Principal Cloud Engineer

ZOLL Medical CorporationBroomfield, CO
$150,000 - $165,000Hybrid

About The Position

As a Principal Cloud Engineer at ZOLL, you will be recognized as an expert within the cloud engineering discipline, requiring a highly specialized skill set and deep knowledge of emerging trends that influence best practices across the organization. You will contribute to the development of innovative principles and ideas, working on unusually complex problems and providing solutions that are highly creative. In this role, you will develop and implement new products, processes, standards, and operational plans that directly impact the achievement of functional results—with a primary focus on leading ZOLL's FedRAMP authorization initiative from an infrastructure, security, and compliance-as-code perspective. You will communicate regularly with leadership to align cloud strategy with organizational objectives, regulatory requirements, and FedRAMP readiness milestones.

Requirements

  • BA/BS degree in Computer Science, Information Security, or related field, or equivalent experience required
  • 7+ years of experience developing production-level applications or automated deployment pipelines using Infrastructure as Code in a public cloud environment (AWS, Azure, GCP) required
  • Deep expertise with AWS services (EC2, S3, RDS, Lambda, IAM, CloudWatch, CloudTrail, GuardDuty, VPC, ALB/NLB, CloudFront, Config, etc.); meaningful hands-on experience with GCP is strongly preferred
  • Expert-level experience with Infrastructure as Code tools (Terraform, CloudFormation) and configuration management (Ansible)
  • Proven experience designing and implementing CI/CD pipelines and release management processes at scale
  • Expert-level experience with logging and observability solutions (Coralogix, Splunk, OTEL, Grafana, ELK Stack, CloudWatch) including designing centralized logging architectures
  • Strong knowledge of NIST 800-53 security controls and the FedRAMP authorization process, including SSP documentation, continuous monitoring, and POA&M management
  • Demonstrated experience with cloud security and governance frameworks: SOC 2, HIPAA, FedRAMP, ISO 27001, CIS Benchmarks, or equivalent federal compliance standards
  • Experience defining and documenting system boundaries, data flows, access control models, and security architectures for compliance and audit purposes
  • Experience with vulnerability management programs: tool selection, scan scope definition, severity handling, remediation SLA enforcement, and evidence packaging
  • Solid understanding of encryption standards, key management practices, and certificate lifecycle management in cloud environments
  • Familiarity with ITIL/ITSM processes and proven experience running change management or release management frameworks
  • Excellent communication and stakeholder management skills, with demonstrated ability to convey advanced technical and compliance information to leadership and diverse non-technical audiences
  • Demonstrated ability to create formal networks across engineering, security, and compliance teams to drive coordinated outcomes

Nice To Haves

  • Experience with TeamCity (build automation) and Artifactory (artifact repository)
  • Experience with policy-as-code and governance-as-code platforms (Stacklet, OPA, Sentinel, or similar)
  • Familiarity with 3PAO assessment processes and direct experience supporting FedRAMP audits or assessments
  • Experience with configuration baseline management and drift detection tooling
  • Knowledge of supplier risk management and external services evaluation for federal environments
  • AWS Certified Solutions Architect – Professional certification
  • AWS Certified Security – Specialty certification
  • AWS Certified DevOps Engineer – Professional certification
  • GCP Professional Cloud Architect or Professional Cloud Security Engineer certification
  • CISSP, CISM, or other recognized information security certification
  • Direct experience achieving or maintaining a FedRAMP authorization
  • Experience with Cloud Custodian/Stacklet for multi-account governance and policy enforcement

Responsibilities

  • Apply broad expertise across cloud infrastructure, security engineering, and compliance domains to lead and contribute to company objectives in creative and effective ways
  • Provide thought leadership on cloud architecture, platform reliability, and regulatory compliance; work on broader organization projects that require understanding of the wider business
  • Lead the development of innovative principles, standards, and operational plans for cloud infrastructure that have measurable impact on functional results
  • Own collaboration involving coordination among SRE, software engineering, security, compliance, and leadership groups to drive cross-functional alignment
  • Communicate with leadership on cloud strategy, FedRAMP readiness posture, and risk decisions; convey advanced technical information and persuade diverse stakeholders
  • Work on significant and unique issues where analysis requires evaluation of intangibles; exercise independent judgment in selecting methods, techniques, and evaluation criteria
  • Be accountable for results that may impact the entire cloud engineering function
  • Provide automated and orchestrated management of all SaaS platforms and technical solutions, driving innovative approaches to unusually complex problems
  • Lead AWS and GCP development, maintenance, automation, and orchestration for application pools, websites, data services, virtual networks, security, monitoring, service discovery, and other platform services; ensuring delivery on schedule and in accordance with ZOLL quality standards
  • Lead and contribute to the definition of, and enforce patterns, best practices, and strategies for source control structure, branching, and CI/CD across the organization
  • Architect and enhance platform services with Terraform, Ansible, Git, Artifactory, Jenkins, Packer, and related tooling
  • Define, build, and enhance observability patterns and platforms using OTEL, Coralogix, Grafana, and other tooling
  • Define, promote, and maintain SRE best practices across the ZOLL organization and product lines
  • Partner with Architects and product development teams within Agile processes to build resilient services and expand ZOLL's SaaS portfolio
  • Serve as the primary cloud engineering lead for ZOLL's FedRAMP authorization initiative, owning the infrastructure and platform compliance workstream
  • Lead the documentation and implementation of NIST 800-53 security controls as they apply to cloud infrastructure, with emphasis on the high-friction control families: AC (Access Control), AU (Audit and Accountability), CM (Configuration Management), IA (Identification and Authentication), IR (Incident Response), RA (Risk Assessment), SA (System and Services Acquisition), SC (System and Communications Protection), and CA (Assessment, Authorization, and Monitoring)
  • Define and maintain the FedRAMP system boundary documentation, including in-scope services, environments, trust zones, interfaces, and excluded systems
  • Own the cloud infrastructure asset inventory—applications, compute, databases, SaaS dependencies, service accounts—with data classification, ownership, and monitoring status for each asset
  • Develop and enforce access control models aligned to FedRAMP requirements: user populations, authentication methods, approval workflows, periodic access reviews, separation of duties, and privileged access management
  • Collaborate with compliance and security on the vulnerability management program for FedRAMP scope: scanning tools, frequencies, severity handling, remediation SLAs, exception processes, and evidence retention
  • Implement and document the logging and audit strategy: log sources, event categories, centralization (OTEL/CloudTrail/VPC Flow Logs), retention periods, access controls, review cadence, alerting, and time synchronization—covering AU-2, AU-6, AU-11, and AU-12 as a cohesive set
  • Maintain the external system services register (SA-9) within SRE’s scope: providers, data exchanged, FedRAMP status, shared responsibility assumptions, monitoring expectations, and failure modes
  • Define configuration baselines for OS, containers, and cloud configurations; implement drift detection, deviation approval, and hardening aligned to CIS benchmarks
  • Establish encryption and key management documentation: data at rest/in transit protections, key ownership, rotation cadence, certificates, approved algorithms, and cryptographic boundaries
  • Drive the change management and secure SDLC process for FedRAMP: security gate definitions, approval artifacts, emergency change handling, and retention of evidence
  • Own and maintain the FedRAMP gap register and POA&M tracking from the infrastructure perspective, collaborating with security and compliance teams on remediation planning
  • Support continuous monitoring activities: monthly vulnerability scanning cadence, POA&M update cycles, annual assessment preparation, and significant change triggers
  • Produce and maintain assessor-ready evidence packages: scanner dashboards, ticket queues, remediation records, access review artifacts, configuration audit trails, and log review documentation
  • Mentor and develop less-experienced cloud engineers, providing technical guidance, code reviews, and career development support
  • May direct the activities of other engineers on complex projects or compliance workstreams
  • Collaborate with cross-functional teams to identify areas for improvement and drive innovative solutions
  • Participate in critical incident management and root cause analysis, with an after-hours rotation of tier-4 production support
  • Contribute to strategic planning for the team and platform, including long-range roadmap and capability investment decisions

Benefits

  • Annual bonus in accordance with the company's bonus plan
  • Comprehensive benefits plans
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service