AWS AI Cloud Engineer – Part-time

This is a fully remote position, open to applicants in Spain.

📋 Description

• Join Neurons Lab as a Cloud Engineer on a delivery project with a regulated EU BFSI enterprise (German-speaking client).

• You will take over a CDK-based codebase that is already deployed within the client's AWS account, succeeding the outgoing engineer, and manage cloud delivery from start to finish: production hardening, addressing security findings, ensuring RAG infrastructure stability, and integrating SSO/RBAC with the client's identity framework.

• Report to the AI Architect on the project; work closely on a daily basis with the AI Delivery Manager and ML Engineer.

• Manage and enhance the existing AWS CDK codebase deployed in the client's AWS environment.

• Operate the production stack: ECS Fargate, ECR, ALB (both public and internal), VPC, CDN, S3, and AWS Bedrock.

• Oversee the data layer: Postgres, Redis, vector database (Qdrant or similar), and LLM observability (Langfuse or similar).

• Independently triage and remediate findings from AWS Security Hub / Health Dashboard.

• Integrate SSO and RBAC with the client's identity architecture.

• Ensure the reliability of the RAG stack as additional pilot teams join; collaborate with the ML Engineer on retrieval-quality incidents.

• Manage cost tracking and capacity planning for the client's Bedrock + ECS expenditures.

• Document CDK constructs, runbooks, and incident response procedures for efficient handover.

⛳️ Requirements

• 5+ years of experience in cloud / DevOps / cloud engineering, with a minimum of 2 years of hands-on AWS CDK experience in production environments.

• At least 2 years of experience operating AI/ML or GenAI workloads on AWS (Bedrock, SageMaker, or similar).

• Direct experience deploying within a regulated client's AWS account (BFSI, healthcare, government, or similar) — not merely within internal sandbox environments.

• Proven ability to step into an existing codebase mid-project and deliver results within 1–2 weeks.

• Comfortable being the sole Cloud Engineer on a small (3–4 person) delivery team.

• Advanced proficiency in AWS CDK (primary) — must be capable of extending an existing CDK codebase from day one, rather than just authoring from scratch.

• Hands-on experience with AWS Bedrock — including model invocation patterns, IAM scoping, and cost monitoring.

• Experience with ECS Fargate in production: including task definitions, service auto-scaling, ALB target groups, and blue/green or rolling deployments.

• Networking knowledge: VPC design, public/private ALB patterns, CloudFront, and private subnet egress.

• RAG-stack operations: deploying and managing a vector database, Postgres (RDS/Aurora), Redis (ElastiCache), and an LLM observability layer on AWS.

• Familiarity with AWS Security Hub / Inspector / Health Dashboard — including triaging and remediating findings in restricted client environments.

• Proficient in Python — including FastAPI backends, MLOps automation, and deployment integration.

• Experience with identity and access management: SSO (Okta / Azure AD / Cognito), RBAC, and IAM least-privilege design.

• Knowledge of Terraform — secondary; useful for modules provided by the client's IT team.

• Experience working in restricted client AWS accounts — handling limited permissions, asynchronous approvals, and wiki/docs-portal handovers.

• Strong communication skills: clear written and verbal English. German proficiency is a strong advantage but not mandatory.

🏝️ Benefits

• Remote position, limited to candidates based in Madrid — due to equipment logistics, we will provide dedicated equipment directly to the engineer's location.