AWS Cloud Engineer

Position: AWS Cloud Engineer III

Location: Remote/ Detroit MI

Must Have

• AWS VPC architecture and network design patterns (multi-CIDR VPCs, subnets, route tables, security groups, NACLs)
• Cloud security controls: encryption, network isolation, identity management, policy enforcement
• Elastic Load Balancing (ALB, NLB) listener rules, target groups, TLS termination
• Linux/macOS command-line proficiency
• NAT Gateway, VPC endpoints (interface and gateway), and AWS PrivateLink configuration
• Proficiency in Python, Bash/Shell scripting
• Route53 DNS architecture (private hosted zones, resolver rules, hybrid DNS)
• Transit Gateway design, attachments, route table propagation, and cross-account connectivity
• Understanding of TCP/IP, DNS, TLS/SSL, and network troubleshooting (flow logs, packet captures, traceroute)

Nice To Have

• AWS Certifications: Solutions Architect (Associate or Professional), SysOps Administrator, DevOps Engineer, Security Specialty, or equivalent cloud certifications
• Cloud Service Evaluation & Governance: Experience evaluating, securing, and onboarding new cloud services for enterprise adoption.
• Experience with CSPM tools (Prisma Cloud, AWS Config, or similar)
• Experience with policy-as-code frameworks (Sentinel or similar)
• Experience working in financial services or other highly regulated industries
• Familiarity with containerization (ECS, EKS, Docker) and serverless architectures
• Familiarity with HashiCorp Vault for secrets management and credential brokering
• FinOps / Cloud Cost Optimization: Experience with AWS Cost Explorer, Budgets, cost allocation tagging strategies, right-sizing, and Savings Plans
• Working knowledge of Go (Golang)

JOB DESCRIPTION

Company Overview

A major financial institution is seeking an experienced AWS Cloud Platform Engineer to support its enterprise AWS environment. The Cloud Engineering team is responsible for designing, operating, and securing the enterprise AWS cloud platform managing 100+ AWS accounts, 250+ serverless functions, and a comprehensive infrastructure-as-code ecosystem that supports the institution's digital transformation and regulatory compliance objectives.

Position Summary

The AWS Cloud Engineering I role is a hands-on technical position focused on day-to-day cloud platform operations including AWS account lifecycle management, infrastructure provisioning, VPC networking, security controls enforcement, and operational support. The ideal candidate is a seasoned cloud engineer who thrives in a regulated enterprise environment and can independently execute complex infrastructure tasks while adhering to strict change management and compliance requirements.

Duties and Responsibilities

Infrastructure Operations & Account Lifecycle

• Provision and manage AWS accounts, services, and decommissioning within AWS Organizations
• Perform VPC provisioning, upgrades, and configuration management using Terraform
• Manage Transit Gateway attachments, route table configurations, and cross-account network connectivity
• Support compute infrastructure including EC2 fleet management, Auto Scaling Groups, and load balancer configurations
• Fulfill infrastructure change requests through ITSM processes and formal change management
• Infrastructure as Code (IaC)
• Develop, maintain, and troubleshoot Terraform configurations for AWS infrastructure provisioning
• Work within Terraform Cloud workspaces with policy-as-code enforcement
• Leverage and contribute to internal Terraform modules, guardrails and standardized workflows

Security & Compliance

• Implement and maintain Service Control Policies (SCPs), IAM policies and least privilege access models
• Enforce encryption and data protection standards (EBS, RDS, S3, KMS)
• Triage and remediate findings from cloud security posture management (CSPM) tools, vulnerability scans, and drift detection
• Manage VPC endpoint configurations, PrivateLink connectivity, and network security controls

Monitoring, Cost Management & Operational Support

• Monitor and respond to alarms, security findings, and AWS Config rule violations
• Support FinOps practices including cost/budget monitoring and enforcement, and resource optimization recommendations
• Participate in on-call rotation for cloud platform support
• Collaborate with application teams, security, and enterprise architecture stakeholders

Documentation & Knowledge Management

• Maintain operational runbooks, SOPs, and technical documentation
• Document infrastructure decisions, configurations, troubleshooting procedures, and customer support guides

Minimum Knowledge, Skills, and Abilities Required

Required Experience (Must-Haves)

• 5 10 years of hands-on experience in cloud infrastructure engineering (AWS-focused)
• Demonstrated experience with Terraform (HCL) and IaC lifecycle management
• Deep working knowledge of AWS core services: VPC, EC2, Lambda, S3, RDS, IAM, KMS, CloudWatch, CloudTrail, Route 53, API Gateway, ELB (ALB/NLB), Transit Gateway
• Experience operating multi-account AWS environments using AWS Organizations and SCPs
• Proficiency in IAM policy design, cross-account access patterns, and least-privilege principles
• Experience with CI/CD pipelines (Terraform Cloud, Jenkins, GitHub Actions, or equivalent)
• Experience with Git-based workflows (branching strategies, pull requests, code reviews) in GitHub Enterprise or similar
• Experience working in regulated or enterprise environments with formal change management (ServiceNow or equivalent ITSM)
• Strong troubleshooting and problem-solving skills for complex, multi-account AWS environments
• Excellent written and verbal communication skills; ability to produce clear technical documentation