Senior AWS Platform Engineer (Control Tower Specialist)

About us:

Working at Tech Holding isn't just a job, it's an opportunity to be a part of something bigger. We are a full-service consulting firm that was founded on the premise of delivering predictable outcomes and high-quality solutions to our clients.  Our founders and team members have industry experience and have held senior positions in a wide variety of companies – from emerging startups to large Fortune 50 firms – and we have taken our combined experiences and developed a unique approach that is supported by the principles of deep expertise, integrity, transparency, and dependability.

About the Role:

Lead the AWS Control Tower implementation and multi-account governance modernization initiative. This role requires deep expertise in AWS Organizations, Control Tower, and enterprise-scale account management.

Key Responsibilities:

AWS Control Tower Implementation

• Design and implement AWS Control Tower Landing Zone architecture for 40+ accounts
• Evaluate retrofit vs. new organization strategies with comprehensive risk/cost analysis
• Configure Account Factory for Terraform (AFT) pipeline for automated account provisioning
• Deploy and customize Customizations for Control Tower (CfCT) pipelines
• Establish shared accounts (Audit, Security, Log Archive, Networking) with proper baseline configurations

Infrastructure as Code & Automation

• Develop and maintain modules for reusable infrastructure components
• Implement automated tagging, budget alerts, and security baseline enforcement
• Create version-controlled IaC repositories with proper CI/CD integration

Governance & Compliance

• Design and implement Service Control Policies (SCPs) and guardrails strategy
• Configure AWS Config, CloudTrail, and centralized logging across all accounts
• Establish drift detection and remediation processes
• Create guardrail exception registry and management workflows

Account Management

• Lead 40+ account enrollment/migration into Control Tower governance
• Reconcile existing IAM roles, policies, and automation with new baseline standards
• Implement organizational unit (OU) structure optimization
• Develop account onboarding automation and documentation

Required Skills & Experience:

• 5+ years of AWS cloud architecture and enterprise-scale implementations
• Expert-level experience with AWS Control Tower, Organizations, and Landing Zones
• Strong proficiency in Infrastructure as Code (Terraform preferred)
• Experience with Account Factory for Terraform (AFT) and Customizations for Control Tower (CfCT)
• Deep understanding of AWS security services (IAM, Config, CloudTrail, SCPs)
• Experience with multi-account governance patterns and best practices
• Strong scripting skills (Python, Bash, PowerShell)
• Experience with CI/CD pipelines and GitOps workflows

Preferred Qualifications:

• AWS Solutions Architect Professional or Security Specialty certifications
• Experience with enterprise compliance frameworks (SOC2, PCI-DSS, HIPAA)
• Knowledge of OpenTofu and migration from Terraform
• Experience with AWS StackSets and cross-account resource management
• Background in enterprise identity federation and SSO implementations

Salary Range:

• $130-150/hour

Location:

• Westlake Village, Ca
• On-site, 4x per week

*Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time

Tech Holding is proud to be an Equal Opportunity Employer and is committed to fostering a diverse and inclusive workplace. We welcome applicants from all backgrounds and experiences, and we consider qualified applicants without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability, veteran status, or any other legally protected characteristic. If you require accommodation in the application process, please contact our HR