Simple Solutions

Design, build, and deploy a mirrored AWS environment with secure, scalable infrastructure and automated deployment pipelines. | Extensive hands-on experience with AWS enterprise architecture, IaC tools like CloudFormation and Terraform, networking, security policies, and scripting in Python. | Overview - Hybrid/Remote We are seeking an experienced AWS Engineer with strong architectural and hands-on engineering expertise to help design, build, and deploy a mirrored AWS environment based on our current production ecosystem. This role involves standing up a new AWS landing zone, implementing secure and scalable infrastructure, and enabling automated deployments through best-in-class IaC and DevOps practices. This is a highly technical, onsite role requiring close collaboration with internal engineering, security, and operations teams to ensure all cloud services, policies, and configurations align with enterprise standards. High level overview of skills needed: AWS Services Architecture Control Tower AWS Config IAM Policies (SCP, IDC, Identity) CloudFormation AWS networking and VPC configuration Dev/Ops skills to deploy and manage a new AWS network Terraform/IaC skills Python coding skills Prefer NJ based candidates who can go to the office once a week, Raritan NJ Responsibilities Architect and build a new AWS environment that mirrors the existing production deployment. Develop and configure AWS Control Tower landing zones, guardrails, and multi-account governance. Implement AWS Config, resource compliance rules, and continuous monitoring across the new environment. Create, refine, and enforce IAM policies, including SCPs, identity permissions, and role-based access models. Build infrastructure using CloudFormation and Terraform to ensure fully automated, repeatable deployments. Design and configure AWS networking, including VPCs, subnets, routing, security groups, peering, transit gateways, and hybrid connectivity (if needed). Support and enhance DevOps pipelines used to deploy, test, and manage the new AWS environment. Write, maintain, and optimize Python scripts for automation, resource configuration, and operational tooling. Collaborate with security, operations, and application teams to validate environment integrity and readiness. Troubleshoot cloud infrastructure issues and implement cloud engineering best practices. Required Skills & Experience 8-10+ years of hands-on AWS engineering experience in enterprise-scale environments. Expertise in AWS architecture, multi-account environments, and secure cloud design. Strong experience with Control Tower, AWS Config, and centralized governance. Deep understanding of IAM, SCPs, identity federation, and cloud security best practices. Proficiency in CloudFormation and Terraform (IaC). Advanced knowledge of AWS networking (VPC, routing, security groups, NACLs, Direct Connect, VPN). Solid DevOps background, including CI/CD pipelines, automated deployments, and environment management. Strong Python programming for automation and tooling. Ability to work onsite, collaborate cross-functionally, and deliver quality infrastructure quickly. Preferred Qualifications AWS Certifications (Solutions Architect, DevOps Engineer, or Security Specialty) Experience migrating or replicating enterprise cloud environments. Knowledge of monitoring, observability, and logging tools (CloudWatch, OpenSearch, etc.).

Design, document, and lead the implementation of network security solutions, ensuring secure, scalable, and compliant access architectures. | Deep expertise in network security, experience leading security teams in Agile environments, and strong stakeholder management skills. | Zscaler Product Owner & Architect USC/GC Responsibilities Must Have: Expertise in the discovery and documentation of business requirements covering the desired outcome including capability roadmaps and high-level system design required for network security automation development, using Event Storming and User Story Mapping workshops. Deep expertise in network security technologies, particularly around Zero Trust Network Access (ZTNA), secure remote access, and modern secure access architectures like SASE. This includes strong practical knowledge of VPN technologies, network segmentation, and modern network defence paradigms (e.g., NAC, Zero Trust, SASE, Cybersecurity Mesh, advanced threat detection). Should be well versed in Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), cloud network security (AWS, Azure, GCP), and Firewall-as-a-Service (FWaaS), with a solid foundation in networking protocols like TCP/IP, DNS, BGP, and SD-WAN. Additionally, should have a clear understanding of DNS security, TLS, and core routing and switching concepts, all supporting secure and resilient access models. Strong experience in leading network engineering or network security teams operating under Agile ways of working driving continuous improvement, and ensuring efficient, secure delivery of network security services and platforms in a fast-paced environment. Proficiency in Agile Methodologies - Scrum/Kanban, backlog and workflow management and SRE specific reporting (MTTR, deployment frequency, SLO etc.) ‎ Nice to Have: Strong experience integrating secure access with identity and cloud platforms, leveraging tools like Azure AD, Okta, and Ping using SAML, OAuth2, and OpenID Connect. Should be familiar with security logging, telemetry, and SIEM integration, including tools like Splunk. Experience with automation via REST APIs and infrastructure-as-code tools (e.g., Terraform, Ansible). Adds value, particularly in streamlining policy enforcement and compliance. Experience with recognized security frameworks (NIST 800-207, ISO 27001, CIS Controls), demonstrating the ability to support governance, risk management, and audit readiness across heterogeneous environments. Experience in driving complex, transformational network security initiatives from conception through to enterprise-wide adoption, including securing stakeholder buy-in and investment. Outstanding communication, negotiation, and influencing skills to navigate a complex stakeholder landscape (including business leaders, technology peers, risk, compliance, and audit functions) and foster a culture of security-by-design.