Cloud Foundations Engineer - Account & Landing Zone (human)

• You are responsible for NEURA's AWS account management, Control Tower setup, and landing zone architecture.
• You work closely with engineering teams, security, and leadership to ensure that the cloud foundation scales with the business - without becoming a bottleneck.
• You design the guardrails, but you design them to enable, not to restrict.
• Designing, implementing, and evolving NEURA's AWS landing zone - including Control Tower, Account Factory, organizational units, and account vending pipelines.
• Owning the IAM and SSO architecture: permission sets, role hierarchies, and a structured, self-service-oriented access request workflow that keeps teams unblocked.
• Partnering with fast-growing engineering teams to onboard new accounts, new environments, and new use cases quickly - your default answer is "here's how we do it", not "that's not possible yet."
• Establishing and enforcing tagging policies, budget alerts, and cost visibility across all accounts, giving teams clear ownership of their cloud spend.
• Implementing cloud security controls that protect without paralyzing: SCPs, AWS Config Rules, GuardDuty, Security Hub, etc. - designed with the principle that security enables velocity, not the other way around.
• Acting as interface between Cloud Platform and the Security team, translating policy requirements into concrete, automated cloud controls.
• Everything as Infrastructure as Code. No manual changes in production ever.

Do you have experience in Identity & access management?, * 5+ years of experience in cloud infrastructure or platform engineering, with significant hands-on AWS experience in a fast-growing company environment.

• Deep practical experience with AWS Control Tower, Organizations, Account Factory, and multi-account landing zone design - you have built this before, not just read about it.
• Strong Infrastructure as Code skills, IaC is your default tool, not an afterthought.
• Solid understanding of AWS IAM, SSO/Identity Center, and permission boundary design at organizational scale.
• Experience designing and implementing cloud security controls (SCPs, Config Rules, GuardDuty, Security Hub, VPC security) with a clear philosophy: security that enables teams, not security that blocks them.
• A proven solution-oriented mindset: you find creative, pragmatic paths forward.
• Comfort working at pace in a scaling organization - you can handle ambiguity, incomplete requirements, and shifting priorities without losing quality.
• Strong English communication skills; ability to explain complex access and governance topics clearly to non-specialists. German is a plus.