Remote AWS Cloud Engineer

<Job Summary>
We are seeking an AWS Cloud Engineer to design and implement an automation solution for our hosting environment. The primary objective is to move away from always-on instances to a strictly on-demand model.

<Responsibilities>

• Architect an On-Demand Portal: Develop a lightweight, low-cost web front-end that allows end-users to authenticate and trigger their specific AWS environments.
• Cross-Account Automation: Implement a secure mechanism for the portal to "Start" three-server Windows stacks (Active Directory, RDP, and SQL) across multiple, distinct AWS Account IDs.
• State-Aware Orchestration: Design a health-check system that monitors when the RemoteApp portal is ready for login and redirects the user accordingly.
• Automated Shutdown Logic: Create an intelligent "Stop" mechanism that monitors Remote Desktop Session states and inactivity to shut down instances automatically once users disconnect, ensuring zero wasted spend.
• Cost Management: Ensure all components of the solution (portal, monitoring, and orchestration) are designed for the "lowest cost" footprint within AWS.

<Requirements>

Must-Have :

• Advanced AWS Orchestration: Deep experience with AWS Lambda, EventBridge, and the AWS SDK (Boto3/Node.js) for cross-account resource management.
• Windows Server & RDS Mastery: Expertise in Microsoft Remote Desktop Services (RDS) and RemoteApp, specifically managing session states and user collections.
• IAM Cross-Account Security: Proven ability to configure IAM Roles and Trust Policies to allow a centralized automation account to manage resources in sub-accounts.
• Serverless Development: Ability to build the front-end portal using low-cost serverless technologies (e.g., AWS Amplify, S3 Static Hosting, or API Gateway) rather than expensive dedicated instances.
• PowerShell Scripting: Proficient in using PowerShell to query Windows Session States and communicate that data back to AWS monitoring tools.

Nice-To-Have:

• Dynamics GP Familiarity: Previous experience hosting or managing Microsoft Dynamics GP environments.
• Infrastructure as Code (IaC): Ability to deploy the entire client stack using Terraform or AWS CloudFormation for consistency across new client onboardings.
• Authentication Integration: Experience with Amazon Cognito or OAuth for managing the initial portal login.
• Network Latency Optimization: Knowledge of AWS CloudFront to ensure RemoteApp portal performance is fast.

Application Question(s):

• "How would you configure a central AWS account to StartInstances in multiple client accounts without using hardcoded IAM Access Keys?"
• "What PowerShell command or method would you use to verify there are no 'Active' or 'Disconnected' RDS sessions before triggering an AWS instance stop?"
• "Instead of a simple ICMP ping, how would you programmatically confirm the RemoteApp Web Feed is fully initialized and ready for user login?"
• "To achieve the 'lowest cost' for the user login portal, what AWS serverless stack would you use instead of a dedicated Windows or Linux EC2 instance?"
• "How do you ensure the RDP and SQL servers don't fail their domain authentication if they finish booting before the Active Directory DC is fully 'up'?"

Work Location: Remote