Sr Principal Cloud Architect (GCP)

Aven Hospitality is an innovative technology provider powered by SynXis®, the leading global hospitality commerce and distribution platform. We empower hoteliers around the world to exceed expectations, solve daily challenges, and stay ahead of the competition. With our comprehensive portfolio of solutions, hoteliers can manage distribution, retailing, payments, operations, and more. Providing hoteliers the tools to maximize revenue, improve operational efficiency, and deliver personalized guest experiences that drive satisfaction. Our tools are built to seamlessly integrate with each hotelier’s unique strategy, elevating guest satisfaction and creating meaningful connections. We are pioneering AI in hospitality technology to unlock new opportunities, drive efficiency, and personalize the guest experience. By prioritizing stability, scalability, and data-driven insights, we equip hoteliers to adapt and thrive in an ever-changing landscape, ready for whatever comes next.. Senior Principal Cloud Architect (GCP) Position Summary The Senior Principal Cloud Architect is a hands-on technical leader responsible for defining, building, and governing Google Cloud Platform (GCP) foundations and cloud-native architecture. The role focuses on scalable infrastructure design, infrastructure-as-code (Terraform), secure identity and access management (IAM), and enabling platform capabilities for application teams—spanning GKE, GCE, Cloud Run, secrets management, CI/CD pipelines, and API management via Apigee. This role partners closely with CloudOps/SRE, Security, and Engineering to deliver secure-by-default, reliable, and cost-effective cloud platforms aligned to business outcomes. Key Responsibilities 1) GCP Cloud Foundation & Infrastructure Architecture Architect and evolve GCP landing zone/foundation including resource hierarchy, networking (VPCs/subnets/firewalls), governance controls, logging/monitoring baselines, and operational guardrails. Design scalable, secure, highly-available architectures using core GCP services (including GCE, GKE, Cloud Run, and supporting services). Establish reference architectures, patterns, and reusable blueprints for product/application teams. • IAM, Security Architecture & Policy Governance Own the cloud IAM strategy: least-privilege access models, role engineering, service account strategy, Workload Identity patterns, and policy-as-code guardrails. Implement and standardize secrets and key management using Secret Manager (and KMS where appropriate), including rotation patterns and secure runtime identity. Partner with Security to embed cloud security best practices (encryption, audit logging, baseline controls, threat mitigation) into platform standards. Drive protection of workloads and APIs using controls such as Cloud Armor (a.k.a. “Cloud Armory” as referenced) and complementary platform security controls. • Infrastructure as Code (Terraform) & Platform Automation Lead development and governance of Terraform-based infrastructure (modules, environments, state strategy, automated validation, policy checks), ensuring repeatability and standardization. Establish golden-path workflows for provisioning projects, networks, GKE clusters, service identities, and common platform components via IaC. Drive engineering excellence: module versioning, code reviews, CI gating, drift detection, and automated documentation. • CI/CD Enablement & Developer Platform Integration Define and implement CI/CD patterns to deploy infrastructure and platform components safely (e.g., GitHub Actions / Jenkins / GitLab CI as applicable). Standardize build/release pipelines for platform services and shared components, integrating security scanning, artifact management, and environment promotions. Partner with engineering teams to integrate cloud deployments with platform pipelines and operational readiness requirements. • Kubernetes & Runtime Platforms (GKE, GCE, Cloud Run) Lead GKE platform architecture: cluster standards, multi-tenancy/namespace strategy, network policies, ingress patterns, workload identity, and operational controls. Establish runtime best practices across GKE, GCE, and Cloud Run including scaling, resilience, rollout patterns, and cost/performance tuning. Build guardrails and reusable templates to accelerate application onboarding while maintaining compliance and stability. • API Management (Apigee) Own API management architecture using Apigee (X/Hybrid as applicable): environment strategy, gateway policies, security controls (OAuth/JWT/mTLS), traffic management, and developer enablement. Define standards for API lifecycle governance, versioning, and observability for API products. • Operational Excellence, Cost, Reliability & Observability Partner with SRE/CloudOps to ensure platform operability: monitoring/logging standards, SLOs, incident readiness, change management, an