Sr. AWS Platform Engineer (Control Tower Specialist) (C2C)

About the Role:

Lead the AWS Control Tower implementation and multi-account governance modernization initiative. This role requires deep expertise in AWS Organizations, Control Tower, and enterprise-scale account management.

Key Responsibilities:

AWS Control Tower Implementation

• Design and implement AWS Control Tower Landing Zone architecture for 40+ accounts
• Evaluate retrofit vs. new organization strategies with comprehensive risk/cost analysis
• Configure Account Factory for Terraform (AFT) pipeline for automated account provisioning
• Deploy and customize Customizations for Control Tower (CfCT) pipelines
• Establish shared accounts (Audit, Security, Log Archive, Networking) with proper baseline configurations

Infrastructure as Code & Automation

• Develop and maintain modules for reusable infrastructure components
• Implement automated tagging, budget alerts, and security baseline enforcement
• Create version-controlled IaC repositories with proper CI/CD integration

Governance & Compliance

• Design and implement Service Control Policies (SCPs) and guardrails strategy
• Configure AWS Config, CloudTrail, and centralized logging across all accounts
• Establish drift detection and remediation processes
• Create guardrail exception registry and management workflows

Account Management

• Lead 40+ account enrollment/migration into Control Tower governance
• Reconcile existing IAM roles, policies, and automation with new baseline standards
• Implement organizational unit (OU) structure optimization
• Develop account onboarding automation and documentation

• 5+ years of AWS cloud architecture and enterprise-scale implementations
• Expert-level experience with AWS Control Tower, Organizations, and Landing Zones
• Strong proficiency in Infrastructure as Code (Terraform preferred)
• Experience with Account Factory for Terraform (AFT) and Customizations for Control Tower (CfCT)
• Deep understanding of AWS security services (IAM, Config, CloudTrail, SCPs)
• Experience with multi-account governance patterns and best practices
• Strong scripting skills (Python, Bash, PowerShell)
• Experience with CI/CD pipelines and GitOps workflows

• AWS Solutions Architect Professional or Security Specialty certifications
• Experience with enterprise compliance frameworks (SOC2, PCI-DSS, HIPAA)
• Knowledge of OpenTofu and migration from Terraform
• Experience with AWS StackSets and cross-account resource management
• Background in enterprise identity federation and SSO implementations

Salary Range:

• $115-125/hour

Location:

• Westlake Village, Ca
• On-site, 3-4 days per week

*Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time