Senior Cloud Infrastructure Engineer

  • Buenos Aires, Argentina
  • Full-Time
  • Remote
Apply now Refer
Job Description:

Key Responsibilities

  1. Lead the inventory of AWS resources across us-east-1 and us-west-2, classifying assets by environment and function (Compute, Networking, Databases).
  2. Import manually provisioned resources (CloudFront, ALBs, VPC components, S3, EC2) into Terraform state without re-provisioning to ensure zero downtime.
  3. Identify production workloads currently residing in Development VPCs and implement architectural changes to strictly isolate Dev, Staging, and Production environments.
  4. Configure AWS security services (GuardDuty, AWS Config) to support continuous compliance validation and align with SOC 2 expectations for access control and logging.
  5. Review the existing RDS footprint (approx. 32 instances) and document ETL flows from MongoDB Atlas to Postgres; ensure databases are properly represented in Terraform.
  6. Define and implement standard Terraform structure, modules, and tagging conventions (e.g., ck-terraform, ck-service) for future scalability.

  1. Implement infrastructure changes to support change visibility and traceability as required for SOC 2 audits.

Detailed Scope of Work & Deliverables

1. Infrastructure Discovery & Classification

Inventory all AWS resources and identify which are managed by Terraform vs. manually provisioned.

Apply resource tags to determine provisioning source and ownership.

Classify resources by environment (Dev, Staging, Prod) and function.

2. Environment Separation & Alignment

Document and remediate cross-VPC communication paths.

Move production workloads out of the Development VPC.

Implement Terraform changes to enforce logical and architectural separation of environments.

3. Terraform Coverage Expansion

Migrate selected resources (CloudFront, Load Balancers, S3, EC2) into Terraform.

Import existing resources into the state file to prevent destructive changes.

Standardize module usage across the organization.

4. Security & Compliance Controls

Review and enhance existing GuardDuty and AWS Config setups.

Assist in defining workflows for security findings and configuration drift.

Ensure all infrastructure changes prioritize non-disruptive remediation and data integrity.

Required Qualifications & Experience

Minimum Qualifications (Pass/Fail):

  1. At least 5 years of hands-on experience with Terraform in a production AWS environment.
  2. Demonstrated experience importing existing, manually created AWS resources into Terraform state (terraform import) without service interruption.

Required Experience:

  1. Experience bringing wild or unmanaged infrastructure under Infrastructure-as-Code (IaC) management.
  2. Experience implementing infrastructure controls specifically to meet SOC 2 or similar compliance frameworks (ISO 27001, HIPAA).
  3. Deep expertise in AWS Networking, including VPC Peering, Transit Gateways, Security Groups, and NACLs.
  4. Experience managing RDS instances and understanding database connectivity/security (Postgres, MongoDB Atlas).

Skills & Competencies:

  1. Terraform (module development, state management, refactoring).
  2. AWS services (EC2, RDS, S3, CloudFront, VPC, IAM).
  3. Python or Bash for automation tasks.

Technical Skill Set

  1. Terraform (Expert level), Terragrunt (Preferred).
  2. AWS (Expert level).
  3. Python, Bash.
  4. RDS (Postgres), MongoDB Atlas.
  5. AWS Config, GuardDuty, IAM, Security Hub.
  6. Git, GitHub/GitLab.