and developer enablement.
Define standards for API lifecycle governance, versioning, and observability for API products.
Partner with SRE/CloudOps to ensure platform operability: monitoring/logging standards, SLOs, incident readiness, change management, and runbooks.
Drive cloud optimization for cost, performance, and reliability using GCP-native tools and operational metrics.
Lead architecture reviews, tradeoff decisions, and remediation plans for technical debt and platform risks.
Serve as a principal technical authority and advisor—leading architecture decision-making, cross-team alignment, and stakeholder communication.
Mentor engineers and architects; raise the bar on design quality, documentation, and delivery discipline.
Produce clear architecture diagrams and technical documentation for auditability and operational handoff.