Senior DevOps / Cloud Infrastructure Engineer — AWS (HIPAA)

Posted 2 weeks ago

Worldwide

Summary

Contract · Remote · NDA + BAA required We're a US-based healthcare technology team looking for a senior DevOps engineer to build a HIPAA-grade AWS foundation from scratch and hand it over to our internal team. This is a focused, time-boxed build-and-handover engagement — not an ongoing managed-services relationship. We're posting this to find the right person, not to describe the project. We'll share full scope and objectives with qualified candidates after initial screening. For now, we want to understand your hands-on depth in a few specific areas. Please respond with real examples from your own work for each of the following. Generic descriptions of AWS services will not advance your candidacy. 1. Amazon Bedrock & Bedrock AgentCore Have you configured Amazon Bedrock in a production or pre-production environment? We need someone who has set up model enablement with in-region and no-training/data controls, private access (not public endpoints), and ideally Bedrock AgentCore (runtime, identity, gateway, observability). → Describe what you built, what controls you applied, and how the application team consumed it. If you've worked with AgentCore specifically, describe your setup. If not, say so — partial experience here is acceptable if the rest of your profile is strong. 2. Multi-Account AWS Landing Zone under HIPAA We need someone who has built — not inherited or maintained — a multi-account AWS environment using AWS Organizations with HIPAA alignment. That means SCP guardrails restricting to HIPAA-eligible services, region pinning, BAA acceptance via AWS Artifact, and a clear understanding of why "HIPAA-eligible ≠ automatically compliant." → Walk us through one environment you built. How did you structure the OU/account topology? What SCPs did you write? How did you handle BAA scope? 3. Microsoft Entra ID → AWS IAM Identity Center Federation We use Microsoft Entra ID for identity. We need federated SSO into AWS via IAM Identity Center with least-privilege permission sets and a documented break-glass procedure. → Have you done this specific integration (Entra → Identity Center, SAML or OIDC)? Describe the permission-set design and how you kept access least-privilege. If you've only done other IdP → AWS federations, note which ones. 4. Infrastructure as Code — Tool Choice and Discipline All infrastructure must be code — modular, versioned, reproducible. We're open on tooling (Terraform, CDK, CloudFormation, or OpenTofu) but opinionated about discipline: policy-as-code enforcement in CI, drift detection, idempotent deployments, and a rollback strategy that actually works. This AWS environment will be handed to an internal team whose primary ecosystem is Azure. Your IaC choice needs to account for that operating reality. → What IaC tool would you use for a standalone AWS foundation that gets handed to a team running primarily on a different cloud, and why? How do you structure it for a multi-account setup? What policy-as-code enforcement do you run in the pipeline? Describe one deployment failure and how your rollback worked. 5. Build-and-Handover Discipline This engagement has a hard exit. The quality of your documentation and knowledge transfer matters as much as the build itself. We need runbooks, docs-as-code, walkthroughs, and a handover that leaves our internal team fully self-sufficient. → Describe an engagement where you built infrastructure and handed it off to a team that had to operate it without you. What did the handover include? What would you do differently next time? In your proposal, include: Responses to all five areas above — with specifics, not generalizations Your availability, timezone, and overlap with US business hours Hourly rate or preferred engagement structure Any relevant AWS certifications (Solutions Architect Pro, Security Specialty — nice-to-have, not required) We expect a senior engineer with a track record of building production AWS environments end-to-end in regulated settings (healthcare, finance, or similar). Proposals that don't address the five areas above with concrete examples will not be reviewed. No Agencies.

  • Less than 30 hrs/week
    Hourly
  • 1-3 months
    Duration
  • Intermediate
    Experience Level
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
Terraform
Amazon Web Services
Activity on this job
  • Proposals:15 to 20
  • Last viewed by client:last week
  • Interviewing:
    3
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Jan 11, 2013
  • United States
    Chicago8:21 AM
  • $207K total spent
    118 hires, 15 active
  • 22,673 hours

Explore similar jobs on Upwork

Chef and Helpers for Biryani and GraviesFixed-price‐ Posted 3 weeks ago
Cooking
Docker
DevOps
Linux System Administration

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo