Overview
Skills
Job Details
Work Stream: Sandbox Vending & Cloud Account Management
Location: Remote (US preferred)
Duration: 3+ months contract
We are looking for an experienced Cloud Sandbox Vending Engineer/Architect to lead the Sandbox Vending work stream, responsible for designing, automating, and managing sandbox environments across a multi-account cloud ecosystem. This role will focus on implementing secure, governed sandbox vending patterns using Terraform, AWS Control Tower, and Landing Zones to enable innovation while ensuring compliance and cost efficiency.
Key Responsibilities-
Sandbox Vending & Account Provisioning
-
Design and automate sandbox account vending workflows leveraging AWS Control Tower and Landing Zones.
-
Build Terraform modules to provision and manage sandbox environments at scale.
-
Enable self-service sandbox creation for development and testing teams while maintaining guardrails.
-
-
Multi-Account Cloud Strategy
-
Define and enforce multi-account strategies for sandbox, dev, test, and production workloads.
-
Implement account baselines for security, networking, logging, and compliance controls.
-
Manage cross-account policies and integrations to support enterprise-scale governance.
-
-
Cloud Operations & Governance
-
Integrate governance frameworks for cost control, compliance, and security monitoring.
-
Establish policies for sandbox usage (lifecycle management, cleanup automation, and budgets).
-
Monitor sandbox activity using AWS CloudWatch, CloudTrail, and Security Hub.
-
-
Collaboration & Enablement
-
Work closely with CloudOps, Security, and Development teams to define sandbox use cases.
-
Provide best practices on sandbox usage while maintaining enterprise governance standards.
-
Document sandbox vending processes, policies, and operational guidelines.
-
-
5+ years of cloud engineering/architecture experience with AWS.
-
Strong expertise with Terraform (modular IaC design, governance, automation).
-
Hands-on experience with AWS Control Tower, Landing Zones, and multi-account strategies.
-
Knowledge of cloud operations, governance frameworks, and compliance standards.
-
Experience managing cloud costs, policies, and guardrails in enterprise-scale environments.
-
Strong understanding of AWS IAM, networking, monitoring, and security services.
-
Familiarity with sandbox vending in multi-cloud environments (Azure, Google Cloud Platform).
-
Experience integrating sandbox environments into CI/CD pipelines.
-
Knowledge of service catalog / self-service portals for sandbox provisioning.
-
AWS Certifications (Solutions Architect, Security, or DevOps Engineer).
-
Bachelor's degree in Computer Science, Engineering, or related field.
-
Relevant AWS or DevOps certifications preferred.