AWS Security Engineer + Production Support

Title-AWS Security Engineer(Dev Prod VPC)

Location-Remote

Mode of hire-Contract

VPC Consolidation (Dev Prod VPC)

High Level Needs:

• Network architecture cleanup
• Controlled workload migration
• Dependency mapping
• VPN + routing sanity

Core AWS skills I think we need

• VPC design (CIDR planning, route tables)
• Security Groups vs NACLs
• VPN / Site-to-Site / Client VPN
• EC2 + ENI behavior
• IAM at least at an operational level

Hidden risks

• Overlapping CIDRs
• Hard-coded IP dependencies
• Security group sprawl
• Accidentally exposing prod resources

Rogue Partner Cleanup (THIS is the real beast)

What I think is needed here:

• IAM forensic review
• Trust boundary reconstruction
• Privilege minimization
• Unknown changes in shared VPCs
• Possible persistence mechanisms left behind

Skills required

• IAM deep expertise (roles, policies, trust relationships)
• CloudTrail analysis
• AWS Config (or lack thereof )
• VPC endpoint + resource policy review
• Ability to reason about "what could have been done"

This requires someone who:

• Has cleaned up bad AWS before
• Is calm, methodical, and security-minded
• Knows how attackers and sloppy admins think

Hours Projections:

Discovery / Deep Dive

• 6 10 hours
• Environment mapping
• IAM inventory
• Risk identification

VPC Consolidation

• 20 40 hours (depends on number of servers)
• More if refactoring is needed

Rogue Cleanup

• 30 60 hours
• Possibly more if the environment is messy