Cloud Engineer

SENIOR AWS SITE RELIABILITY ENGINEER Global HFT Infrastructure Re-platform • Capital Markets Confidential Engagement • New York, NY Very few engineers combine deep AWS platform engineering with live production HFT experience. If that is you, we will move fast. Location: New York, NY (on-site, open to remote) Type: Contract / Residency Start: Immediate Experience: 5+ years (AWS) Industry: Capital Markets / High-Frequency Trading THE OPPORTUNITY A Tier 1 global investment bank is executing a full replatform of its capital markets trading infrastructure onto AWS — live, in production, across five cities simultaneously. This is not a migration study or a proof of concept. It is an active build. The scope spans New York, London, Hong Kong, Tokyo, and Los Angeles — each city with its own exchange co-location requirements, latency constraints, and regulatory obligations. The target architecture is cloud-native with Direct Connect to co-location facilities, AWS Local Zones for proximity to exchange matching engines, and a full front-to-back trading desk readiness program covering execution, risk, and operations. The firm has chosen AWS as its platform. The rationale is well-grounded: AWS is the only cloud provider with the combination of global region footprint, Local Zones adjacent to major exchanges, and Direct Connect bandwidth for co-location grade connectivity. This is the direction the industry is moving — the largest exchange operators have already committed. The firm has selected a specialist technology partner with AWS Financial Services Competency and an established presence inside this institution to lead the engagement. We are building the delivery team now and need engineers who have operated at this level before. Why This Role Is Genuinely Rare Most AWS SREs have never touched a trading environment. Most trading infrastructure engineers have never built on cloud-native AWS at scale. This role requires both — simultaneously, in production, across five global cities. To be specific, you need all of the following in combination: • AWS platform depth — not just working knowledge, but architecture-level ownership of networking, compute, and security at enterprise scale • Direct Connect and co-location experience — designing low-latency connectivity between cloud and exchange infrastructure is a distinct discipline most cloud engineers have never done • Capital markets domain fluency — understanding front, middle, and back office workflows well enough to make infrastructure decisions that affect trade execution • Global multi-region delivery — simultaneously building in New York, London, Hong Kong, Tokyo, and Los Angeles, each with different latency profiles and regulatory requirements • Full-stack operational ownership — not stopping at the cloud boundary, but owning the connection between infrastructure and application delivery all the way to the trading desk We have been told by the client team that this profile is extremely hard to find. If you have this background, this conversation is worth your time. WHAT YOU WILL BUILD You are not maintaining legacy systems. You are building the architecture from the ground up — strategy through execution — on a live platform where the output directly supports revenue-generating trading activity. Cloud Architecture • Design and implement the AWS Landing Zone and Control Tower for a multi-account, regulated financial services environment • Architect Direct Connect solutions providing co-location grade connectivity between AWS and exchange matching engines • Deploy AWS Local Zones and Outposts for sub-millisecond proximity to exchanges in New York, London, Hong Kong, Tokyo, and Los Angeles • Build transactional networking architecture — VPC design, Transit Gateway, traffic segmentation, failover — for a global HFT platform • Design and implement security controls mapped to enterprise governance frameworks and regulatory requirements across five jurisdictions Infrastructure & Automation • Own infrastructure as code end-to-end: Terraform, CloudFormation, Ansible — not scripts, but production-grade reusable modules • Build and operate CI/CD pipelines designed for rapid, reliable releases in a zero-downtime trading environment • Container orchestration on EKS and ECS — designing for the performance and availability requirements of trading workloads • Monitoring, observability, and incident response aligned to trading desk SLAs where downtime is measured in lost trades, not tickets Trading Environment Integration • Own the full stack from AWS infrastructure through application delivery — the gap between cloud and on-prem is where trades are lost • Integrate AWS infrastructure with market data platforms including FIS and Refinitiv, ensuring the data pipeline meets latency requirements • Work directly with front, middle, and back office trading desk teams to translate their requirements into infrastructure decisions • Sequence a global rollout across five cities — each city has different exchange connectivity requirements, regulatory obligations, and latency profiles that must be accounted for in the architecture Operational Readiness • Define and enforce SLAs for trading desk infrastructure where performance degradation has direct P&L impact • Build incident response playbooks and runbooks for a 24-hour global trading operation • Establish identity, access management, and privileged access controls aligned to enterprise security and SMBC-equivalent governance frameworks • Cross-functional collaboration with networking, security, application, and trading teams across multiple geographies and time zones WHAT WE NEED The bar for this role is high because the environment demands it. Leadership is already in place. We need engineers who can sit down, understand the architecture, and start building. There is no ramp-up runway on a live trading platform. Non-Negotiable Requirements • 5+ years of hands-on AWS in production — not certifications, not sandbox environments. You need to have owned production AWS infrastructure at scale. • Capital markets or trading technology background — you understand what a trading desk needs and why infrastructure decisions upstream affect execution downstream. • Direct Connect architecture experience — you have designed and operated co-location connectivity, not just read the documentation. • AWS Landing Zone / Control Tower implementation — you have built one, not advised on one. • Infrastructure as Code at production scale — Terraform and/or CloudFormation, building reusable modules that other engineers depend on. Also Required • AWS networking depth: VPC, Transit Gateway, Route 53, PrivateLink, security groups, NACLs — you can design this from scratch • Container orchestration: EKS and/or ECS in production, not just POC deployments • CI/CD pipeline design and operation: GitHub Actions, Jenkins, or equivalent in a real delivery environment • Monitoring and observability: CloudWatch, Datadog, or equivalent — with alerting and response processes you have personally owned • Comfort operating across multiple time zones and collaborating with globally distributed teams What Will Separate the Best Candidates • AWS Local Zones or Outposts experience — deploying infrastructure for proximity to exchange matching engines is rare and directly relevant • FIS or Refinitiv integration on AWS — hands-on experience connecting market data platforms to cloud infrastructure • Prior work at or inside a Tier 1 investment bank, bulge bracket firm, or global trading operation in a technology capacity • Experience with NYSE, Nasdaq, CME, or equivalent exchange co-location environments • AWS Certified Solutions Architect — Professional or AWS Certified DevOps Engineer (as a signal of depth, not a box to check) • Familiarity with capital markets regulatory frameworks: Fed, OCC, NYDFS, FINRA, SEC, FCA, MAS — understanding the compliance constraints you are building within You will work alongside a full-stack cloud SRE team with access to subject matter experts in financial services compliance, network architecture, and trading technology. You will not be an external consultant advising from a distance — you will be inside the build.