Lead Software Architect

We’re seeking a hands‑on Lead Software Architect and decisive technical leader to design and evolve a secure, multi‑tenant, cloud‑native platform built on .NET in AWS. Our stack includes PostgreSQL, React with Fluent UI, and modern DevSecOps practices. You will serve as the architecture decision maker: define the target state, make and record key trade‑offs (ADRs), communicate clearly to executives and engineers, and partner with Security/Compliance to meet HIPAA requirements. You’ll guide teams through delivery while keeping solutions simple, scalable, and cost‑aware.

What You’ll Do

• Act as the architecture decision maker: own ADRs and design governance, set standards, and make build/buy/vendor choices that balance speed, cost, and risk.
• Communicate with clarity: translate trade‑offs for executives and customers; facilitate high‑signal design reviews and whiteboard sessions.
• Own the architecture for a greenfield/cloud‑native .NET platform on AWS; produce reference architectures, threat models, and deployment blueprints.
• Design for multi‑tenant SaaS: tenant isolation, data partitioning strategies, rate limiting, per‑tenant configuration, and cost/usage observability.
• Model core domains & APIs using domain‑driven design; define contracts, versioning, and API gateways; champion consistency and evolvability.
• Select & integrate AWS services (ECS/EKS or Lambda, API Gateway/ALB, S3/CloudFront, RDS/Aurora PostgreSQL, ElastiCache/Redis, SQS/SNS or RabbitMQ, OpenSearch, KMS, Secrets Manager, CloudWatch, IAM).
• Data architecture for PostgreSQL: schema and migration strategy, performance (indexes/partitioning), read/write scaling, and HA/DR (backups, replicas, RTO/RPO).
• Frontend architecture with React + Fluent UI: component library strategy, accessibility (WCAG), performance budgets, and SSR/edge delivery where appropriate.
• Security‑by‑design: encryption in transit/at rest, least‑privilege IAM, SSO (OIDC/SAML), secret rotation, audit trails, and secure SDLC gates.
• HIPAA alignment: partner with Security/Compliance on safeguards (administrative, physical, technical), logging/audit requirements, and evidence for SOC 2/HITRUST.
• Reliability & performance: SLOs/SLIs, capacity planning, load testing, chaos/resiliency patterns (circuit breakers, timeouts, backoff, idempotency).
• Observability: implement distributed tracing/metrics/logging (OpenTelemetry), golden signals, dashboards, and actionable alerting.
• DevEx and velocity: CI/CD pipelines, Infrastructure as Code (Terraform or AWS CDK), environment strategy (feature envs/preview apps), and automated quality gates.
• Mentor and lead engineers through design reviews, pairing, and coaching; foster a high‑trust, learning‑oriented culture.

Required Qualifications

• Exceptional communication and influence skills: clear written/verbal storytelling for executives, customers, and engineers; facilitation of workshops and whiteboard sessions.
• 8+ years building production web platforms; 3+ years in an architect/tech‑lead role owning system design and decisions.
• AWS expertise designing secure, highly available, cost‑aware services (VPC/networking, IAM/KMS, API Gateway/ALB, ECS/EKS or Lambda, RDS/Aurora PostgreSQL, CloudWatch).
• Expert in C#/.NET (ASP.NET Core) and modern API patterns (REST/JSON; bonus: gRPC).
• Proficiency with PostgreSQL (schema design, performance tuning, migrations, backup/restore/replication).
• Frontend proficiency in React; familiarity with Fluent UI and accessibility best practices.
• Deep understanding of multi‑tenant SaaS patterns, distributed systems, and event‑driven architectures.
• Track record implementing observability, CI/CD, and IaC in production.
• Security fundamentals: OAuth2/OIDC, TLS, least‑privilege IAM, secure coding; working knowledge of HIPAA technical safeguards.

Nice to Have

• Experience with HL7 v2/FHIR integrations, EHR ecosystems (Epic/Cerner), or interface engines (e.g., Mirth Connect).
• HITRUST/SOC 2 program experience (controls, evidence, and audit readiness).
• Messaging/streaming: RabbitMQ, SQS/SNS, or Kafka; patterns for exactly‑once‑effect via idempotency.
• Container orchestration (EKS or ECS), service meshes, and zero‑trust networking.
• Caching (Redis/ElastiCache), search (OpenSearch/Elasticsearch), and reporting/analytics patterns.
• Performance engineering (load modeling, flamegraphs, memory/GC tuning in .NET).
• Experience with Next.js or SSR/edge rendering for React.