Senior AWS Platform Engineer
Persistent Systems · Uttar Pradesh, India
Persistent Systems · Uttar Pradesh, India
**Job Description** **Experience:** 8+ years overall | Strong hands-on AWS focus **Certifications:** AWS Solutions Architect – Associate (minimum) | Professional preferred **Engagement Type:** Cloud Platform Engineering & DevOps **About the Role** We are looking for a **Senior AWS Platform Engineer** with 8+ years of hands-on cloud and platform engineering experience to join a high-impact team delivering and operating enterprise-grade AWS infrastructure. This is a deeply technical individual contributor role — not an architecture advisory or management position. You will design, build, and operate the foundational platform capabilities that engineering teams depend on: infrastructure automation, container platforms, CI/CD pipelines, security controls, and cloud-native APIs. The right candidate writes production Terraform that other engineers build on, operates EKS clusters that run real workloads, and builds Python tooling that solves operational problems at scale. You are equally comfortable in the AWS console diagnosing a networking issue and in a code review ensuring Terraform modules meet reusability standards. You take pride in platforms that are not just functional but operationally excellent — well-observed, cost-governed, and secure by default. This role is based in **New Jersey** with hybrid onsite expectations. **Key Responsibilities** **AWS Platform Architecture & Operations** - Design, deploy, and operate **production AWS environments** at scale — including compute (EC2, ECS, EKS, Lambda), storage (S3, EBS, EFS), networking (VPC, Transit Gateway, Direct Connect, Route53), and identity (IAM, AWS SSO, SCPs). - Architect and maintain **multi-account AWS environments** using AWS Organizations, Control Tower, and account vending pipelines — including OU structure, SCP design, guardrail enforcement, and account baseline automation. - Implement and govern **cloud security controls at scale** — IAM least-privilege design, permission boundaries, VPC security architecture, KMS key management, Secrets Manager, Security Hub, GuardDuty, AWS Config rules, and CloudTrail governance. - Own **cost governance** for the AWS platform — implementing tagging policies, cost allocation structures, budget alerting, rightsizing analysis using Compute Optimizer, and Savings Plans / Reserved Instance strategy. Build FinOps reporting tooling where native tooling falls short. - Maintain deep operational familiarity with **AWS networking** — including VPC design, Transit Gateway routing, NAT Gateway, PrivateLink, DNS architecture, security group management, and network troubleshooting at scale. - Perform **platform reliability engineering** — designing for HA/DR, implementing auto-scaling strategies, performing capacity planning, and ensuring production workloads meet availability and performance SLOs. **Infrastructure as Code — Terraform** - Design, build, and maintain **reusable, modular Terraform codebases** that serve as the foundational IaC layer for the platform — covering networking, compute, security, identity, and data services. - Architect **Terraform module libraries** with clear interface design, versioning strategy, and documentation standards that enable other engineering teams to consume infrastructure safely and consistently. - Manage **remote Terraform state** across multi-account, multi-region environments — including S3/DynamoDB state backend configuration, state isolation strategy, and state migration procedures. - Implement **Terraform drift detection** workflows — identifying configuration drift between IaC-defined state and actual infrastructure, establishing remediation processes, and preventing drift accumulation. - Enforce **policy-as-code** using Terraform Sentinel, OPA/Conftest, or Checkov — implementing guardrails that prevent misconfigured or non-compliant infrastructure from being deployed through automated pipelines. - Integrate Terraform into **automated delivery pipelines** — including plan/apply automation, PR-based infrastructure review workflows, and environment promotion gates with automated compliance validation. **Containers & Kubernetes (EKS)** - Design, deploy, and operate **production EKS clusters** — including cluster version management, node group and Fargate profile configuration, cluster autoscaler and Karpenter implementation, and managed add-on lifecycle management. - Implement **workload security on EKS** — including IRSA (IAM Roles for Service Accounts), OPA/Gatekeeper policy enforcement, Pod Security Standards, network policies, secrets management integration (External Secrets Operator, Secrets Store CSI), and runtime security tooling. - Design and implement **EKS observability** — including Prometheus/Grafana stack deployment, CloudWatch Container Insights, Fluent Bit log routing, distributed tracing integration, and custom dashboards for cluster and workload health. - Manage **autoscaling** at both cluster and workload level — Cluster Autoscaler / Karpenter for node-level scaling, HPA and KEDA for workload-level scaling, and VPA for resource optimisation. - Define and enforce **Kubernetes operational standards** — resource requests/limits, pod disruption budgets, topology spread constraints, liveness/readiness probes, and namespace isolation patterns — ensuring production workloads are deployed safely and reliably. - Own the **EKS upgrade lifecycle** — planning and executing cluster version upgrades with minimal workload disruption, including add-on compatibility validation and node group rotation strategies. **DevOps & CI/CD Pipeline Engineering** - Design, build, and maintain **automated delivery pipelines** for infrastructure and application workloads — using GitHub Actions, GitLab CI/CD, or AWS CodePipeline/CodeBuild — with integrated security scanning, quality gates, and artifact management. - Integrate **security scanning into CI/CD pipelines** — including SAST (static analysis), container image scanning (Trivy, Grype, ECR scanning),