Senior AWS Engineer

About The Position

Requirements

• Bachelor's degree in computer science or related field (preferred).
• Relevant certifications strongly preferred: AWS Solutions Architect - Professional, AWS Security Specialty, AWS DevOps Engineer, CISSP or similar.
• 8+ years of experience in software or cloud engineering, including 5+ years designing and operating workloads on AWS.
• Deep expertise with AWS core services: VPC, IAM, ECS/EKS, Lambda, RDS, S3, KMS, CloudWatch, Security Hub, and Control Tower.
• Strong background in Infrastructure as Code (IaC) using Terraform-modules, state management, and CI-driven deployments.
• Experience provisioning, tuning, and maintaining AWS RDS (SQL Server).
• Solid foundation in both Linux and Microsoft Windows operating systems.
• Direct experience supporting at least one FedRAMP Moderate (or higher) authorized system, including audit preparation and evidence submission.
• Working knowledge of FedRAMP Moderate, NIST SP 800-53 Rev 5, and NIST SP 800-37.
• Experience mapping security controls, maintaining SSPs, POA&Ms, and delivering continuous monitoring artifacts.
• Hands-on experience with security tools such as Elastic Cloud SIEM, Qualys Cloud WAS, SonarQube, Nessus, and AWS GuardDuty.
• Ability to translate regulatory requirements into technical safeguards.
• Proficiency in GitLab CI/CD, including runners, pipelines, and GitOps workflows.
• Experience building security gates into CI/CD processes (SAST, DAST, vulnerability scans, Terraform automation).
• Automation-first mindset with fluency in at least one backend language (Python, Go, or Java) and scripting (Bash or PowerShell).
• Experience integrating and managing SSO solutions with Okta and Entra (SAML/OIDC, SCIM, MFA, RBAC policy design).
• Familiarity with fine-grained access control across AWS and SaaS platforms.
• At least two (2) years of experience mentoring or leading engineers.
• Strong communication skills-able to clearly explain technical issues to both technical and non-technical audiences.
• Excellent documentation skills (e.g., policies, procedures, architecture diagrams, audit artifacts).
• Excellent organizational skills and attention to detail.
• Strong analytical and problem-solving abilities.
• Proficiency with Microsoft Office Suite or similar tools.
• Must be eligible to obtain a government security clearance.

Responsibilities

• Designs and implements secure, highly available AWS environments using Terraform-emphasizing VPC (Virtual Private Cloud) design, IAM (Identity Access Management) least privilege, FIPS encryption, and network segmentation.
• Provisions, tunes, and maintains AWS RDS (SQL Server) with a focus on performance, backups, and high availability.
• Develops and maintains CI/CD pipelines in GitLab, integrating SAST (SonarQube), DAST (Qualys), vulnerability scanning (Nessus), and Terraform automation.
• Translates FedRAMP/NIST 800-53 Rev 5 security controls into technical safeguards; remediates findings and supports continuous ATO (Authority to Operate).
• Integrates SSO (Single Sign-On) and RBAC (Role-Based Access Control) using Okta and Entra across AWS, GitLab, Elastic Cloud, and related SaaS platforms.
• Operate Elastic Cloud SIEM and AWS GuardDuty; respond to alerts, coordinate incident response, and lead postmortem analysis.
• Mentors and supports the Junior AWS Engineer; conducts code reviews and champions DevSecOps culture.
• Defines SLIs (Service Level Indicators)/SLOs (Service Level Objectives), implements disaster recovery and backup strategies, and leads service improvement initiatives.
• Collaborates with stakeholders to convert regulatory and product needs into secure cloud capabilities; articulates security posture to leadership and clients.
• Participates in a rotating 24x7 on-call support schedule.
• Performs other related duties as assigned.