Cookie Usage and Privacy Information
Our website uses cookies to personalize content and analyze our traffic, which may result in profiling. For more details on how we process your personal data, please review our Privacy Policy.
Accept All
Main website
Aleksandra Belnik
Aleksandra Belnik
Recruiter
linkedin icon email icon
Apply for this position

Platform Engineer

site Remote
Remote
AWS
CSPM
LinkedIn Facebook
Copy Link

About the Client

Our client provides a comprehensive research data solution with all the tools needed for curation, imaging processing, machine learning workflows, and secure collaboration. By leveraging cloud scalability and automating research workflows, they help organizations scale research data and analysis, improve scientific collaboration, and accelerate discoveries. Their customers include leading academic medical centers, pharma companies, and government research institutions worldwide.

About the Opportunity

Our client is the leading research data platform transforming the way biomedical and imaging data are managed at life sciences, clinical, and academic institutions globally. As they expand into regulated enterprise customers – including NIH and CHOP – they require NIST 800-53 compliance across their AWS cloud infrastructure.

We are seeking an experienced nearshore Platform Engineers to join the client`s Platform team. You will work directly with our client`s internal platform team to drive down open security findings across three strategic work streams: CSPM vulnerability remediation, AWS WAF deployment, and egress traffic filtering and report directly to the Director of Platform Engineering. This is hands-on infrastructure work with real security impact – clear outcomes and well-defined Jira epics to burn down.

Your First Projects

Resolve v3 NIST 800-53 AWS IaC Findings (CSPM / Wiz)

  • Remediate all Critical, High, and Medium findings surfaced by Wiz CSPM for the client’s v3 Terraform-managed AWS infrastructure
  • Address findings in us-west-2 and across all global resources (IAM, etc.)
  • Fix security gaps in default AWS account regions where no client`s infrastructure is deployed
  • Goal: Wiz reports zero C/H/M NIST 800-53 findings for the client`s v3 IaC
  • Implement a WAF on AWS

Deploy AWS WAF in front of the client’s application to provide OWASP Top 10 and DDoS protection

  • Implement WAF configuration as repeatable Terraform code for rollout across all customer environments
  • Coordinate with application engineering on required ingress path changes
  • Goal: WAF deployed and managed via Terraform; auditable and consistent across sites

Lock Down GitLab Runner Egress

  • Deploy domain-based egress filtering (AWS Route 53 DNS Firewall or AWS Network Firewall) for GitLab runner VMs via Terraform
  • Modify VPC route tables to force all outbound traffic through the filter
  • Populate and maintain the approved egress domain allowlist
  • Verify filtering works and that the allowlist is visible in the AWS console
  • Goal: Enterprise customers can see a finite, auditable list of domains that the client`s services reach out to

Responsibilities:

  • Write production-quality Terraform to provision and configure AWS security controls (WAF, DNS Firewall, Security Groups, IAM)
  • Remediate CSPM findings surfaced by Wiz against NIST 800-53 controls
  • Submit GitLab merge requests with clear descriptions; respond to code review feedback promptly
  • Participate in sprint ceremonies: daily slack standups, retrospectives
  • Write concise documentation and runbooks for implemented controls
  • Collaborate asynchronously with a geographically distributed team
  • Proactively surface blockers and coordinate with the client’s internal platform engineers

Required Skills & Experience

  • 2+ years of hands-on AWS infrastructure experience in production environments
  • Strong Terraform proficiency – modules, state management, remote backends, workspaces
  • Familiarity with AWS security services: Security Groups, Route 53 DNS Firewall, IAM, VPC networking
  • Experience working with CSPM tools (Wiz, AWS Security Hub, or similar) and remediating findings
  • GitLab or GitHub CI/CD pipeline experience
  • Ability to read, understand, and extend existing Terraform codebases following established patterns
  • Comfortable working in a lightweight Agile/Scrum environment with Jira
  • English level: Upper intermediate

Nice to Have

  • Experience with cloud security compliance frameworks (NIST 800-53, HITRUST, FedRAMP)
  • Kubernetes / EKS experience
  • Python scripting for AWS automation (boto3, AWS SDK)
  • Please take into account that overlap with the US Central timezone is required (minimum 4 hours/day)

 

Didn’t find
a suitable vacancy?
Submit your CV, we will contact you as soon as we have relevant openings.
Send CV
Join the OLSYS Expert Network
Collaborate as a Lead-level partner — now or in the future
Learn more
Address:
222 West Ontario St. #501, Chicago, IL office №323
Email:
brand@olsysltd.com, copy button
Main website
Copyright © 2026 OLSYS LTD. All Rights Reserved. Privacy Policy
Main website

    PDF format (5mb)
    Close