Company Summary

First American (India) is a GCC (Global Capability Center) of the First American Financial Corporation (NYSE: FAF) family of companies. FAI is a proud member of the FORTUNE 500 companies and has been amongst the Fortune 100 Best Companies to Work For® list for eight consecutive years. First American Financial Corporation provides comprehensive title insurance, closing/settlement, property data and technology solutions. First American (India) creates quality solutions for its customers by combining software, back office, and knowledge processing operations to fulfill First American's business requirements. Our priorities are our employees, customers, and shareholders - in that order. First American (India) has been ranked amongst India's Best Companies To Work For™ 2023: Listed amongst the Top 100 by Great Place To Work® India, FAI is also certified Best Workplaces for Women and Workplace with Inclusive Practices. Software Services helps build First American's product suite that encompasses the best in class Title Insurance, Settlement and Mortgage solutions platforms. Leverages technology product stack across Microsoft platform predominantly to develop, enhance and maintain the best in class applications. The R & D division delivers solutions for the title insurance industry leveraging the best of NLP, AI and ML.

Job Summary

ABOUT FIRST AMERICAN INDIA First American (India) Private Limited (“FAI”) is a Global
Capability Centre (GCC) of the First American Financial Corporation (FAF: NYSE) a leading provider
of title insurance, settlement services and risk solutions for real estate transactions since 1889.
FAI delivers Software Development, IT Infrastructure, Data & Analytics, back-office, and
knowledge-processing operations to support First American's global operations across the US, UK,
Australia & Canada. We build technology that powers millions of real-estate transactions, with a
people-first culture that encourages innovation, collaboration, and solving real-world problems at
scale. Job Title: Senior Platform Engineer II, AWS
About the Role (Remote India)
Design and deliver core building blocks of the AWS platform—secure account vending via AWS
Control Tower and AVM, hub-and-spoke networking with centralized VPC endpoints, IAM Identity
Center federation, Service Control Policies (SCPs), centralized root account management, org-wide
AWS Config and GuardDuty, and org-level logging—enabling application teams to move fast on a
standardized, Well-Architected foundation. You will bring a strong product mindset, take end-toend
ownership of your work, communicate clearly, and collaborate effectively within the AWS team
and across Platform Engineering.
Key Responsibilities
• Implement and enhance Terraform (and CloudFormation where required) pipelines in
GitHub for AWS Organizations, SCPs, OU structure, resource tagging, and automated
account vending (ServiceNow intake → plan/apply workflows).
• Design and roll out hub-and-spoke networking: per-account VPCs connected via Transit
Gateway, policy-based routes to Palo Alto inspection, centralized VPC interface endpoints,
and DNS resolution hierarchy.
• Build and maintain organization-level guardrails: SCPs, IAM permission boundaries, and
least-privilege roles; integrate policy-as-code tests and guardrails.
• Implement centralized root account management: eliminate day-to-day root usage, enforce
MFA and credential vaulting, monitor root activity, and govern break-glass access through
approved processes.
• Deploy and operate org-wide AWS Config (aggregators, conformance packs, and
remediation) and Amazon GuardDuty (delegated admin, threat detection, and Security Hub
integration) across all accounts.
• Configure IAM Identity Center with Entra ID federation; enable keyless CI/CD (GitHub
Actions OIDC) and workload roles for EKS/ECS and platform automation.
• Stand up and tune org-level logging and metrics: CloudTrail, VPC Flow Logs, DNS query logs,
Config and GuardDuty findings → aggregation → Splunk/Elastic; ensure audit and detective
control coverage.
• Drive Terraform IaC migration and platform standards aligned to the AWS Well-Architected
Framework (security, reliability, operational excellence).
• Leverage AI tooling (Claude, Cursor) and agentic automations to accelerate IaC
development, reviews, and operational runbooks—within approved security guardrails.
• Enforce infrastructure-as-code-only operations; contribute policy-as-code tests and
eliminate console-only changes.
• Partner with InfoSec to triage Security Hub, Prisma, and Qualys findings and drive
remediation through IaC updates.
• Support change management and CAB submissions for production platform changes.
• Apply a strong product mindset: understand application-team needs, deliver platform
capabilities with clear value, and measure adoption and outcomes.
• Take end-to-end accountability and ownership for assigned platform components—from
design and IaC through rollout, operations, and continuous improvement.
• Collaborate well within the AWS Product Team and with other Platform Engineering teams
(Azure, GCP, Blueprint and Modules, DNA Enablement) to align patterns, standards, and
shared deliverables.
• Communicate clearly in design reviews, documentation, incident response, and stakeholder
updates; escalate risks and dependencies proactively.
Key Requirements
• 8–10 years in cloud/platform engineering (3–5+ on AWS) delivering enterprise platform
components with Terraform and CI/CD (GitHub; Spacelift experience a plus).
• Solid AWS networking (VPC, Transit Gateway, routing, load balancers), DNS, and centralized
VPC endpoints; familiarity with centralized security inspection.
• Hands-on with AWS Organizations, Control Tower, AVM, SCPs, and IAM least-privilege
design; practical experience with permission boundaries and IAM policies.
• Experience with centralized root account management, AWS Config (rules, aggregators,
remediation), and GuardDuty at organization scale.
• Experience with IAM Identity Center, federation, and keyless CI/CD patterns (OIDC).
• Logging and monitoring pipeline engineering (CloudTrail, CloudWatch, flow logs,
Splunk/Elastic integrations).
• Proficient with AWS KMS, Secrets Manager, and secrets automation; strong scripting
(Python, PowerShell, Bash) and Linux fundamentals.
• Strong Git workflows, IaC governance, and clear technical documentation.
• Strong product mindset with experience translating platform requirements into pragmatic,
adoptable solutions.
• Good communication skills; demonstrated end-to-end accountability and ownership of
platform deliverables.
Nice to Have
• Spacelift knowledge or hands-on experience.
• Azure and GCP cloud knowledge as an added advantage for multi-cloud alignment.
• Cloudflare (Tunnel/WAF/Bot) or Palo Alto VM-Series experience.
• EKS (IRSA), GitHub Actions OIDC, and container platform patterns.

FAI is committed to create an environment that respects, supports and inspires all individuals. We do not discriminate on the basis of color, religion, sex, gender identity, sexual orientation and age. At FAI, we celebrate diversity and believe that an inclusive workforce benefits employees, the organization and our community. We are an Equal Opportunity Employer. For more information about our company and dedication to putting People First, check out https://firstam.wd1.myworkdayjobs.com/faicareers.