Associate Cloud Engineer - Automation (CPE)

Position Summary:

We are seeking for a highly skilled and motivated Cloud Lead Engineer to join Healthcare Commercial Cloud (HCC) to design, implement, and continuously improve HCC solutions and services in a multi-tenant cloud environment. This role requires deep hands-on expertise in AWS native services, with a strong focus on multi-tenant account governance, oversight function, network security, identity and access management, and cost optimized cloud service delivery.

As a cloud lead engineer, you are expected to design and implement cloud solutions that align with business needs, regulatory requirements, and long-term scalability. You will also be responsible for enhancing existing services, introducing new cloud capabilities, ensuring robust security, visibility, and operational control within a multi-account AWS environment managed via Control Tower, AWS Organizations, Service Control Policies, Resource-Based Policies, and Security Hub. You are also expected to integrate AI/ML capabilities using AWS services to enhance analytics, automation and business intelligence use cases.

Roles & Responsibilities:

• Design, implement, and manage secure, scalable, and cost-efficient AWS cloud infrastructure using AWS native services.
• Build new cloud services and enhance existing platforms based on evolving business and operational requirements.
• Implement and enforce account governance using AWS control tower, SCPs, RCPs, AWS organizations, AWS config, firewall manager, and security hub.
• Architect secure, scalable, and resilient network topologies using VPC, subnets, NAT, VPN, Transit Gateway, Direct Connect, and PrivateLink.
• Manage hybrid connectivity between on-premises and cloud environments with a focus on performance, availability, and security.
• Familiar with AWS network firewall, VPC traffic mirroring, and other advanced networking services in AWS.
• Familiar with identity and access controls using IAM, SCPs, AWS SSO, and IAM Identity Center.
• Monitor, investigate, and remediate security findings from AWS Security Hub, GuardDuty, Inspector, Config, Firewall Manager, Shield Advanced, and IAM Access Analyzer.
• Secure workloads by enforcing least privilege access and enabling encryption with AWS KMS and Secrets Manager.
• Provide technical advisory on cloud application design, network, and security architecture or other cloud related technologies
• Establish centralized logging, detection, monitoring, and incident response capabilities across accounts and regions.
• Utilize observability tools such as CloudWatch, OpenSearch, QuickSight, Grafana, or similar solutions to monitor cloud resources effectively.
• Develop operational dashboards and reporting mechanisms to support infrastructure monitoring, performance analysis, and compliance requirements.
• Able to automate provisioning and configuration management using AWS CloudFormation, AWS CDK, or Terraform.
• Able to monitor and troubleshoot cloud environments using CloudWatch, X-Ray, CloudTrail, and AWS Config.
• Maintain comprehensive documentation covering infrastructure architecture, account structure, and governance policies.

Qualifications/ Requirements:

• Bachelor’s degree in computer science, Information Technology, or a related field (or equivalent experience).
• 6+ years of hands-on experience with AWS Native Services with a strong focus on multi-tenant account governance, oversight function, network security, identity and access management, and cost optimized cloud service delivery.
• AWS Certified will be preferred
• Have some experience in security / network background or experience in running automation or DevOps
• Solid understanding of AWS Organizations, Landing Zone architecture, and cloud governance best practices.
• Proficiency in scripting languages such as Python, Bash, or PowerShell is desirable.
• Expertise in AWS networking including VPCs, subnets, security groups, route tables, direct connect, and NAT Gateways.
• Strong working knowledge of cloud security tools such as IAM, Security Hub, GuardDuty, Inspector, Shield Advanced, KMS, and secrets manager.
• Familiarity with centralized monitoring and logging solutions such as CloudWatch, OpenSearch, CloudTrail, Config, QuickSight, and Systems Manager.
• Experience with integrating or operating AI/ML services in AWS such as Bedrock, SageMaker, comprehend, Rekognition.
• Experience in developing operational dashboards and enable observability for cloud resources.
• Familiarity with security and compliance frameworks such as CIS AWS Foundation Benchmark or AWS Foundational Best Practices.
• Experience in designing public-private network segmentation to support layered architectures, including presentation, business logic, micro-services, and data layers, serving both Internet and Intranet environments.
• Proven track record in leading cloud projects from design to implementation, balancing cost, security, and business requirements.