TekWissen ®Remote
Cloud Support Engineer III
United States of America
Contract
4 hours ago
$70 USD
H1B Sponsor Likely
Key skills
PythonAIGenAIAWSGCPTerraformJenkinsGitHub ActionsGitLab CIVaultLambdaS3IAMCloudWatchSQSBedrockKinesisOracleGitHubGitLabCI/CDLeadershipCloud Security
About this role
TekWissen is a global workforce management provider headquartered in Ann Arbor, Michigan, and they are seeking a Cloud Support Engineer III to support the Client Cloud Security organization. The role involves hands-on delivery of cloud engineering tasks, including AWS security automation and log pipeline buildout, while working alongside existing senior personnel.
Responsibilities:
- Cloud engineering contractor supporting the Client Cloud Security organization through ongoing merger integration
- The role supplements existing senior personnel by executing against defined backlogs across AWS security automation, log pipeline buildout, and platform operations
- Expectation is hands-on delivery — Terraform, IAM, logging infrastructure, and runbook development — not strategic architecture leadership
- Terraform Module Development — Build and maintain reusable modules for IAM roles, permission boundaries, cross-account trust, S3 baselines with Access Points, VPC endpoints, and KMS. Work within existing module repo and review workflows
- SCP & IAM Guardrail Implementation — Execute against the SCP roadmap defined by Cloud Security: author, test in sandbox OUs, roll out, and document policies supporting merger-driven account expansion
- Log Pipeline & AI Analysis Agent Support — Provision CloudTrail org trails, Config aggregators, and cross-account log replication via Terraform; build CloudWatch-to-Kinesis and EventBridge-to-SQS ingestion paths feeding the multi-agent Bedrock analysis pipeline; support Lambda-based categorization, batching, and enrichment; assist with Bedrock IAM, knowledge base S3/SSM wiring, and guardrail configuration
- OCI Integration & Hybrid Connectivity — Support hybrid AWS-to-OCI work tied to Oracle EBS/ODS integration: IAM compartments, FastConnect/VCN validation, and identity federation with AWS IAM Identity Center
- Platform Operations & Runbooks — Triage IAM, S3, networking, and cross-account access issues; build a library of operational runbooks aligned to internal documentation standards
Requirements:
- Multi-cloud engineering — production AWS experience across IAM, S3, VPC, CloudTrail, Config, and Organizations/SCPs; familiarity with at least one additional provider (GCP preferred, OCI a plus)
- Infrastructure automation — Terraform module authoring and maintenance, working within established module standards and CI-validated workflows
- Scripting — Python for automation, Lambda functions, and event-driven processing; comfortable with AWS SDK (boto3)
- CI/CD — pipeline experience with GitHub Actions, GitLab CI, Jenkins, or equivalent
- Security fundamentals — least-privilege IAM design, SCP authoring, cross-account trust patterns, and KMS key management
- HashiCorp Vault — operational experience or pipeline integration (audit logs, AppRole, dynamic secrets)
- CyberArk — PAM/PSM administration or integration work
- AWS Bedrock or other GenAI service integration (IAM, knowledge bases, guardrails, invocation logging)
- Oracle Cloud Infrastructure (OCI) — IAM, networking, hybrid connectivity to AWS
- Detection-as-code, EventBridge rule authoring, or SIEM/SOAR integration