AWS Cloud SME

AWS Cloud SME

  • Location: Canada—Remote
  • Pay Rate: $120/hr
  • Contract Length: 45 Days

We at Raise are hiring an AWS Cloud SME for one of our top clients. After establishing themselves as an industry leader, they’re now expanding their team to meet rising demand. We’re hiring right now; if you’re interested, apply below for your chance to join a great place to work.

Responsibilities:

AWS Landing Zone & Governance

  • Design and implement AWS Landing Zone (single-region—Toronto)
  • Configure AWS Organizations, OUs, and Service Control Policies (SCPs)
  • Establish governance standards (tagging, naming, cost management)
  • Enable baseline services (CloudTrail, Config, GuardDuty)

Networking & VPC Architecture

  • Design and implement VPC architecture (CIDR, subnetting, AZ distribution)
  • Configure:
    • Public and private subnets
    • Route tables, NAT Gateway, IGW
  • Implement VPC Endpoints (S3, Glue, STS)
  • Define and enforce:
    • Security Groups
    • Network ACLs
  • Ensure secure connectivity between AWS and Splunk Cloud

Identity & Access Management

  • Integrate AWS IAM with Microsoft Entra ID (SAML/SSO)
  • Design RBAC model aligned with least privilege principles
  • Create IAM roles/policies for:
    • Splunk Federated Search
    • AWS Glue
    • S3 access
  • Enforce MFA and conditional access policies

Data Services Configuration (S3 & Glue)

  • Design and configure Amazon S3 buckets:
    • Data ingestion
    • Federated datasets

Implement:

    • Encryption (SSE-KMS)
    • Lifecycle policies
    • Access controls
  • Configure AWS Glue:
    • Data Catalog
    • Crawlers
    • Tables
  • Ensure Glue integration with Splunk FS

Splunk Federated Search Integration

  • Configure AWS-side integration for Splunk Federated Search
  • Enable secure connectivity between Splunk and AWS services
  • Validate federated queries across S3 datasets
  • Support index mapping and access control configuration

Security, Compliance & Policies

  • Implement:
    • Encryption in transit and at rest
    • IAM governance policies
  • Enable audit logging and monitoring (CloudTrail, Config)
  • Ensure compliance with VIA Rail security standards
  • Perform security validation and risk assessment

Monitoring & Observability

  • Configure CloudWatch monitoring and alerting
  • Integrate AWS logs into Splunk for centralized observability
  • Create dashboards for:
    • S3 usage
    • Glue jobs
    • IAM activity

Testing & Validation

  • Perform:
    • Connectivity validation (Splunk ↔ S3 ↔ Glue)
    • IAM and access validation
  • Execute performance and security testing
  • Support client sign-off activities

Documentation & Knowledge Transfer

  • Produce architecture and configuration documentation
  • Deliver operational runbooks
  • Conduct knowledge transfer sessions for VIA Rail teams

Required Skills & Expertise

Core AWS Expertise

  • Strong hands-on experience with:
    • VPC, Subnets, Routing, NAT, IGW
    • AWS Organizations and Landing Zone design
    • IAM roles, policies, and federation
  • Experience with:
    • Amazon S3 (security, lifecycle, encryption)
    • AWS Glue (Data Catalog, Crawlers, ETL basics)
  • Knowledge of:
    • CloudWatch, CloudTrail, AWS Config

Networking & Security

  • Deep understanding of:
    • TCP/IP, CIDR, subnetting
    • Firewall rules, security groups, NACLs
  • Experience implementing:
    • Private connectivity (VPC endpoints, PrivateLink)
    • Secure hybrid/cloud architectures
  • Knowledge of encryption standards (TLS, KMS)

Identity & Federation

  • Hands-on experience integrating AWS with Microsoft Entra ID
  • Expertise in:
    • SAML 2.0 federation
    • RBAC design
    • MFA and conditional access

Splunk & Data Integration (Preferred)

  • Experience working with Splunk Cloud Platform
  • Understanding of:
    • Splunk Federated Search architecture
    • Data lake integrations (S3-based analytics)
  • Familiarity with log ingestion and query optimization

DevOps & Automation (Good to Have)

  • Experience with:
    • Infrastructure as Code (Terraform, CloudFormation)
    • CI/CD pipelines
  • Automation of AWS provisioning and configurations

Compliance & Governance

  • Experience with:
    • Enterprise cloud governance models
    • Policy enforcement (SCPs, IAM policies)
  • Understanding of regulatory and audit requirements

Soft Skills & Consulting Capability

  • Strong stakeholder communication (technical + business)
  • Ability to translate requirements into architecture and implementation
  • Experience working in client-facing consulting roles
  • Documentation and presentation skills (SOW, HLD/LLD)

Experience Requirements

  • 8+ years of IT experience
  • 4–6+ years of hands-on AWS experience
  • Experience delivering cloud landing zones and data platform integrations
  • Prior experience in banking / transportation / regulated industries (preferred)

Certifications (Preferred)

  • AWS Certified Solutions Architect – Associate/Professional
  • AWS Certified Security Specialty (good to have)
  • Splunk certification (optional but beneficial)

Expected Outcomes from Role

  • Fully operational AWS Landing Zone (Toronto region)
  • Secure integration between AWS and Splunk Federated Search
  • Optimized S3 + Glue data architecture
  • Governed, compliant, and production-ready cloud environment

Looking for meaningful work? We can help!

Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.

We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.

We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodations: https://raise.jobs/accommodations/

In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or another job posting by Raise (or have any other questions), please contact us at +1 800-567-9675 or hello@raiserecruiting.com

AWS Cloud SME

  • Remote
  • Contractor, Full Time
  • $120 Per Hour
  • Information Technology
APPLY NOW

Similar job opportunities:

Consultant, Cloud IT Risk Assessment
Senior Azure Cloud DevOps Specialist
Senior Data Architects
Product Manager – Cloud & Policy (Banking / Code Modernization)
Microsoft Azure Security Specialist
Network Security DevOps Engineer (Intermediate)
APPLY NOW

When you apply for a job with us, you consent to the use of automated screening tools — including voice and text analysis — for this job and future jobs with Raise. These tools help us review resumes, assess qualifications, and make initial recommendations; however, all final reviews and hiring decisions are made by people. Questions? Contact us at hello@raiserecruiting.com

Search all jobs:

Search jobs by title or keyword
Click here
SEARCH JOBS

Keep exploring!

AI for job seekers: 5 AI Prompts to help

The Reality of Online Job Applications 

5 Tips for Students Seeking Summer Jobs in May 

Is Raise Legit? Here’s everything you need to know

Why Choose Contingent Work?

How Skills-Based Hiring is Changing Job Searching

SEE ALL JOB & CAREER RESOURCES