Senior DevOps / Cloud Infrastructure Engineer — AWS (HIPAA)
Worldwide
Contract · Remote · NDA + BAA required We're a US-based healthcare technology team looking for a senior DevOps engineer to build a HIPAA-grade AWS foundation from scratch and hand it over to our internal team. This is a focused, time-boxed build-and-handover engagement — not an ongoing managed-services relationship. We're posting this to find the right person, not to describe the project. We'll share full scope and objectives with qualified candidates after initial screening. For now, we want to understand your hands-on depth in a few specific areas. Please respond with real examples from your own work for each of the following. Generic descriptions of AWS services will not advance your candidacy. 1. Amazon Bedrock & Bedrock AgentCore Have you configured Amazon Bedrock in a production or pre-production environment? We need someone who has set up model enablement with in-region and no-training/data controls, private access (not public endpoints), and ideally Bedrock AgentCore (runtime, identity, gateway, observability). → Describe what you built, what controls you applied, and how the application team consumed it. If you've worked with AgentCore specifically, describe your setup. If not, say so — partial experience here is acceptable if the rest of your profile is strong. 2. Multi-Account AWS Landing Zone under HIPAA We need someone who has built — not inherited or maintained — a multi-account AWS environment using AWS Organizations with HIPAA alignment. That means SCP guardrails restricting to HIPAA-eligible services, region pinning, BAA acceptance via AWS Artifact, and a clear understanding of why "HIPAA-eligible ≠ automatically compliant." → Walk us through one environment you built. How did you structure the OU/account topology? What SCPs did you write? How did you handle BAA scope? 3. Microsoft Entra ID → AWS IAM Identity Center Federation We use Microsoft Entra ID for identity. We need federated SSO into AWS via IAM Identity Center with least-privilege permission sets and a documented break-glass procedure. → Have you done this specific integration (Entra → Identity Center, SAML or OIDC)? Describe the permission-set design and how you kept access least-privilege. If you've only done other IdP → AWS federations, note which ones. 4. Infrastructure as Code — Tool Choice and Discipline All infrastructure must be code — modular, versioned, reproducible. We're open on tooling (Terraform, CDK, CloudFormation, or OpenTofu) but opinionated about discipline: policy-as-code enforcement in CI, drift detection, idempotent deployments, and a rollback strategy that actually works. This AWS environment will be handed to an internal team whose primary ecosystem is Azure. Your IaC choice needs to account for that operating reality. → What IaC tool would you use for a standalone AWS foundation that gets handed to a team running primarily on a different cloud, and why? How do you structure it for a multi-account setup? What policy-as-code enforcement do you run in the pipeline? Describe one deployment failure and how your rollback worked. 5. Build-and-Handover Discipline This engagement has a hard exit. The quality of your documentation and knowledge transfer matters as much as the build itself. We need runbooks, docs-as-code, walkthroughs, and a handover that leaves our internal team fully self-sufficient. → Describe an engagement where you built infrastructure and handed it off to a team that had to operate it without you. What did the handover include? What would you do differently next time? In your proposal, include: Responses to all five areas above — with specifics, not generalizations Your availability, timezone, and overlap with US business hours Hourly rate or preferred engagement structure Any relevant AWS certifications (Solutions Architect Pro, Security Specialty — nice-to-have, not required) We expect a senior engineer with a track record of building production AWS environments end-to-end in regulated settings (healthcare, finance, or similar). Proposals that don't address the five areas above with concrete examples will not be reviewed. No Agencies.
- Less than 30 hrs/weekHourly
- 1-3 monthsDuration
- IntermediateExperience Level
- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:15 to 20
- Last viewed by client:last week
- Interviewing:3
- Invites sent:0
- Unanswered invites:0
About the client
- United StatesChicago8:21 AM
- $207K total spent118 hires, 15 active
- 22,673 hours
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by