AWS Engineer

Key Responsibilities

• Design, build, and maintain a secure, scalable foundational AWS environment using AWS Control Tower, AWS Organizations, and related services to meet organizational requirements for networking, identity, governance, security, and cost optimization.
• Architect and deploy an AWS Landing Zone following best practices, including account baselining, organizational units, guardrails, IAM (Identity and Access Management), VPC design, and Transit Gateway connectivity.
• Define and enforce security and compliance controls, including Service Control Policies (SCPs), centralized logging and auditing (CloudTrail, AWS Config, centralized log aggregation), encryption best practices, and automated policy-as-code checks.
• Design and implement secure network architectures—VPCs, subnetting, routing, Transit Gateway patterns, VPN/Direct Connect/Transit connectivity, and network segmentation to ensure secure communication and resource isolation.
• Develop and manage identity and access strategies: role design, permission boundaries, permission sets, integration with AWS IAM Identity Center (formerly AWS SSO), and secure credential/secret management.
• Automate landing zone and infrastructure provisioning using Infrastructure-as-Code (Terraform, CloudFormation) with reusable modules, state management, and CI/CD integration to ensure repeatable, auditable deployments.
• Build and operate CI/CD and GitOps pipelines using GitHub (Actions) / AWS CodePipeline and related tooling; implement IaC-driven promotion, testing, and deployment workflows.
• Design and deploy platform engineering tooling and automation to accelerate workload onboarding, migrations, and day-to-day operations (self-service patterns, templates, and developer enablement).
• Implement observability and operational practices: monitoring, logging, tracing, alerting, SLOs/SLIs, incident response, and runbooks to maintain reliability and performance.
• Monitor system performance, troubleshoot infrastructure and application issues, and optimize resource allocation and cost through tagging, budgets, and cost-management tools.
• Ensure ongoing governance: implement guardrails, tagging standards, cost controls, and automated compliance checks across accounts and workloads.
• Collaborate with product, development, security, and platform teams to translate business requirements into secure, resilient AWS solutions; provide technical guidance, training, and mentorship.

Essential Functions

• Manage and govern multi-account structures using AWS Organizations to enable a secure, scalable, and compliant account strategy.
• Design, implement, and operate AWS Control Tower (or equivalent patterns) to automate the creation and baseline configuration of secure multi-account environments.
• Define and enforce identity and access strategies using IAM and AWS IAM Identity Center (formerly AWS SSO), including roles, permission boundaries, permission sets, and credential/secret management.
• Architect secure network topologies using VPC design best practices—subnetting, routing, network ACLs, security groups, and segmentation—to isolate and protect workloads.
• Design and operate connectivity patterns using Transit Gateway, VPN, and Direct Connect to integrate VPCs, on-premises networks, and multi-region architectures.
• Implement Infrastructure-as-Code (IaC) to provision and manage landing zone components and workloads consistently, using tools such as Terraform and CloudFormation with reusable modules and CI/CD integration.
• Apply the AWS Well-Architected Framework principles to evaluate and drive improvements in security, reliability, performance efficiency, cost optimization, and operational excellence.
• Build and maintain DevOps and CI/CD workflows using tools like AWS CodeCommit / CodeBuild / CodePipeline, GitHub Actions, GitLab CI, or similar systems to enable automated testing and deployments.
• Write and maintain automation and tooling scripts using Python, Bash, or comparable languages to support provisioning, operations, and integrations.
• Embed security best practices across design and operations: threat modeling, data encryption, secrets management (AWS KMS, Secrets Manager / SSM Parameter Store), logging/auditing (CloudTrail, AWS Config), and policy-as-code.
• Troubleshoot complex infrastructure and platform-level issues using structured root-cause analysis and remediation; produce runbooks and long-term mitigations.
• Communicate effectively with technical and non-technical stakeholders; produce architecture diagrams, design docs, onboarding materials, and executive briefings.

Highly desirable if the candidate has AWS and Azure expertise on Landing Zone Architecture, Managing Cloud Policies, Governance, Monitoring, Identify Solutions, System Integrations, driving application migration strategies, Application CI-CD best practices, Catalogs of Terraform Modules & release management and Infrastructure pipelines.

Technologies

Must‑have

• Core AWS platform: EC2, Lambda, VPC, S3, EBS, RDS / Aurora, DynamoDB.
• Multi‑account & governance: AWS Organizations, AWS Control Tower, account/OU design.
• Identity & security: AWS IAM, AWS IAM Identity Center, KMS, Secrets Manager, RBAC and least‑privilege design.
• Networking & connectivity: Transit Gateway, Route 53, Direct Connect, VPN, routing and subnet design.
• Infrastructure as Code (IaC): Terraform (authoring modules, state management) and CloudFormation (or AWS CDK).
• CI/CD & DevOps: GitHub Actions / GitLab CI / AWS CodePipeline + CodeBuild integrations and pipeline design.
• Containers & orchestration: Docker, Amazon EKS (Kubernetes), Amazon ECR, Helm and Kubernetes manifests.
• Observability & reliability: CloudWatch, CloudWatch Logs, X‑Ray, tracing/metrics/alerting and SLO/SLA practices.
• Security & compliance tooling: CloudTrail, AWS Config, Security Hub, GuardDuty, Service Control Policies (SCPs).
• Scripting & automation: Python, Bash, AWS CLI; experience building automation and operational runbooks.
• Cost & governance: Tagging strategies, AWS Cost Explorer, AWS Budgets, cost optimization patterns.
• Architecture best practices: Application of the AWS Well‑Architected Framework to design secure, reliable, performant, and cost‑efficient systems.
• Communication & leadership: Ability to produce architecture docs, runbooks, and to mentor/lead technical teams.

Nice‑to‑have

• Advanced networking: BGP, Transit Gateway multi‑region patterns, advanced routing and NAT/proxy designs.
• GitOps & continuous delivery tools: Flux, Argo CD, Terraform Cloud / Terraform Enterprise.
• Knowledge on Platform engineering and developer experience: self‑service catalogs, service meshes (e.g., App Mesh), internal developer portals.
• Hybrid / edge: AWS Outposts, advanced Direct Connect architectures, multi‑cloud interoperability patterns.
• Alternative observability stacks: Prometheus, Grafana, ELK/EFK integration experience.
• Security specializations: certifications or deep experience with CIS, NIST, ISO frameworks, or AWS Security Specialty practices.
• Certifications (signals of expertise): AWS Certified Solutions Architect – Professional, AWS Certified DevOps Engineer, AWS Security Specialty.

Preferred Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent practical experience.
• 14+ years of professional experience in AWS Cloud Management & Operations specifically within an Infrastructure and Operations context.
• Proven master of landing zone deployment and management
• Excellent scripting and automation skills (e.g., ARM, Terraform, Shell, Python, PowerShell).
• Strong analytical, problem-solving, and communication skills, with the ability to convey complex technical information clearly.
• Experience with DevOps practices and tools (e.g., Terraform, Ansible, Kubernetes, Docker).
• Experience with database migration projects, including cross-platform migrations.
• Knowledge of monitoring tools like Prometheus, Grafana, or equivalent.

About Jeppesen ForeFlight

Why You Should Join: 

• Group Medical insurance
• Group term life, personal accident, and critical illness insurance
• Gym reimbursement
• 20 days of paid vacation time
• 12 days of paid sick time
• Employee Assistance Program