Senior Platform Engineer

About the platform

1. AWS Cloud Infrastructure & Environment Management

• Shadow and learn the current multi-tier AWS VPC infrastructure layout, spanning three Availability Zones with segregated public, application, and data subnets.
• Support the operational maintenance of the Kubernetes orchestration layer utilizing Amazon EKS on Fargate within private subnets.
• Manage and audit secure egress-only NAT gateways and private VPC endpoints to ensure the EKS cluster API server remains completely isolated from the public internet.
• Oversee edge routing configuration and traffic termination patterns running through Amazon CloudFront, AWS WAF, and internal Application Load Balancers (ALBs).

1. Infrastructure as Code (IaC) & CI/CD Pipelines

• Shadow, master, and maintain the platform's active Infrastructure-as-Code delivery footprint across environments using Terraform, AWS CDK, or CloudFormation templates.
• Build, maintain, and optimize deployment automation pipelines and delivery workflows hosted within GitHub or comparable source control systems.
• Diagnose pipeline inefficiencies and automate manual intervention steps to foster repeatable, rapid infrastructure changes.

1. Multi-Tenant Application Onboarding & Core Services Integration

• Partner with the LATAM Operating Lead to interpret platform-applied tenant feature configuration overrides and coordinate scoping adjustments.
• Configure and provision tenant-specific identity boundaries by orchestrating dedicated Amazon Cognito user pools and client IDs for onboarding applications.
• Support developer teams integrating with the centralized NexusNow Registry API to fetch tenant configurations, token claims, and catalog metadata.

1. Data Protection, Secrets, & Security Operations

• Enforce rigorous data-at-rest policies (AES-256) utilizing native AWS mechanisms across Amazon Aurora PostgreSQL volumes, S3 buckets, and ElastiCache for Redis clusters.
• Maintain and monitor automated, 30-day credential rotation policies for platform databases using AWS Secrets Manager.

1. Observability, Configuration Overrides, & Technical Support

• Monitor and audit threat logs, web exploit triggers, and anomalous authentication signatures emitted from AWS WAF and Cognito Advanced Security into Amazon CloudWatch.

1. Technical Asset Documentation & Knowledge Capture

• Actively parse through the platform architecture to identify undocumented infrastructure patterns, set up dependencies, and migration blockers.
• Convert ongoing shadowing sessions with the original engineering team into reusable technical runbooks, step-by-step onboarding patterns, and access blueprints.

• 5+ proven years of experience and hands-on enterprise platform engineering and administration experience within AWS environments.
• Strong infrastructure-as-code (IaC) engineering experience, with deep practical knowledge of Terraform, AWS CDK, CloudFormation, or directly comparable automation patterns.
• Extensive experience building, maintaining, and optimizing CI/CD pipelines and deployment automation workflows.
• Advanced proficiency utilizing GitHub or comparable source-control platforms, including mastering delivery workflows and branching strategies.

• Manage the application of multi-scoped feature flags (platform-wide, per-org, per-tenant) to safely gate capabilities in the portal.
• Deliver fast-paced cross-functional support covering system failures, deployment rollbacks, performance tuning, and cross-tier troubleshooting.
• Troubleshoot federated Single Sign-On (SSO) setups, validating SAML 2.0 or OIDC integrations between corporate IdPs (e.g., Entra ID, Okta) and tenant Cognito pools.
• Coordinate secure, remote administrative access to private cluster resources using key-based SSH configurations via dedicated VPC VPN instances.
• Manage CloudFront Origin Access Control (OAC) with SigV4 request signing to completely block public bucket access and safeguard static assets.

• A distinct developer-centric mindset with the unique ability to collaborate closely and communicate effectively with application engineering teams, rather than focusing exclusively on infrastructure silos.
• Strong collaborative pairing skills to learn complex cloud topologies directly from existing knowledge holders without introducing friction or slowing down engineering progress.
• Strong technical writing and analytical documentation abilities to extract tribal knowledge and turn it into practical runbooks for the broader team.

• Complete early, demonstrable hands-on progress on the VELMA / Legal platform onboarding pipeline.
• Execute comprehensive initial shadowing of the OE team's active AWS accounts, IaC architectures, CI/CD automation, environment variables, and release workflows.
• Map out a highly practical knowledge-transfer framework and technical pairing schedule alongside the OE engineering staff.
• Collaborate with the Operating Lead to construct a defined VELMA / Legal onboarding work package complete with technical dependencies, owners, and explicit success criteria.
• Ensure all technical knowledge gaps across AWS, IaC, and CI/CD parameters are made fully visible and comprehensively documented.
• Clarify, document, and standardize platform access requirements, runbooks, monitoring dashboards, support tickets, and operational flows before any broader shifts in platform ownership occur.