[Remote] Principal Cloud Infrastructure Engineer (AWS)

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. CVS Health is building a world of health around every individual, and they are seeking a Principal Cloud Infrastructure Engineer to lead their AWS Cloud Engineering team. This role involves owning the AWS platform, setting architectural direction, and ensuring solutions are secure and scalable while mentoring engineers and driving cloud transformation initiatives.ResponsibilitiesOwn the enterprise AWS platform end-to-end: AWS Organizations structure, account hierarchy, while collaborating with several teams to ensure the platform is stable and compliantDefine and maintain the AWS Landing Zone — AWS Control Tower, Service Control Policies (SCPs), billing controls, and account vending patterns — as the foundation all product teams build onServe as the final technical authority on AWS architecture decisions, reviewing designs for scalability, security, and operational excellence before they reach productionBuild self-service platform capabilities that enable product engineering teams to move fast without compromising standardsLead the AWS cloud engineering team as the technical anchor — set direction, conduct design reviews, unblock engineers, and drive delivery on platform initiativesEstablish and enforce engineering standards: IaC patterns, naming conventions, tagging strategy, branching models, and deployment practicesMentor engineers at all levels, building depth on the team and raising the bar on what 'excellence' looks like in cloud engineeringPartner with architecture, security, operations, and business stakeholders to translate enterprise requirements into platform capabilitiesDesign and own the Terraform framework for all AWS resource provisioning — reusable modules, remote state management via S3/DynamoDB, pipeline integration, and policy guardrailsBuild and maintain CI/CD pipelines using AWS CodePipeline, CodeBuild, GitHub Actions, and Amazon ECR for both platform infrastructure and application teamsWrite production-quality automation to extend platform functionality, integrate AWS APIs, and eliminate operational toilImplement policy-as-code using OPA, AWS Config Rules, and Service Control Policies to enforce governance at scale without manual gatekeepingArchitect and operate AWS networking: VPC design, VPC Lattice, AWS PrivateLink, Transit Gateway, AWS WAF, Shield Advanced, NAT Gateway, and hybrid connectivity via AWS Direct Connect and Site-to-Site VPNOwn the enterprise security posture on AWS — IAM Roles for Service Accounts (IRSA), ECR Image Signing, AWS Secrets Manager, least-privilege IAM design, and SIEM/CSPM integration (AWS Security Hub, Prisma Cloud, or Wiz)Drive continuous automated compliance across applicable regulatory frameworks (HIPAA, PCI, SOC 2) so controls are enforced in real time, not discovered at auditIntegrate observability — Amazon CloudWatch, AWS X-Ray, Datadog, and SLO/SLI frameworks — as a first-class platform capability across all workloadsOwn the AWS platform roadmap, evaluating new AWS services and capabilities and making deliberate decisions about what the enterprise adopts and whenIncorporate FinOps practices across the platform: Reserved Instances, Savings Plans, rightsizing, AWS Budgets alerting, and cost allocation as engineering disciplines, not afterthoughtsResearch and pilot emerging AWS capabilities — Amazon Bedrock, EKS Auto Mode, Amazon Q for Developer — evaluating their fit for enterprise adoptionFoster a culture of operational excellence: blameless postmortems, runbook-driven operations, and continuous improvement cycles that make the platform more reliable over timeSkills10+ years in cloud and infrastructure engineering with 5+ years of deep, hands-on AWS experience at enterprise scaleProven ownership of an AWS Organization — account hierarchy, Billing, Service Control Policies, IAM, and multi-account governance in productionDemonstrated technical leadership: you have led a platform team or major enterprise cloud initiative, set technical direction, and grown engineers around youDeep AWS expertise required across: Compute & Containers: EKS (Managed + Auto Mode), ECS/Fargate, EC2, Auto Scaling GroupsNetworking: VPC, VPC Lattice, AWS PrivateLink, Transit Gateway, AWS WAF, Shield Advanced, Direct ConnectData & Messaging: Amazon Redshift, SNS/SQS, S3, AWS Glue, Kinesis, Amazon MWAASecurity: IAM, IRSA, AWS Security Hub, ECR Image Signing, Secrets Manager, VPC EndpointsIaC & Automation: Terraform (modules, remote state, OPA), AWS CodePipeline, AWS Config, CloudFormationObservability: Amazon CloudWatch, AWS X-Ray, Datadog, SLO/SLI design, PagerDuty integrationLanguages: Python, Go, and TerraformAWS Certified Solutions Architect – Professional (strongly preferred)AWS Certified DevOps Engineer – ProfessionalHashiCorp Terraform Associate or Professional certificationExperience in regulated industries applying HIPAA, PCI-DSS, or FedRAMP controls on AWSFamiliarity with AWS Outposts, EKS Anywhere, and multi-cloud connectivity patternsExperience with Amazon Bedrock, SageMaker, and MLOps patterns on AWSBenefitsThis position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.This position also includes an award target in the company’s equity award program.Medical, dental, and vision coveragePaid time offRetirement savings optionsWellness programsA comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their familiesCompany OverviewCVS Health is a health solutions company that provides an integrated healthcare services to its members. It was founded in 1963, and is headquartered in Woonsocket, Rhode Island, USA, with a workforce of 10001+ employees. Its website is https://www.cvshealth.com/.Company H1B SponsorshipCVS Health has a track record of offering H1B sponsorships, with 1 in 2022. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →
← Back