Senior AWS Platform Engineer (Control Tower Org Build-Out) | 15+ Years | Raritan, NJ – Hybrid

Job Title: AWS Platform Engineer (Control Tower / AWS Org Build-Out)

Location: Raritan NJ (Hybrid)
Duration: Long-Term Contract

Overview

We are seeking an experienced AWS Platform Engineer to design and build a greenfield AWS environment using AWS-native governance and provisioning tools. This role focuses on replacing an existing custom provisioning solution (xBot) with AWS Control Tower AWS Organizations CloudFormation and Python-based automation.

The ideal candidate has hands-on experience building multi-account AWS platforms from scratch implementing governance at scale and translating custom automation into AWS-native solutions.

This is a hands-on engineering role requiring deep expertise in AWS governance Control Tower and cloud automation.

Key Responsibilities

• Design and build a new AWS Organization including OU structure account separation and governance strategy

• Implement AWS Control Tower (Landing Zone Account Factory guardrails baselines)

• Replace xBot-based provisioning workflows with AWS-native automation using Control Tower CloudFormation and Python

• Analyze and enhance existing Python automation scripts executed via Jenkins pipelines

• Develop new account provisioning and governance automation

• Configure and manage Service Control Policies (SCPs) IAM identity structures AWS Config rules and organization-wide standards

• Define and enforce VPC networking and security baselines

• Build and maintain Infrastructure as Code (IaC) using CloudFormation and/or Terraform

• Establish best practices for multi-account security compliance tagging and operational visibility

• Collaborate with Cloud Architecture Security and DevOps teams to ensure governance alignment

Required Skills & Experience

AWS Governance & Control Tower (Critical)

• Hands-on experience implementing AWS Control Tower and Landing Zone

• Proven experience designing or restructuring AWS Organizations and multi-account environments

• Strong expertise in SCPs guardrails IAM governance and AWS Config

• Experience with account vending and governance automation

Automation & Infrastructure as Code

• Strong Python skills for cloud automation (boto3 provisioning logic)

• Experience working with Jenkins pipelines executing Python/IaC workflows

• Proficiency in CloudFormation and/or Terraform

AWS Platform Engineering

• Deep understanding of AWS networking (VPCs subnets routing endpoints DNS)

• Experience implementing security compliance and standards at scale

• Ability to replace custom provisioning tools with AWS-native management solutions

Nice-to-Have

• Experience migrating automation from internal/custom tools to AWS-native governance

• Hands-on experience with GuardDuty Security Hub AWS SSO Access Analyzer

• Exposure to enterprise environments with strict compliance requirements

Ideal Candidate Profile

• Has built AWS Organizations from scratch not just maintained them

• Strong in AWS governance Control Tower CloudFormation and Python automation

• Comfortable analyzing existing Jenkins pipelines and Python code

• Understands both technical implementation and cloud governance best practices

Additional Information :

All your information will be kept confidential according to EEO guidelines.

Remote Work :

No

Employment Type :

Contract