Senior Consultant

Cloud Platform Engineer

Own AWS service configuration and platform hosting integration ecosystem - spanning API Gateway, compute, security, storage, and event infrastructure.

AWS infrastructure ownership

• Configure and manage Amazon API Gateway as the L0 caching and routing layer for all REST API traffic, including throttling, usage plans, and stage management.

• Provision and maintain serverless compute: AWS Lambda function configurations, memory/timeout tuning, concurrency limits, and Step Functions state machine definitions for orchestration workflows.

• Set up and manage Amazon Aurora (PostgreSQL) clusters for the connector Registry and PartnerConnect storage — including parameter groups, subnet groups, backup policies, and read replicas.

• Configure AWS SNS and SQS topics, queues, DLQs, and subscription filters for async event-driven messaging between platform services.

• Manage AWS EventBridge rules and event buses to wire Lambda-based consumers to platform events.

• Administer AWS Cognito user pools and identity pools for OAuth2-based consumer authentication and authorization flows.

• Manage secrets rotation and access policies in AWS Secret Manager for all service credentials.

Hosting & content delivery

• Configure and maintain AWS CloudFront distributions for Microfrontend hosting - origin policies, cache behaviors, custom error pages, and geo-restrictions.

• Manage Route 53 hosted zones, DNS records, health checks, and routing policies (latency, failover) for all platform endpoints.

• Implement and tune AWS CloudShield (Shield Standard/Advanced) and WAF rules to protect API and hosting layers from DDoS and injection threats.

• Oversee Amazon API Gateway & Micro frontend distribution configuration for the Admin Console UI/JSON layer.

Security & compliance posture

• Define and enforce IAM roles, policies, and permission boundaries across all Lambda functions, Step Functions, and service integrations following least-privilege principles.

• Configure VPC, subnets, security groups, caching, and API layers appropriately.

• Establish encryption-at-rest and in-transit configurations for SQS, SNS, and S3-backed registry storage.

• Maintain AWS Config rules, CloudTrail logging, and Security Hub findings to support audit and compliance requirements.

DevSecOps

• Define the CI/CD pipeline architecture - branch strategy, environment promotion (dev → staging → prod), deployment gates, and rollback mechanisms - and guide the DevSecOps engineer in its implementation.

• Establish IaC standards using AWS CDK, SAM, or Terraform; review and approve infrastructure modules authored by the DevSecOps engineer.

• Define observability instrumentation standards - structured logging to CloudWatch, distributed tracing with AWS X-Ray, and metric/alarm configuration - and review DevSecOps engineer's implementation.

• Conduct regular pipeline and IaC PR reviews, providing actionable architectural and security feedback.

Observability & operational excellence

• Design the monitoring strategy: CloudWatch dashboards, composite alarms, and anomaly detection for API Gateway, Lambda, Aurora, and SQS.

• Own the traceability layer - correlating requests end-to-end from consumer ingress through OAuth2, Runtime, and Registry to storage.

• Drive response runbooks and post-incident reviews for platform infrastructure events.

What you'll bring

• 5+ years of hands-on AWS cloud engineering experience; AWS Solutions Architect Associate or Professional certification preferred.

• Deep expertise across: API Gateway, Lambda, Step Functions, Aurora, SNS/SQS, EventBridge, CloudFront, Route 53, Cognito, Secret Manager, CloudShield/WAF.

• Proficiency in infrastructure-as-code (AWS CDK, SAM, or Terraform); able to design reusable, parameterized modules.

• Strong understanding of OAuth2/OIDC flows and how they map to AWS Cognito configuration.

• Demonstrated experience guiding or mentoring junior engineers on CI/CD, IaC, or security best practices.

• Familiarity with DevSecOps tooling: GitHub Actions, CodePipeline, CodeBuild, or equivalent; SAST/SCA tools

• Solid networking fundamentals: VPC design, DNS, TLS, WAF rule authoring.