Role Overview
We are looking for an experienced Cloud Engineer with deep expertise in AWS and strong hands-on skills using Terraform to architect, deploy, and operate cloud environments at scale. The ideal candidate will have real-world experience with AWS Landing Zone implementations, including multi-account setups, security controls, and automation. This position will collaborate closely with the Cloud Center of Excellence (CCoE) to build secure, scalable, and cost-efficient cloud platforms.
Key Duties and Responsibilities
- Architect, deploy, and support AWS infrastructure using Infrastructure as Code (Terraform)
- Design, implement, and operate AWS Landing Zone solutions (AWS Control Tower or custom-built), including:
- Multi-account AWS environments
- Automated account provisioning and environment separation (Production, UAT, Development)
- Standardized networking, security, and logging frameworks
- Create and maintain reusable Terraform modules while promoting IaC standards and best practices
- Administer and support core AWS services, including:
- Networking: VPCs, Transit Gateway, subnets, route tables
- Security & identity: IAM, IAM Identity Center (SSO), Service Control Policies (SCPs)
- Compute & integration: EC2, Auto Scaling, ALB/NLB, Lambda
- Data services: S3, RDS, DynamoDB
- Apply security controls and compliance measures aligned with AWS-recommended best practices
- Integrate Terraform workflows into CI/CD pipelines such as CodeCommit, CodeDeploy, and CodePipeline
- Monitor usage, optimize cloud costs, and improve performance and reliability
- Diagnose and resolve infrastructure issues while supporting live production systems
- Collaborate with business and technical teams to convert requirements into cloud architecture solutions
- Maintain clear documentation, architecture diagrams, and operational procedures
Required Skills and Experience
- Extensive hands-on experience operating AWS environments in production
- Demonstrated expertise using Terraform with AWS
- Practical experience implementing or managing AWS Landing Zones (Control Tower or custom)
- Strong knowledge of:
- AWS governance models and security best practices
- IAM, SCPs, and least-privilege access principles
- AWS networking concepts (Transit Gateway, CIDR, routing, NACLs, DNS)
- Experience managing infrastructure across multiple AWS accounts
- Understanding of cloud security frameworks and compliance standards
- Ability to work autonomously and take full ownership of cloud platforms
Preferred Qualifications
- AWS certifications (Solutions Architect, SysOps Administrator, DevOps Engineer)
- Experience with Kubernetes and Amazon EKS
- Exposure to configuration management tools such as Ansible
- Familiarity with monitoring and observability platforms (CloudWatch, Prometheus, Grafana)
- Scripting experience with Python and/or Bash
- Background supporting enterprise or regulated cloud environments
Soft Skills
- Strong analytical and troubleshooting abilities
- Effective communication skills for both technical and non-technical audiences
- Proactive approach with a strong focus on security, stability, and reliability
- Comfortable working in fast-moving, mission-critical production environments
