Senior AWS Infrastructure Security Engineer (Terraform / CloudFormation)

Summary

Are you passionate about building secure, compliant, and scalable cloud foundations? We are seeking a talented and experienced Senior AWS Infrastructure Security Engineer to join our dynamic team and lead the design and deployment of secure AWS landing zones.  In this role, you will be a subject matter expert, architecting and implementing robust, automated security solutions for our highly regulated clients in the Defense Industrial Base, Public Sector, and Higher Education sectors.

Responsibilities

• Design and implement secure, multi-account AWS landing zones using Terraform, AWS CloudFormation, the AWS Cloud Development Kit (CDK), and AWS Landing Zone Accelerator (LZA).
• Architect and deploy foundational security services and infrastructure to meet stringent client security and compliance requirements (e.g., CMMC 2.0, FedRAMP, NIST, HIPAA).
• Provide expert security consultancy for cloud architecture, governance, and identity and access management across all client projects.
• Collaborate directly with clients to understand their needs and translate security and compliance requirements into automated, scalable solutions using Infrastructure as Code (IaC).
• Evaluate and mitigate risks associated with cloud adoption while ensuring solutions leverage the security, scalability, and economy of AWS.
• Support customers in adopting modern, secure development and engineering methodologies within their new cloud environments.
• Create high-quality documentation and deliverables for client submissions, including architecture diagrams, security control mappings, and configuration guides.
• Proactively stay current with developments in AWS services, security threats, and compliance standards, sharing knowledge across the team.

 Required Skills

• Proven experience in a technical, customer-facing consulting role.
• Strong communication and technical writing skills are essential.
• At least 3+ years of hands-on experience designing, building, and securing solutions within AWS.
• Deep, hands-on expertise with Infrastructure as Code, specifically Terraform and AWS CloudFormation. Experience with the AWS CDK and Landing Zone Accelerator (LZA) is strongly preferred.
• Demonstrated experience working with compliance frameworks and standards such as CMMC, FedRAMP, PCI DSS, NIST, FISMA, ISO 27001, HIPAA, and SOC 2.
• Proficiency with git and modern change management workflows (e.g., git-flow).
• An AWS certification (AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional) is required or must be obtained within 90 days of employment.

Nice to Have Skills

• Working with High Performance Computing, including Slurm clusters.
• Experience deploying End User Compute solutions such as Amazon Workspaces and/or Research and Engineering Studio (RES) on AWS.
• Working with AI/ML tools such as SageMaker, SageMaker Studio, and Amazon Bedrock.
• Experience working with public sector clients, especially Higher Education and research institutions. 
• Advanced security certifications (e.g., CISSP, CCSP, CyberAB CCP/CCA ) are highly advantageous.