Cloud Support Engineer III

Job Description

We have a position for a Cloud Support Engineer III with one of our clients in Remote for an initial contract duration of 7 months. US citizens and all those authorized to work in the US are encouraged to apply.

Cloud engineering contractor supporting the client's Cloud Security organization through ongoing merger integration. The role supplements existing senior personnel by executing against defined backlogs across AWS security automation, log pipeline buildout, and platform operations. Expectation is hands-on delivery — Terraform, IAM, logging infrastructure, and runbook development — not strategic architecture leadership.

Required Experience (4–6 Years)

•    Multi-cloud engineering — production AWS experience across IAM, S3, VPC, CloudTrail, Config, and Organizations/SCPs; familiarity with at least one additional provider (GCP preferred, OCI a plus).

•    Infrastructure automation — Terraform module authoring and maintenance, working within established module standards and CI-validated workflows.

•    Scripting — Python for automation, Lambda functions, and event-driven processing; comfortable with AWS SDK (boto3).

•    CI/CD — pipeline experience with GitHub Actions, GitLab CI, Jenkins, or equivalent.

•    Security fundamentals — least-privilege IAM design, SCP authoring, cross-account trust patterns, and KMS key management.

Preferred / Bonus Skills

•    HashiCorp Vault — operational experience or pipeline integration (audit logs, AppRole, dynamic secrets)

•    CyberArk — PAM/PSM administration or integration work

•    AWS Bedrock or other GenAI service integration (IAM, knowledge bases, guardrails, invocation logging)

•    Oracle Cloud Infrastructure (OCI) — IAM, networking, hybrid connectivity to AWS

•    Detection-as-code, EventBridge rule authoring, or SIEM/SOAR integration

Scope of Work

•    Terraform Module Development — Build and maintain reusable modules for IAM roles, permission boundaries, cross-account trust, S3 baselines with Access Points, VPC endpoints, and KMS. Work within existing module repo and review workflows.

•    SCP & IAM Guardrail Implementation — Execute against the SCP roadmap defined by Cloud Security: author, test in sandbox OUs, roll out, and document policies supporting merger-driven account expansion.

•    Log Pipeline & AI Analysis Agent Support — Provision CloudTrail org trails, Config aggregators, and cross-account log replication via Terraform; build CloudWatch-to-Kinesis and EventBridge-to-SQS ingestion paths feeding the multi-agent Bedrock analysis pipeline; support Lambda-based categorization, batching, and enrichment; assist with Bedrock IAM, knowledge base S3/SSM wiring, and guardrail configuration.

•    OCI Integration & Hybrid Connectivity — Support hybrid AWS-to-OCI work tied to Oracle EBS/ODS integration: IAM compartments, FastConnect/VCN validation, and identity federation with AWS IAM Identity Center.

•    Platform Operations & Runbooks — Triage IAM, S3, networking, and cross-account access issues; build a library of operational runbooks aligned to internal documentation standards.

Additional Information Target years of experience: 4-6.

What are your top 3-5 MUST HAVEs OR REQUIRED skillset: AWS experience, OCI experience a plus, Automation focused - python, Terraform, etc. Bonus points if HashiCorp / CyberArk development experience.