Key skills
PythonBashPowerShellAWSAmazon Web ServicesAzureGCPTerraformECSEKSCloudFormationAWS CDKEC2LambdaS3RDSIAMCloudWatchCodePipelineCodeBuildCodeDeployCI/CDPenetration TestingFirewall
About this role
NTT DATA Services is a recognized leader in IT and business services, including cloud, data and applications. They are seeking a highly skilled Senior AWS Cloud Engineer to design, deploy, operate, and continuously improve Amazon Web Services (AWS) environments for Texas public sector customers under the DIR PCM program.
Responsibilities:
- Architect, provision, and manage production-grade AWS environments using services such as EC2, ECS/EKS, Lambda, S3, RDS/Aurora, VPC, IAM, AWS Organizations, Security Hub, GuardDuty, CloudTrail, CloudWatch, AWS Config, and AWS Backup
- Lead cloud migrations, application modernization, performance tuning, cost optimization (using AWS Cost Explorer, Trusted Advisor, Compute Optimizer), and FinOps governance for state agency workloads
- Implement Infrastructure as Code (IaC) with Terraform (preferred), AWS CloudFormation, or AWS CDK; build automated CI/CD pipelines using AWS CodePipeline, CodeBuild, and CodeDeploy
- Design and enforce security controls: encryption (KMS, SSE), network segmentation (VPC, Transit Gateway, PrivateLink), least-privilege IAM policies, identity federation, multi-account strategies, and centralized logging/monitoring aligned with CJIS Security Policy requirements
- Support compliance for CJI-adjacent or sensitive Texas state data environments, including AWS GovCloud (US) where applicable, isolated VPCs, security groups/NACLs, AWS Organizations SCPs, audit logging, and artifact collection for TxRAMP, CJIS, and NIST-aligned audits
- Provide advanced operational support: incident response, root cause analysis, patching/OS hardening, high-availability/multi-region disaster recovery (Route 53, Global Accelerator, Cross-Region Replication), and automated remediation
- Partner with DIR PCM program team, Texas state agencies, and internal stakeholders to onboard new workloads, deliver managed services, and accelerate cloud adoption
- Create and maintain architecture diagrams, runbooks, security configuration standards, and compliance documentation; participate in security reviews, penetration testing, and regulatory assessments
- Stay current with AWS service roadmap, AWS for Government capabilities, best practices, and evolving federal/state compliance requirements (CJIS Advisory Policy, TxRAMP, FedRAMP equivalency)
Requirements:
- 7+ years of professional cloud engineering experience, with at least 4+ years hands-on with Amazon Web Services (AWS) in enterprise or production environments
- Deep expertise across core AWS services: Compute, Containers (EKS/ECS), Storage, Databases, Networking, Security & Identity, Management & Governance, and Monitoring/Operations
- Proven experience implementing AWS security best practices, zero-trust architecture, encryption, network isolation, and observability/logging solutions
- Prior work in regulated industries or government/public sector environments with strict security and compliance mandates
- Strong proficiency with IaC (Terraform strongly preferred), automation/scripting (Python, PowerShell, Bash), and DevOps practices
- Bachelor's degree in Computer Science, Information Systems, or equivalent practical experience
- Relevant certifications highly preferred: AWS Certified Solutions Architect Professional, AWS Certified Security Specialty, AWS Certified DevOps Engineer Professional, or equivalent
- Must successfully pass and maintain an FBI CJIS-compliant background check (fingerprint-based national criminal history record check processed through Texas DPS and FBI) every 12 months as a condition of employment and continued access to sensitive systems
- Ability to obtain and maintain any additional security clearances, attestations, or role-based access privileges required under the DIR PCM contract and CJIS Security Policy
- Commitment to complete CJIS security awareness training, adhere to personnel screening protocols, and follow strict access controls for systems that may handle or access Criminal Justice Information (CJI)
- No disqualifying criminal history as defined by FBI CJIS standards (final determination by authorized agency)
- Experience in multi-cloud managed services (GCP, Azure, OCI) or hybrid cloud environments
- Familiarity with Texas DIR contracts, TxRAMP authorization framework, or FedRAMP-compliant operations
- Hands-on experience with AWS GovCloud (US), AWS Outposts, or AWS for Government use cases
- Knowledge of advanced AWS networking (Transit Gateway, Direct Connect, VPC Peering), AWS Landing Zone / Control Tower, or security tools (AWS Firewall Manager, Network Firewall, Detective)
- Previous support of Texas state agencies or public sector cloud transformation initiatives