Position Summary:
We are seeking for a highly skilled and motivatedCloud Lead Engineer to join Healthcare Commercial Cloud (HCC) to design,implement, and continuously improve HCC solutions and services in amulti-tenant cloud environment. This role requires deep hands-on expertise in AWS native services, with a strong focus on multi-tenant account governance,oversight function, network security, identity and access management, and cost optimized cloud service delivery.
Roles & Responsibilities:
- Design, implement, and manage secure, scalable, and cost-efficient AWS cloud infrastructure using AWS native services.
- Build new cloud services and enhance existing platforms based on evolving business and operational requirements.
- Implement and enforce account governance using AWS control tower, SCPs, RCPs, AWS organizations, AWS config, firewall manager, and security hub.
- Architect secure, scalable, and resilient network topologies using VPC, subnets, NAT, VPN,Transit Gateway, Direct Connect, and Private Link.
- Manage hybrid connectivity between on-premises and cloud environments with a focus onperformance, availability, and security.
- Familiar with AWS network firewall, VPC traffic mirroring, and other advanced networking servicesin AWS.
- Familiar with identity and access controls using IAM, SCPs, AWS SSO, and IAM Identity Center.
- Monitor, investigate, and remediate security findings from AWS Security Hub, GuardDuty, Inspector, Config, Firewall Manager, Shield Advanced, and IAM Access Analyzer.
- Secure workloads by enforcing least privilege access and enabling encryption with AWS KMS and Secrets Manager.
- Provide technical advisory on cloud application design, network, and security architecture orother cloud related technologies
- Establish centralized logging, detection, monitoring, and incident response capabilities across accounts and regions.
- Utilize observability tools such as CloudWatch, OpenSearch, QuickSight, Grafana, or similar solutions to monitor cloud resources effectively.
- Develop operational dashboards and reporting mechanisms to support infrastructure monitoring, performance analysis, and compliance requirements.
- Able to automate provisioning and configuration management using AWS CloudFormation, AWS CDK, orTerraform.
- Able to monitor and troubleshoot cloud environments using CloudWatch, X-Ray, CloudTrail, and AWSConfig.
- Maintain comprehensive documentation covering infrastructure architecture, account structure, and governance policies.
Qualification/ Requirements:
- Bachelor's degree in computer science, Information Technology, or a related field (or equivalent experience).
- 6+ years of hands-on experience with AWS Native Services with a strong focus on multi-tenant account governance, oversight function, network security, identity and access management, and cost optimized cloud service delivery.
- AWS Certified Solutions Architect/ AWS Certified Security / Azure certified is preferred
- Solid understanding of AWS Organizations, Landing Zone architecture, and cloud governance best practices.
- Proficiency in scripting languages such as Python, Bash, or PowerShell is desirable.
- Expertise in AWS networking including VPCs, subnets, security groups, route tables, direct connect, and NAT Gateways.
- Strong working knowledge of cloud security tools such as IAM, Security Hub, GuardDuty, Inspector, Shield Advanced, KMS, and secrets manager.
- Familiarity with centralized monitoring and logging solutions such as CloudWatch, OpenSearch, CloudTrail, Config, QuickSight, and Systems Manager.
- Experience with integrating or operating AI/ML services in AWS such as Bedrock, SageMaker, comprehend, Rekognition.
- Experience in developing operational dashboards and enable observability for cloud resources.
- Familiarity with security and compliance frameworks such as CIS AWS Foundation Benchmark or AWS Foundational Best Practices.
- Experience in designing public-private network segmentation to support layered architectures, including presentation, business logic, micro-services, and data layers, serving both Internet and Intranet environments.
- Proven track record in leading cloud projects from design to implementation, balancing cost, security, and business requirements.
- 1 year agency contract
