AWS Cloud Consultant – Landing Zone Accelerator (LZA) Migration Contract
Job DescriptionOrangutech is seeking an experienced AWS Cloud Consultant to support a federal government client in modernizing their AWS foundational environment. The engagement involves upgrading an existing AWS Secure Environment Accelerator (ASEA) deployment and migrating to the Landing Zone Accelerator (LZA) framework in alignment with Government of Canada cloud security standards.This is a time-and-materials contract engagement. The successful candidate will work as an embedded consultant, leading all technical phases from current state assessment through post-migration validation.Required:Hands-on experience with AWS Secure Environment Accelerator (ASEA) and/or Landing Zone Accelerator (LZA)Demonstrated experience with AWS Organizations, Service Control Policies (SCPs), and multi-account governanceProficiency with AWS security services: GuardDuty, Security Hub, AWS ConfigStrong understanding of AWS networking in a landing zone context (Transit Gateway, VPC architecture, centralized logging)Experience with infrastructure-as-code, particularly AWS CDK and/or CloudFormationFamiliarity with Government of Canada cloud guardrails and the CCCS Medium Cloud profileAbility to obtain or current holder of Government of Canada security clearance (Reliability Status minimum)Nice to Have:AWS Certified Solutions Architect – Professional or AWS Certified DevOps Engineer – ProfessionalPrior experience delivering cloud engagements for federal government clientsExperience with CodePipeline-based LZA deployment pipelinesSecret clearanceEngagement DetailsType: Contract, Time & MaterialsLocation: Remote (Canada-based candidates only)Start: ASAPDuration: Approximately 5 weeks (with potential for follow-on work)Clearance: Reliability Status required; Secret preferred
Key Responsibilities
Key ResponsibilitiesReviewing and documenting the existing ASEA architecture, account structure, and guardrail configurationUpgrading ASEA components to the latest supported version and validating core functionality (account provisioning, logging, networking, security services)Designing the target LZA architecture including control plane migration, account alignment, network adjustments, and security services integrationDeploying and configuring the Landing Zone Accelerator in accordance with AWS best practices and GC guardrailsConfiguring AWS Organizations, GuardDuty, Security Hub, AWS Config, centralized logging, and identity integrationsValidating automated account provisioning workflows and operational continuity post-migrationRemediating guardrail compliance findings and producing a post-migration validation reportProviding knowledge transfer to the client's cloud platform team
Apply Now