Cloud Engineer - AWS (CPE)

Position Summary:
We are seeking for a highly skilled and motivatedCloud Lead Engineer to join Healthcare Commercial Cloud (HCC) to design,implement, and continuously improve HCC solutions and services in amulti-tenant cloud environment. This role requires deep hands-on expertise in AWS native services, with a strong focus on multi-tenant account governance,oversight function, network security, identity and access management, and cost optimized cloud service delivery.

Roles & Responsibilities:

• Design, implement, and manage secure, scalable, and cost-efficient AWS cloud infrastructure using AWS native services.
• Build new cloud services and enhance existing platforms based on evolving business and operational requirements.
• Implement and enforce account governance using AWS control tower, SCPs, RCPs, AWS organizations, AWS config, firewall manager, and security hub.
• Architect secure, scalable, and resilient network topologies using VPC, subnets, NAT, VPN,Transit Gateway, Direct Connect, and Private Link.
• Manage hybrid connectivity between on-premises and cloud environments with a focus onperformance, availability, and security.
• Familiar with AWS network firewall, VPC traffic mirroring, and other advanced networking servicesin AWS.
• Familiar with identity and access controls using IAM, SCPs, AWS SSO, and IAM Identity Center.
• Monitor, investigate, and remediate security findings from AWS Security Hub, GuardDuty, Inspector, Config, Firewall Manager, Shield Advanced, and IAM Access Analyzer.
• Secure workloads by enforcing least privilege access and enabling encryption with AWS KMS and Secrets Manager.
• Provide technical advisory on cloud application design, network, and security architecture orother cloud related technologies
• Establish centralized logging, detection, monitoring, and incident response capabilities across accounts and regions.
• Utilize observability tools such as CloudWatch, OpenSearch, QuickSight, Grafana, or similar solutions to monitor cloud resources effectively.
• Develop operational dashboards and reporting mechanisms to support infrastructure monitoring, performance analysis, and compliance requirements.
• Able to automate provisioning and configuration management using AWS CloudFormation, AWS CDK, orTerraform.
• Able to monitor and troubleshoot cloud environments using CloudWatch, X-Ray, CloudTrail, and AWSConfig.
• Maintain comprehensive documentation covering infrastructure architecture, account structure, and governance policies.

Qualification/ Requirements:

• Bachelor’s degree in computer science, Information Technology, or a related field (or equivalent experience).
• 6+ years of hands-on experience with AWS Native Services with a strong focus on multi-tenant account governance, oversight function, network security, identity and access management, and cost optimized cloud service delivery.
• AWS Certified Solutions Architect/ AWS Certified Security / Azure certified is preferred
• Solid understanding of AWS Organizations, Landing Zone architecture, and cloud governance best practices.
• Proficiency in scripting languages such as Python, Bash, or PowerShell is desirable.
• Expertise in AWS networking including VPCs, subnets, security groups, route tables, direct connect, and NAT Gateways.
• Strong working knowledge of cloud security tools such as IAM, Security Hub, GuardDuty, Inspector, Shield Advanced, KMS, and secrets manager.
• Familiarity with centralized monitoring and logging solutions such as CloudWatch, OpenSearch, CloudTrail, Config, QuickSight, and Systems Manager.
• Experience with integrating or operating AI/ML services in AWS such as Bedrock, SageMaker, comprehend, Rekognition.
• Experience in developing operational dashboards and enable observability for cloud resources.
• Familiarity with security and compliance frameworks such as CIS AWS Foundation Benchmark or AWS Foundational Best Practices.
• Experience in designing public-private network segmentation to support layered architectures, including presentation, business logic, micro-services, and data layers, serving both Internet and Intranet environments.
• Proven track record in leading cloud projects from design to implementation, balancing cost, security, and business requirements.
• 1 year agency contract