We have active HIPAA-related projects in flight — and we need an AWS engineer who can own the infrastructure and security layer. This is not a plug-and-play setup role. We need someone who thinks in systems, writes infrastructure as code, and understands that a misconfigured IAM policy in a healthcare context is not a learning opportunity — it's a liability. The backend work will be handled with AI-augmented development, so the right person will focus on architecture, security posture, and compliance — not boilerplate. The Role Design and implement HIPAA-compliant AWS infrastructure from the ground up (or audit/harden existing setups) Configure IAM policies, VPCs, KMS encryption, and CloudTrail audit logging Ensure PHI never touches a public subnet — and that the team understands why Set up and manage audit logging pipelines (CloudTrail + CloudWatch + AWS Config) Define and enforce encryption at rest and in transit across all relevant services Write infrastructure as code using Terraform or AWS CDK Work alongside our dev team and advise on security decisions throughout the project lifecycle Potentially own backend development for net-new projects (scoped separately) Requirements AI Proficiency (Mainly in Claude.ai) AWS Core IAM — least-privilege policies, roles, SCPs, MFA enforcement VPC — private/public subnet design, security groups, NACLs, VPC endpoints KMS — encryption at rest (S3, RDS, EBS), key rotation, customer-managed keys CloudTrail + CloudWatch + AWS Config — audit logging is a hard HIPAA requirement Secrets Manager — zero hardcoded credentials, ever RDS/Aurora or DynamoDB with encryption and automated backups Infrastructure as Code Terraform or AWS CDK — security config lives in code, not in console clicks Security posture GuardDuty, Security Hub, and ideally Prowler for compliance scanning Solid understanding of which AWS services are HIPAA-eligible and which are not Knows what a BAA is and why it matters before a single byte of PHI goes anywhere Regulated environment experience 3+ years hands-on AWS experience Prior exposure to at least one regulated workload — HIPAA, SOC 2, PCI DSS, or LGPD — is a strong plus Comfortable working with a remote, async team Nice to have AWS Security Specialty or Solutions Architect Professional certification Experience with Supabase or PostgreSQL in regulated contexts Claude Certification