Cloud Platform Engineer

Own AWS service configuration and platform hosting integration ecosystem - spanning API Gateway, compute, security, storage, and event infrastructure.

AWS infrastructure ownership

• Configure and manage Amazon API Gateway as the L0 caching and routing layer for all REST API traffic, including throttling, usage plans, and stage management.
• Provision and maintain serverless compute: AWS Lambda function configurations, memory/timeout tuning, concurrency limits, and Step Functions state machine definitions for orchestration workflows.
• Set up and manage Amazon Aurora (PostgreSQL) clusters for the connector Registry and PartnerConnect storage — including parameter groups, subnet groups, backup policies, and read replicas.
• Configure AWS SNS and SQS topics, queues, DLQs, and subscription filters for async event-driven messaging between platform services.
• Manage AWS EventBridge rules and event buses to wire Lambda-based consumers to platform events.
• Administer AWS Cognito user pools and identity pools for OAuth2-based consumer authentication and authorization flows.
• Manage secrets rotation and access policies in AWS Secret Manager for all service credentials.

Hosting & content delivery

• Configure and maintain AWS CloudFront distributions for Microfrontend hosting - origin policies, cache behaviors, custom error pages, and geo-restrictions.
• Manage Route 53 hosted zones, DNS records, health checks, and routing policies (latency, failover) for all platform endpoints.
• Implement and tune AWS CloudShield (Shield Standard/Advanced) and WAF rules to protect API and hosting layers from DDoS and injection threats.
• Oversee Amazon API Gateway & Micro frontend distribution configuration for the Admin Console UI/JSON layer.

Security & compliance posture

• Define and enforce IAM roles, policies, and permission boundaries across all Lambda functions, Step Functions, and service integrations following least-privilege principles.
• Configure VPC, subnets, security groups, caching, and API layers appropriately.
• Establish encryption-at-rest and in-transit configurations for SQS, SNS, and S3-backed registry storage.
• Maintain AWS Config rules, CloudTrail logging, and Security Hub findings to support audit and compliance requirements.

DevSecOps

• Define the CI/CD pipeline architecture - branch strategy, environment promotion (dev → staging → prod), deployment gates, and rollback mechanisms - and guide the DevSecOps engineer in its implementation.
• Establish IaC standards using AWS CDK, SAM, or Terraform; review and approve infrastructure modules authored by the DevSecOps engineer.
• Define observability instrumentation standards - structured logging to CloudWatch, distributed tracing with AWS X-Ray, and metric/alarm configuration - and review DevSecOps engineer's implementation.
• Conduct regular pipeline and IaC PR reviews, providing actionable architectural and security feedback.

Observability & operational excellence

• Design the monitoring strategy: CloudWatch dashboards, composite alarms, and anomaly detection for API Gateway, Lambda, Aurora, and SQS.
• Own the traceability layer - correlating requests end-to-end from consumer ingress through OAuth2, Runtime, and Registry to storage.
• Drive response runbooks and post-incident reviews for platform infrastructure events.

What you'll bring

• 5+ years of hands-on AWS cloud engineering experience; AWS Solutions Architect Associate or Professional certification preferred.
• Deep expertise across: API Gateway, Lambda, Step Functions, Aurora, SNS/SQS, EventBridge, CloudFront, Route 53, Cognito, Secret Manager, CloudShield/WAF.
• Proficiency in infrastructure-as-code (AWS CDK, SAM, or Terraform); able to design reusable, parameterized modules.
• Strong understanding of OAuth2/OIDC flows and how they map to AWS Cognito configuration.
• Demonstrated experience guiding or mentoring junior engineers on CI/CD, IaC, or security best practices.
• Familiarity with DevSecOps tooling: GitHub Actions, CodePipeline, CodeBuild, or equivalent; SAST/SCA tools
• Solid networking fundamentals: VPC design, DNS, TLS, WAF rule authoring.