Senior AWS Systems Administrator

Position: Senior AWS Systems Administrator
Duration: Long Term Contract
Location: Remote

Job Summary

We are looking for a Senior AWS Systems Administrator who owns the AWS environment end to end. Production, development, staging, the organization root, the billing alarms, the network topology, the audit trails, the keys, the access controls.

If it lives in AWS at Client, this seat is responsible for it being correctly configured, properly monitored, and ready for an auditor to walk through.

The platform runs on AWS and it handles PHI. That sentence carries the whole job. You configure the environments so that PHI moves only where it should move, encrypted at rest and in transit, audited at every hop, and tied back to a real identity that a HIPAA assessor can trace. You configure the networking so that a facility partner can route their on premises traffic into Client through a secure tunnel that holds up to scrutiny.

You partner with the Lead Product Architect on infrastructure decisions, and you own the operational reality of those decisions once they are made. The architecture sets the direction. You make sure the running system actually matches it.

• AWS administration depth. At least seven years administering production AWS environments, including time at a senior level where you owned outcomes rather than implemented someone else s design. You can talk through specific decisions you made on networking, IAM, compute, and data services, what they cost, what they enabled, and what you would do differently now.
• VPC, Transit Gateway, and cross organization networking. Deep production experience with VPC design, Transit Gateway topology, site to site VPN, customer gateway configuration, and the operational reality of routing traffic between AWS and external networks. You have built and maintained tunnels between AWS environments and on premises partner networks, and you can defend the topology to a network engineer on the other side of the table.
• HIPAA in production AWS. You have administered AWS environments that handle PHI. You know what a BAA scope looks like in practice, where the encryption boundaries sit, and what an auditor will ask for when they walk through your configuration. You have shipped real production systems under HIPAA, not just read the compliance documents.
• Aurora PostgreSQL and RDS administration. You have run Aurora PostgreSQL in production at a senior level. Scaling, parameter tuning, backup configuration, point in time recovery, read replica strategy, failover behavior. You have been on the other end of a real outage and can describe what you did.
• IAM and identity federation. Expert level command of IAM. Roles, policies, cross account access, identity providers, SSO federation, MFA enforcement, and access boundaries. You have implemented least privilege in a real organization, not just on a slide.
• Route 53 and DNS. Production experience with Route 53, including zone design, routing policies, health checks, and the failover patterns that keep a service reachable when something underneath it falls over.
• Networking fundamentals. You can explain TCP, BGP, IPsec, TLS, and DNS without a search engine open in another tab. You understand what is actually happening when a packet leaves one VPC and arrives in another, and you can troubleshoot when it does not arrive.
• Linux Real production Linux experience. You know your way around systemd, the network stack, log files, and the tools you actually reach for when something is broken.
• Infrastructure as code. AWS CDK in TypeScript, Terraform, or comparable production experience. You write your changes in code, and you do not consider a change done until it is in version control.
• Monitoring and observability. Production experience with CloudWatch, log aggregation, distributed tracing, and the alerting patterns that page the right person at the right time without crying wolf.
• AI tool fluency. Daily use of AI for operations work, documentation, runbook writing, and incident analysis. Anthropic Claude in particular. We use AI throughout the engineering workflow, and you should be working with it rather than around it.
• On call discipline. You have carried a real production pager. You know what good incident response looks like, and you can teach it.
• A four year college degree from an accredited institution, or demonstrated engineering depth that makes a degree unnecessary. Show the work.