ForgeApply
Try it free

ForgeApply · Job listing

Senior AWS Platform Engineer

Neweratech

Remote · US

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

Join New Era Technology, where People First is at the heart of everything we do. With a global team of over 3,000 professionals, we're committed to creating a workplace where everyone feels valued, empowered, and inspired to grow. Our mission is to securely connect people, places, and information with end-to-end technology solutions at scale.

At New Era, you'll join a team-oriented culture that prioritizes your personal and professional development. Work alongside industry-certified experts, access continuous training, and enjoy competitive benefits. Guided by our core attributes — putting people first, embracing continuous learning, and thriving through collaboration and inclusion — we nurture our people to deliver exceptional customer service.

If you want to make an impact in a supportive, growth-oriented environment, New Era is the place for you. Apply today and help us shape the future of work—together

We are seeking a Senior AWS DevOps / Platform Engineer to design, automate, and operate secure self-service AWS platform capabilities for development teams. This role will own the foundation for governed multi-account provisioning, federated access, reusable Infrastructure as Code templates, and Git-based promotion workflows that move validated workloads across controlled environments. The ideal candidate has hands-on experience with AWS Control Tower, AWS Organizations, deep Terraform and CloudFormation-based IaC implementation, identity federation, service control policies, CI/CD automation, centralized logging, and cost governance in large-scale engineering environments.

Role Summary

This role is responsible for building governed AWS platform capabilities that allow application and engineering teams to request, receive, use, and retire secure cloud accounts and environments with minimal manual cloud-engineering involvement. The engineer will combine AWS Control Tower, AWS Organizations, Account Factory for Terraform or an equivalent account-vending workflow, federated identity, SCP-based guardrails, reusable IaC modules, and automated delivery pipelines to create a scalable platform service.

• The role requires a platform-engineering mindset focused on automation, standardization, developer enablement, security, cost control, and operational governance.

What You’ll Build

• An AWS Control Tower landing zone with governed organizational units and automated account vending, implemented through Account Factory for Terraform or an equivalent AWS Organizations-based workflow.

• Integration with a self-service provisioning workflow, triggered through a portal, ServiceNow, or similar request interface, that creates fully governed AWS accounts and environments in minutes.

• Account request intake that captures owner, team, business purpose, duration, budget tier, and approved AWS regions.

• Federated identity and short-lived role assumption for cloud access, including standard developer roles and elevated administrator roles constrained by SCPs and least-privilege controls.

• Reusable Infrastructure as Code modules and templates for common application patterns, including containerized applications on EKS, event-driven services, managed databases, and network-isolated test stacks.

• A Git-based promotion pipeline that moves validated IaC through code review, automated validation, and environment-scoped deployment into staging and production.

• Lifecycle automation for account and environment expiration, extension requests, decommissioning, and cleanup of unused resources.

Key Responsibilities

• Design, build, and operate organizational units and account-vending automation so standard cloud environment requests can be fulfilled without manual cloud-engineering work.

• Implement organization-level guardrails, including SCPs that block unacceptable actions, enforce region restrictions, and enable required logging and security services by default during account creation.

• Build and enforce per-account cost controls, including budgets, actual and forecasted spend alerts, and automated remediation paths such as notification, access restriction, quarantine, and cleanup.

• Ensure each account or environment is isolated by account, organizational unit, and network boundary from controlled environments and corporate networks, with no default transitive trust.

• Partner with the identity team to design federated access patterns and short-lived role assumption models that eliminate the need for long-lived IAM users.

• Own and maintain the Terraform, CloudFormation, and CDK module/template library that developers use for EKS, databases, queues, serverless services, and other common application patterns.

• Build and maintain delivery pipelines that promote validated infrastructure and application changes through Git review, automated validation, and environment-scoped deployment roles.

• Prevent direct console changes in staging and production by enforcing approved pipeline-based promotion and deployment workflows.

• Instrument centralized logging and audit trails from the first day of each account’s lifecycle, including account creation records, API audit trails, and security findings.

• Define and automate lifecycle policies for account and environment expiration, extension, decommissioning, and cleanup in a governed multi-team operating model.

Required Qualifications

• Hands-on experience with AWS Control Tower, AWS Organizations, and multi-account landing zone design.

• Deep hands-on experience implementing Infrastructure as Code using Terraform and AWS CloudFormation, including reusable modules/templates, parameterization, versioning, validation, state management, and promotion through CI/CD pipelines.

• Experience with federated identity using SSO, SAML, or OIDC, and short-lived credential models such as IAM Identity Center and STS role assumption.

• Working knowledge of SCPs and AWS guardrail design, with the ability to restrict high-risk actions while preserving devel

Ready to apply to Neweratech?

Apply in about a minute

Similar jobs

More like this: DevOps & SRE Jobs · Remote DevOps & SRE Jobs · More jobs at Neweratech · Browse all jobs