We are looking for a Senior AWS Infrastructure Engineer to redesign our AWS environment. The successful candidate will lead the design and implementation of a secure, scalable, multi-account AWS architecture, enable cost chargeback, and establish long-term operational best practices.
This role is infrastructure-first, requiring strong operating system, networking, and security fundamentals, in addition to deep AWS experience
Key Responsibilities:
AWS Architecture & Multi-Account Design
Design and implement a best-practice multi-account AWS architecture using AWS Organizations and Control Tower
Define account strategies for customers, environments (Prod / Non-Prod), and shared services
Establish and maintain an AWS Landing Zone aligned with security and compliance requirements
Reduce operational and security risk by eliminating single-account blast radius
Migration & Execution
Plan and execute phased migrations of existing workloads from a monolithic AWS account to multiple accounts
Minimize downtime and risk through careful migration planning, testing, and rollback strategies
Work closely with application and platform teams during migration and cutover
Infrastructure as Code & Automation
Codify account provisioning and baseline infrastructure using Terraform
Automate guardrails, networking, IAM, logging, and security controls
Use CI/CD pipelines to support infrastructure as code, not as an application DevOps role
Security & Governance
Design and enforce security guardrails using SCPs, IAM boundaries, and least-privilege accessImplement and manage centralized security services including CloudTrail, GuardDuty, Security Hub, and AWS Config
Support compliance and audit requirements (e.g. ISO 27001) through strong segregation of duties and logging
Networking
Design and operate AWS networking at scale, including:
VPC design and segmentation
Centralized networking models
Transit Gateway (nice to have)
Hybrid connectivity (VPN / Direct Connect where applicable)
Apply strong TCP/IP, DNS, and routing fundamentals
Cost Management & Chargeback
Implement cost monitoring, budgeting, and reporting using AWS Cost Explorer and Budgets
Enable cost separation and chargeback/showback per customer or account
Support long-term FinOps visibility as the AWS environment scales
Operating Systems & Infrastructure Operations
Apply strong Linux and/or Windows systems engineering knowledge
Support OS-level hardening, patching, access control, and troubleshooting
Understand how cloud infrastructure maps to underlying OS and network behavior
Required Qualifications:
Senior-level experience designing and operating AWS infrastructure at scale
Hands-on experience with AWS Organizations, Control Tower, and multi-account architectures
Proven experience migrating workloads from single-account to multi-account AWS environments
Strong Linux and/or Windows OS fundamentals
Strong networking fundamentals (TCP/IP, DNS, routing)
Infrastructure as Code using Terraform
Experience implementing security guardrails (SCPs, IAM, KMS)
Experience with centralized logging, monitoring, and security tooling
Experience with AWS cost management and chargeback/showback models
Nice to have:
AWS Transit Gateway and advanced networking architectures
Experience in regulated or compliance-driven environments (e.g. ISO 27001)
AWS Professional certifications (Solutions Architect Pro, DevOps Engineer Pro)
Experience designing long-term AWS platform or cloud foundations
We thank all applicants for their interest; however, only those selected for an interview will be contacted. FreeBalance is an inclusive employer dedicated to building a diverse workforce to increase the representation of the designated groups based on each country’s legislation. We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective labour law throughout all stages of the recruitment process.
