About the Role
We’re seeking an experienced AWS Cloud Engineer to design, implement, and support secure, scalable, highly available cloud infrastructure. You’ll be hands-on across AWS-native services, Infrastructure as Code, and Kubernetes at scale, with a strong focus on security best practices and zero-trust principles. Experience with AWS GovCloud is a strong differentiator.
What You’ll Do
Design and operate production AWS environments (multi-account, multi-tier VPCs, hybrid connectivity).
Build reusable IaC (Terraform, Packer, Ansible); enforce module standards, version control, and policy guardrails.
Deploy and manage EKS (node groups, autoscaling, network policies, ingress, secrets, upgrades).
Implement and maintain CI/CD (e.g., GitLab CI, FluxCD) and image pipelines (build, scan, promote).
Lead IAM strategy and governance (roles, permission boundaries, cross-account, OIDC/SAML SSO).
Embed security-by-design (KMS, TLS, Secrets Manager/Parameter Store, GuardDuty, Security Hub, Config).
Stand up observability (CloudWatch + logging/metrics/tracing), SLOs, and incident response workflows.
Optimize costs (tagging, rightsizing, Savings Plans/RIs) and report on spend drivers.
Contribute to architecture reviews, code reviews, and shared automation templates.
Core Qualifications
5+ years hands-on AWS engineering in production (deploy, configure, lifecycle management).
Deep experience with EC2, S3, RDS, VPC, IAM, Route 53, ELB/ALB/NLB, Auto Scaling, EBS/EFS, Lambda, CloudWatch/CloudTrail/Config, SNS/SQS.
Proven design/operation of multi-tier VPC architectures, Transit Gateway, site-to-site VPN/Direct Connect, public/private subnetting.
Strong networking fundamentals (routing, security groups, NACLs, DNS).
Practical IaC with Terraform, Packer, Ansible (modules, state backends, pipelines).
Production EKS experience (scaling, upgrades, CNI, network policies, ingress, secrets mgmt).
Containers: Docker fundamentals and container security basics.
CI/CD: GitLab CI and GitOps tools (e.g., FluxCD) in AWS.
IAM expertise (custom policies/roles, permission boundaries, cross-account, SSO).
Hands-on security practices (encryption, secrets, patching, logging/alerting, automation).
GovCloud (US) exposure and working knowledge of FedRAMP High, DoD IL4/IL5, NIST 800-53.
Scripting proficiency (Bash/PowerShell/Python) for tooling and automation.
Strong troubleshooting of distributed systems (network, performance, app, container).
Monitoring/observability with CloudWatch (and/or complementary stacks).
FinOps: tagging strategy, cost controls, rightsizing.
Bachelor’s in CS, IS, Engineering, or related field.
Preferred
AWS certs: Solutions Architect Professional, DevOps Engineer, Security Specialty.
Zero-downtime patterns (blue/green, canary).
Advanced container security (image scanning, runtime policies, admission controllers).
Linux administration and OS hardening.
Familiarity with DoD/DISA STIGs, NIST 800-53 evidence mapping.
Multi-account org design and landing zones.
Experience with air-gapped or hybrid (on-prem + AWS) environments.
What We Value
Collaborative, multidisciplinary team player with a hands-on mindset.
High bar for security, reliability, documentation, and automation.
Curiosity for new methodologies that lift quality, speed, and safety.
Comfort in a high-growth environment where technical excellence drives outcomes.
Nice-to-know: Roles supporting regulated workloads may require U.S. citizenship, location/on-site work, and/or a security clearance (or eligibility