Required Skills: cloud , AWS , Java , CICD , DevOps

Job Description

Role Overview: As an AWS Cloud Engineer specializing in Landing Zones and Infrastructure as Code (Terraform), you will architect and implement secure, scalable cloud foundations for our clients. In essence, you help clients establish a well-architected AWS environment – often starting from a greenfield or improving an existing setup – using best practices and automation. On-site with the client’s infrastructure/DevOps team, you will design multi-account AWS architectures (a “Landing Zone”), define network topology, security controls, and governance guardrails, and automate everything using Terraform and CI/CD pipelines. Your presence on-site means you also serve as a cloud advisor, working hand-in-hand with client engineers to transfer knowledge and ensure the AWS environment supports their application teams effectively. This role is critical to enabling enterprise clients to confidently run workloads in AWS with a stable, maintainable foundation.
Key Responsibilities:
Architect & Build AWS Landing Zone: Design and deploy a robust AWS Landing Zone tailored to the client’s needs. This typically involves setting up multiple AWS accounts organized via AWS Organizations (for example, separating accounts for dev/test/prod or by business unit), and implementing AWS Control Tower or custom organizational units/policies. You will establish baseline services in each account (VPCs, subnets, routing, etc.) and implement centralized services like directory services or cross-account networking if needed. Onsite, you’ll run architecture workshops to understand the client’s security, networking, and compliance requirements and then turn those into a concrete AWS architecture. You will produce diagrams and documentation so everyone understands the setup.
Infrastructure as Code with Terraform: Everything you build will be codified. You will write Terraform scripts/modules to automate the creation of AWS resources (accounts, VPCs, IAM roles, EC2 instances, S3 buckets, etc.). This ensures that the infrastructure is reproducible and version-controlled. You’ll also set up Terraform Cloud or use Jenkins/CodePipeline to run Terraform in a CI/CD manner, so changes to infrastructure go through code review and automated deployment. Being on-site, you might pair with client team members to teach them Terraform concepts, so they can co-own the codebase. You will enforce best practices in IaC – like proper state management (remote state backends), separation of environments, and using modules for reuse.
Security and Compliance Implementation: A big aspect of landing zones is security governance. You will implement guardrails such as Service Control Policies (SCPs) to restrict unsafe actions (e.g., disallowing certain regions or resource types if needed), set up AWS Config rules and CloudTrail for auditing, and ensure cloud security basics (encryption, least privilege IAM, MFA, etc.) are in place. If the client has specific compliance frameworks (like HIPAA, PCI, etc.), you’ll incorporate relevant controls – for example, ensuring VPC Flow Logs, setting up intrusion detection, etc. On-site collaboration with the client’s security team is key: you’ll review their requirements and show how AWS configurations meet them. You’ll likely also implement network security – designing public/private subnets, configuring security groups and NACLs, maybe setting up transit gateways or Direct Connect for hybrid connectivity.
DevOps & Automation Support: Beyond just initial provisioning, you will help integrate application teams’ workflows with the AWS environment. This could mean setting up CI/CD pipelines (using AWS CodePipeline/CodeBuild or other tools) for infrastructure changes and even for application deployments if asked. You might implement monitoring and logging solutions – e.g., centralized CloudWatch dashboards, alarms on key metrics, setting up AWS CloudWatch Logs or Elasticsearch/Splunk forwarders for log analysis. Onsite, you’ll coordinate with client operations folks to ensure they know how to handle the environment – for instance, showing them how to extend Terraform scripts for new resources, or how to safely make configuration changes through code. In some cases, you may also assist in container orchestration setup (EKS or ECS) as part of the environment, automating their provisioning and advising on best practices for cluster networking and scaling.
Knowledge Transfer and Cloud Coaching: A critical part of your role on-site is to enable the client’s team. You aren’t just building and then leaving; you ensure the client’s IT staff is comfortable and proficient with the new cloud setup. This might involve conducting training sessions on AWS basics or Terraform usage, creating runbooks and guidelines (“How to create a new account using our Landing Zone automation”, “Best practices for developers deploying to AWS”, etc.), and being available for hands-on support as their teams start migrating applications to the new environment. You basically act as a trusted cloud advisor, so even after the initial landing zone deployment, you might spend time consulting on how to optimize costs, improve resilience (e.g., multi-AZ, backups), or adopt new AWS services that could benefit the client.
Technical Skills & Experience:
AWS Infrastructure: Deep knowledge of core AWS services and architecture. This includes Networking (VPC design, subnets, routing, security groups, VPN/Direct Connect, Transit Gateway), Compute (EC2, autoscaling, ECS/EKS for containers, Lambda), Storage (S3, EBS, etc.), and Identity/Security (IAM, AWS Organizations, Control Tower, CloudTrail, Config, GuardDuty, KMS). You should be comfortable setting up multi-account structures and know the best practices for cross-account access and resource sharing. AWS Certified Solutions Architect (Associate/Professional) or similar certifications are a good indicator of your proficiency.
Terraform & Infrastructure as Code: Strong expertise in Terraform is essential. You have written complex Terraform modules, used Terraform state backends, and understand the nuances of managing changes (plan/apply cycles). Experience with other IaC tools like CloudFormation or AWS CDK is also useful (in case of integrating with existing client assets), but Terraform is the primary tool expected. You also understand how to organize code for multiple environments and how to test infrastructure code changes safely.
CI/CD & Automation Tools: Experience implementing CI/CD pipelines for infrastructure (and possibly applications). Familiar with using tools such as AWS CodePipeline/CodeBuild, Jenkins, GitLab CI, or others to automate Terraform deploys and integrate with version control. Knowledge of configuration management tools (Ansible, Chef) can be helpful if needed for provisioning OS-level configurations, though many clients are moving to cloud-native and containerized setups where that’s less used.
Scripting & Programming: Ability to write scripts (Python, Bash, or PowerShell) to automate tasks that Terraform might not cover. For example, you might need to write a Python script to call certain AWS APIs (if not easily done in Terraform) or to mass-tag resources. Also, knowing how to use AWS CLI and CloudFormation for ad-hoc tasks is useful.
Monitoring/Logging: Familiarity with setting up monitoring solutions in AWS – CloudWatch custom metrics and dashboards, CloudWatch Alarms, or integrating third-party tools (Datadog, Prometheus). Similarly, knowledge of aggregating logs (CloudWatch Logs Insights, ELK stack, etc.) to ensure the environment’s health and security are well-tracked.
Experience: 5+ years in cloud infrastructure roles, with at least 3 years hands-on with AWS. Should have led or significantly contributed to establishing AWS environments for organizations (especially enterprise scale – multiple accounts, hybrid connectivity). Demonstrable experience with Terraform in production is a must. If you’ve worked as a consultant or part of a professional services team before, that is ideal as it indicates you can adapt and deliver in unfamiliar environments while communicating with clients.
Soft Skills & Competencies:
Strategic Thinking & Requirements Gathering: You have the ability to take high-level objectives (e.g., “We need a secure, multi-account AWS setup for our company”) and break them into an actionable plan. On-site, you’ll often need to ask the right questions: What are the critical applications and their needs? What compliance standards must we adhere to? Which regions do we operate in? By understanding these, you tailor the cloud solution to the business context. You also think ahead – building a landing zone not just for today, but scalable for the future (e.g., anticipating that more accounts or teams will onboard and designing for that).
Communication & Documentation: You excel at communicating complex infrastructure concepts in clear terms. This means you can explain to developers how to use the new environment (“Here’s how our network is structured, here’s how to request a new DNS entry...”), or to management why certain decisions were made (“We implemented multi-factor auth for console access to enhance security per best practices”). You also produce solid documentation – network diagrams, setup guides, security policies – that serve as a reference long after you’re gone. This written and verbal clarity builds trust with the client that you know what you’re doing and that the solution is well thought-out.
Collaboration & Influence: As an on-site cloud engineer, you’ll work with various client teams – networking specialists, security officers, developers. You approach collaboration with humility and openness. Maybe the client’s network engineer has 20 years of experience; you respect that and work together to mesh AWS networking with on-prem networking smoothly. You also sometimes need to influence decisions: perhaps persuading a client to adopt a best practice they’re hesitant about (for instance, convincing them of the importance of Infrastructure as Code versus making manual console changes). Your approach is to demonstrate benefits, maybe do small proof-of-concepts, and always listen to their concerns. Over time, you become a trusted advisor whose opinions carry weight.
Troubleshooting & Calm Under Pressure: Building cloud infra can hit snags – maybe an IAM role isn’t working and people are blocked, or the deployment script failed right before a big demo. You remain calm and systematic in these situations. You troubleshoot methodically (check IAM policies, CloudTrail logs, VPC Flow logs, etc. as relevant) and communicate status updates so everyone knows what’s going on. This calm, competent demeanor under pressure gives the client confidence, even if there are hiccups.
Teaching & Empowerment: A major part of being on-site is leaving the client stronger. You take time to explain not just the “how” but the “why” of what you do. For example, you don’t just implement Terraform – you might conduct a training session for the client’s engineers on how Terraform works, so they feel ownership. You celebrate when a client team member makes their first successful infrastructure code commit. Essentially, you find joy in elevating the capability of others. By the end of your engagement, the client’s team should not only have a great AWS setup, but also the knowledge and confidence to maintain and extend it. That is a key measure of success for you personally.
Accountability & Professionalism: As the on-site cloud expert, you take accountability for the deliverables. If something isn’t working, you don’t pass blame – you dig in until it’s resolved or find someone who can help. You manage timelines and set expectations realistically, and if deadlines are tight, you put in the effort needed to meet them (while communicating any risks). Professionalism also extends to respecting client confidentiality (you might be seeing sensitive architecture or data, and you handle it with utmost discretion) and being mindful of cost implications (you treat the client’s cloud budget as if it were your own money, designing cost-effective solutions whenever possible).