Senior Platform Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Develop and improve Terraform (and CloudFormation as necessary) pipelines in GitHub for AWS Organizations, Service Control Policies (SCPs), organizational unit (OU) structure, resource tagging, and automated account provisioning (ServiceNow intake → plan/apply workflows).

• Create and implement hub-and-spoke networking: individual account VPCs linked through a Transit Gateway, policy-based routing to Palo Alto inspection, centralized VPC interface endpoints, and a DNS resolution hierarchy.

• Construct and uphold organization-level guardrails: SCPs, IAM permission boundaries, and least-privilege roles; incorporate policy-as-code testing and guardrails.

• Establish centralized root account management: minimize daily root usage, enforce multi-factor authentication (MFA) and credential vaulting, monitor root activities, and regulate break-glass access through established processes.

• Deploy and manage organization-wide AWS Config (including aggregators, conformance packs, and remediation) and Amazon GuardDuty (delegated administration, threat detection, and integration with Security Hub) across all accounts.

• Configure IAM Identity Center with Entra ID federation; enable keyless CI/CD (GitHub Actions OIDC) and workload roles for EKS/ECS and platform automation.

• Set up and optimize organization-level logging and metrics: CloudTrail, VPC Flow Logs, DNS query logs, Config and GuardDuty findings → aggregation → Splunk/Elastic; ensure comprehensive audit and detective control coverage.

• Lead Terraform Infrastructure as Code (IaC) migration and establish platform standards in accordance with the AWS Well-Architected Framework (security, reliability, operational excellence).

• Utilize AI tools (Claude, Cursor) and agentic automations to expedite IaC development, reviews, and operational runbooks—while adhering to approved security guardrails.

• Enforce operations exclusively based on infrastructure as code; contribute to policy-as-code testing and eliminate console-only changes.

• Collaborate with InfoSec to address Security Hub, Prisma, and Qualys findings and facilitate remediation through IaC updates.

• Assist with change management and CAB submissions for modifications to the production platform.

• Apply a robust product mindset: comprehend application-team needs, provide platform capabilities with tangible value, and assess adoption and results.

• Assume full accountability and ownership for assigned platform components—from design and IaC through deployment, operations, and ongoing improvement.

• Work collaboratively within the AWS Product Team and alongside other Platform Engineering teams (Azure, GCP, Blueprint and Modules, DNA Enablement) to align patterns, standards, and shared deliverables.

• Communicate effectively during design reviews, documentation, incident response, and stakeholder updates; proactively escalate risks and dependencies.

⛳️ Requirements

• 8–10 years in cloud/platform engineering (3–5+ years specifically on AWS) delivering enterprise platform components utilizing Terraform and CI/CD (experience with GitHub; Spacelift is a plus).

• Strong knowledge of AWS networking (VPC, Transit Gateway, routing, load balancers), DNS, and centralized VPC endpoints; familiarity with centralized security inspection.

• Hands-on experience with AWS Organizations, Control Tower, Account Vending Model (AVM), SCPs, and IAM least-privilege design; practical experience with permission boundaries and IAM policies.

• Proficient in centralized root account management, AWS Config (rules, aggregators, remediation), and GuardDuty at an organization-wide scale.

• Familiarity with IAM Identity Center, federation, and keyless CI/CD patterns (OIDC).

• Expertise in logging and monitoring pipeline engineering (CloudTrail, CloudWatch, flow logs, Splunk/Elastic integrations).

• Skilled with AWS KMS, Secrets Manager, and secrets automation; proficient in scripting (Python, PowerShell, Bash) and have a solid foundation in Linux.

• Strong Git workflows, IaC governance, and the ability to create clear technical documentation.

• A robust product mindset with experience in translating platform requirements into practical, adoptable solutions.

• Excellent communication skills; demonstrated end-to-end accountability and ownership of platform deliverables.

🏝️ Benefits

• Competitive salary

• Flexible working hours

• Professional development opportunities

• Health insurance

• Retirement plans