DevOps Engineer

• Own and improve CI/CD and infrastructure patterns for AWS-based GenAI agent platforms using CDK, GitHub/Bitbucket Pipelines, OIDC, and CloudFormation.
• Evolve secure multi-repo GenAI deployment architecture where shared infrastructure (Bedrock access, agent runtimes, gateways, graph databases, Redis caches) is provisioned centrally and consumed through SSM parameter contracts.
• Provision and operate graph databases (Neo4j, Amazon Neptune, or equivalent) supporting knowledge graphs and agent reasoning context - covering schema management, backup/restore, scaling, query tuning, and secure access.
• Provision and operate Redis for agent session state, semantic caching, rate limiting, pub/sub, and short-term memory - covering cluster sizing, replication, failover, persistence, and TLS/auth hardening.
• Implement secure deployment role chains: OIDC deploy roles, CDK bootstrap deploy roles, and scoped CloudFormation execution roles.
• Design and troubleshoot least-privilege IAM policies across CDK, CloudFormation, Lambda, Bedrock, AgentCore runtime, agent gateway, and graph/Redis access.
• Support container/image build and deployment workflows to shared ECR repositories across agent repos.
• Improve environment bootstrapping, deployment repeatability, drift detection, rollback, and operational validation - including stateful data layers.
• Partner with InfoSec to harden deployment flows and document secure GenAI platform standards, including data-at-rest and in-transit controls for graph and Redis stores.
• Troubleshoot complex deployment issues across IAM, CloudFormation, OIDC, VPC connectivity, ECR, API Gateway, Bedrock AgentCore, graph/Redis connectivity, and observability.

Must Have Experience:

• Maintain pipelines and DBs
• CDK for GenAI
• Terraform a plus as well
• Python
• Manage and scale infrastructure
• Working in a secure way/constrained environment - The environment is regulated
• Infosec and security - partner with

Strongly preferred

• Experience with AWS Bedrock and/or AgentCore-style orchestration/runtime patterns.
• Experience with agent-to-agent or service-to-service security design for GenAI platforms.
• Experience securing AI/LLM platforms, agent orchestration layers, or API-driven enterprise GenAI platforms.
• Experience integrating graph databases and Redis as supporting data layers for GenAI agents (knowledge graphs, semantic caching, session memory).
• Experience with enterprise guardrails, audit logging, and security review processes for AI workloads.
• Familiarity with SSM contract-based repo integration patterns.
• Experience with private subnet/VPC endpoint architectures for Lambda, Bedrock, graph/Redis endpoints, or containerized GenAI runtimes.

Experience supporting regulated or security-conscious enterprise environments running GenAI workloads.