Cloud Engineer - Platform & DevOps Save

About Stratiform

Stratiform Digital is a digital services firm that builds modern, cloud-native software for government and enterprise clients. We take on complex modernization work, moving legacy systems onto maintainable, well-architected AWS foundations, and we hold a high bar for engineering quality, testing, and clear communication.

About the Role

We are seeking a Cloud Engineer to own the infrastructure, CI/CD platform, and cloud architecture for a large-scale legacy modernization effort, migrating a Java Spring Boot / Angular monolith to Node.js microservices on AWS. This is not a support role: you will be the team's subject matter expert for AWS CDK, architecting reusable infrastructure constructs, defining deployment pipelines, and establishing the standards all engineers follow. You will partner closely with the Technical Lead and application engineers to ensure the cloud-native architecture is built for security, scalability, observability, and long-term maintainability.

What You'll Do

• Own the AWS CDK codebase: design, build, and maintain reusable constructs, multi-environment stacks, and deployment patterns engineers can adopt consistently.
• Design and implement the full CI/CD strategy using GitHub Actions: reusable workflows, composite actions, environment promotion gates, OIDC-based AWS authentication, and security scanning.
• Architect cloud infrastructure for the microservices platform: Lambda, API Gateway, RDS/Aurora (PostgreSQL), S3, Step Functions, SQS, SNS, EventBridge, and CloudFront.
• Establish and enforce AWS IAM policies and permission models: least-privilege roles across services, environments, and cross-account access.
• Collaborate with application engineers to solution and validate service-level infrastructure requirements; translate architectural decisions into CDK constructs.
• Implement observability standards: logging, distributed tracing, metrics, and alerting using CloudWatch, X-Ray, and related tooling.
• Define and document infrastructure standards, architectural decision records (ADRs), and operational runbooks.
• Evaluate and recommend AWS managed services to reduce operational overhead, steering the team away from undifferentiated heavy lifting.
• Participate in security reviews; implement encryption at rest and in transit, secret management, and VPC network controls.
• Stay current on AWS service releases and proactively identify improvements to architecture and tooling.

What We're Looking For

AWS CDK & Infrastructure as Code

• Deep, hands-on AWS CDK expertise: L1/L2/L3 constructs, construct libraries, cross-stack references, multi-account/multi-environment patterns, and CDK pipelines.
• Strong understanding of CloudFormation mechanics underlying CDK deployments.
• Experience building internal CDK construct libraries or platform-level tooling shared across teams.
• Ability to balance standardization with flexibility: shared constructs that accommodate diverse needs without becoming overly prescriptive.

CI/CD & GitHub Actions

• Production-grade GitHub Actions experience: reusable workflows, composite actions, workflow templates, matrix builds, and secrets management.
• OIDC-based authentication between GitHub Actions and AWS, eliminating long-lived credentials.
• Designing automated pipelines covering build, test, security scanning, deployment, and environment promotion.
• Familiarity with blue/green, canary, and feature-flag-gated deployment strategies in serverless or containerized contexts.

AWS Managed Services

• Deep familiarity with compute and integration services: Lambda, API Gateway, Step Functions, SQS, SNS, EventBridge, and ECS/Fargate.
• Hands-on with data services: RDS/Aurora (PostgreSQL), S3, DynamoDB, Glue, Kinesis/MSK, Redshift, and Athena.
• Strong networking knowledge: VPCs, subnets, security groups, NACLs, VPC endpoints, PrivateLink, and Transit Gateway concepts.
• Experience with CloudFront and edge configuration for front-end delivery.

AWS IAM & Security

• Expert-level IAM: permission boundaries, resource- and identity-based policies, SCPs, and cross-account role assumptions.
• Secrets management with AWS Secrets Manager or Parameter Store.
• Encryption patterns: KMS key management, S3 server-side encryption, RDS encryption, and TLS configuration.
• Familiarity with GuardDuty, Security Hub, Config, and CloudTrail.

Observability & Operations

• Experience designing observability stacks: structured logging, distributed tracing (X-Ray or OpenTelemetry), CloudWatch metrics/dashboards, and alerting.
• Operational mindset: builds infrastructure that is easy to troubleshoot, monitor, and evolve.
• Familiarity with containerization (Docker) as it applies to pipeline reproducibility and ECS/Fargate.

Experience & Qualifications

• 5+ years of cloud infrastructure or DevOps engineering experience, with at least 3 years focused on AWS.
• 3+ years of hands-on AWS CDK experience with a track record of reusable construct design and multi-environment deployments.
• 3+ years building and maintaining GitHub Actions pipelines in a team or enterprise context.
• Bachelor's degree in Computer Science, Engineering, or a related field (equivalent experience accepted).
• AWS certifications strongly preferred: Solutions Architect (Associate or Professional), DevOps Engineer, or Security Specialty.
• Prior experience supporting federal or government contracts is a plus.

Ideal Technology Experience

AWS CDK · CloudFormation · GitHub Actions · Lambda · API Gateway · RDS/Aurora (PostgreSQL) · S3 · Step Functions · SQS · SNS · EventBridge · CloudFront · ECS/Fargate · AWS IAM · CloudWatch · X-Ray · Docker