Senior AWS Cloud Engineer (IaC/Networking)

• Provision and manage AWS accounts and services, including decommissioning within AWS Organizations.

• Perform VPC provisioning, upgrades, and configuration management using Terraform.

• Manage Transit Gateway attachments, route table configurations, and cross-account connectivity.

• Support compute infrastructure including EC2 fleet management, Auto Scaling Groups, and load balancers.

• Fulfill infrastructure change requests through ITSM processes and formal change management.

• Develop, maintain, and troubleshoot Terraform configurations for AWS provisioning.

• Operate within Terraform Cloud workspaces with policy-as-code enforcement and contribute to internal modules and guardrails.

• Implement and maintain SCPs, IAM policies, and least-privilege access models.

• Enforce encryption and data protection standards across EBS, RDS, S3, and KMS.

• Triage and remediate findings from CSPM tools, vulnerability scans, and drift detection.

• Manage VPC endpoints, PrivateLink connectivity, and network security controls.

• Monitor and respond to alarms, security findings, and AWS Config rule violations.

• Support FinOps practices including budget monitoring, enforcement, and resource optimization.

• Participate in an on-call rotation for cloud platform support.

• Collaborate with application, security, and enterprise architecture stakeholders.

• Maintain operational runbooks, SOPs, and technical documentation including troubleshooting procedures and customer guides.

Due to client requirements, applicants must be willing and able to work on a w2 basis. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance., + 5 to 10 years of hands-on cloud infrastructure engineering with an AWS focus.

• Demonstrated experience with Terraform and IaC lifecycle management.

• Deep knowledge of AWS core services including VPC, EC2, Lambda, S3, RDS, IAM, KMS, CloudWatch, CloudTrail, Route 53, API Gateway, and ELB (ALB/NLB), plus Transit Gateway.

• Experience operating multi-account AWS environments using AWS Organizations and SCPs.

• Proficiency in IAM policy design, cross-account access patterns, and least-privilege principles.

• Experience with CI/CD pipelines such as Terraform Cloud, Jenkins, or GitHub Actions.

• Experience with Git-based workflows including branching strategies, pull requests, and code reviews.

• Experience working in regulated or enterprise environments with formal change management such as ServiceNow.

• Strong troubleshooting and problem-solving skills for complex multi-account AWS environments.

• Effective written and verbal communication with ability to produce clear technical documentation.

• Must-have technical skills: AWS VPC architecture and network design patterns, cloud security controls, Elastic Load Balancing, Linux or macOS command-line proficiency, NAT Gateway, VPC endpoints and PrivateLink, Python and Bash or Shell scripting, Route 53 DNS architecture, Transit Gateway design, and understanding of TCP/IP, DNS, TLS or SSL, and network troubleshooting.

• Nice-to-have skills: AWS certifications, CSPM tools, policy-as-code frameworks, experience in financial services or regulated industries, containerization and serverless familiarity, HashiCorp Vault, FinOps and AWS cost optimization, and working knowledge of Golang.

Recruitment Transparency Notice

Eliassen Group values transparency in our recruitment practices. Please be advised that Eliassen Group utilizes artificial intelligence (AI) tools as part of its initial application screening** and hiring process. You may receive email and SMS notifications from the Eliassen Virtual Recruiting Team ( noreply@eliassen.com **, 781-808-2924) inviting you to complete a brief voice screening as part of your application process. These tools assist our hiring teams in different ways, including but not limited to, assistance in reviewing application materials to help identify candidates whose qualifications most closely match the requirements of the position. All AI-assisted evaluations and responses are reviewed by human recruiters before any hiring decisions are made. The use of AI in our process is intended to support fairness, efficiency, and consistency, and Eliassen Group takes measures to prevent bias or discrimination in connection with its hiring practices. By proceeding, you acknowledge, agree, and consent to Eliassen Group's use of these tools, including AI tools, as part of the application and hiring process.

Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range.

W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality.

If anyone reaches out to you about an open position connected with Eliassen Group, please ensure that you are working directly with us by confirming the following:

· When you work with Eliassen Group, all email communication will come from an Eliassen.com address, never Gmail, Yahoo, etc.

_Eliassen Group is a strategic consulting firm that helps organizations reach further and achieve more through our technology, business advisory, and life sciences solutions. For nearly 40 years, we have combined exceptional people, deep domain expertise, and intelligent capabilities to expand our clients' capacity and accelerate meaningful outcomes. We are driven by a purpose to positively impact the lives of our employees, clients, consultants, and the communities we serve._