We have active HIPAA-related projects in flight — and we need an AWS engineer who can own the infrastructure and security layer. This is not a plug-and-play setup role. We need someone who thinks in systems, writes infrastructure as code, and understands that a misconfigured IAM policy in a healthcare context is not a learning opportunity — it's a liability. The backend work will be handled with AI-augmented development, so the right person will focus on architecture, security posture, and compliance — not boilerplate. The Role Design and implement HIPAA-compliant AWS infrastructure from the ground up (or audit/harden existing setups)Configure IAM policies, VPCs, KMS encryption, and CloudTrail audit loggingEnsure PHI never touches a public subnet — and that the team understands whySet up and manage audit logging pipelines (CloudTrail + CloudWatch + AWS Config)Define and enforce encryption at rest and in transit across all relevant servicesWrite infrastructure as code using Terraform or AWS CDKWork alongside our dev team and advise on security decisions throughout the project lifecyclePotentially own backend development for net-new projects (scoped separately) Requirements AI Proficiency (Mainly in Claude.ai)AWS CoreIAM — least-privilege policies, roles, SCPs, MFA enforcementVPC — private/public subnet design, security groups, NACLs, VPC endpointsKMS — encryption at rest (S3, RDS, EBS), key rotation, customer-managed keysCloudTrail + CloudWatch + AWS Config — audit logging is a hard HIPAA requirementSecrets Manager — zero hardcoded credentials, everRDS/Aurora or DynamoDB with encryption and automated backupsInfrastructure as CodeTerraform or AWS CDK — security config lives in code, not in console clicksSecurity postureGuardDuty, Security Hub, and ideally Prowler for compliance scanningSolid understanding of which AWS services are HIPAA-eligible and which are notKnows what a BAA is and why it matters before a single byte of PHI goes anywhereRegulated environment experience3+ years hands-on AWS experiencePrior exposure to at least one regulated workload — HIPAA, SOC 2, PCI DSS, or LGPD — is a strong plusComfortable working with a remote, async teamNice to haveAWS Security Specialty or Solutions Architect Professional certificationExperience with Supabase or PostgreSQL in regulated contextsClaude Certification