Senior+ DevOps Engineer (AWS + Windows) (IRC290466) $$$$

Operating within the healthcare sector, this organization focuses on advancing medical technologies and solutions that enhance patient care. They specialize in developing innovative medical devices that streamline clinical trials and improve treatment accessibility. The organization collaborates with healthcare professionals to ensure that new therapies are both safe and effective. With a commitment to research and development, they aim to accelerate the adoption of their products in the healthcare market.

Requirements

• Strong hands-on experience with AWS services, specifically IoT Core, VPC (PrivateLink/Endpoints), Client VPN, IAM/STS, and Systems Manager (SSM).
• Proven experience in Windows Server administration and automation (including PowerShell scripting).
• Expert understanding of AWS networking concepts, including secure outbound-only connectivity, TCP 443 tunneling, routing, and subnetting within strict firewall constraints.
• Experience implementing Hybrid Activations with AWS Systems Manager to manage on-premise/edge Windows devices.
• Familiarity with MQTT protocol and “Claim Check” patterns for secure data ingestion and large file transfers to Amazon S3.
• Knowledge of Just-In-Time (JIT) access models and integrating temporary AWS credentials for privileged access management (PAM).
• Ability to work with existing environments and follow defined architectures and delivery plans.
• Experience producing technical documentation and architecture diagrams.
• Strong troubleshooting skills and attention to operational stability.
• Great communication skills with a high level of English.
   

Job responsibilities

• Design and implementation of secure outbound-only connectivity from edge devices to AWS using Client VPN (TCP 443) and PrivateLink.
• Deployment and configuration of AWS IoT Core to support MQTT messaging and large file ingestion via the “Claim Check” pattern.
• Provisioning and managing Windows edge devices using AWS Systems Manager (SSM) Hybrid Activations for remote administration and patching.
• Implementation of Just-In-Time (JIT) access workflows for Privileged Access Management (PAM).
• Configuration of VPC networking.
• Integration of automated notifications (e.g., via Amazon SNS).
• Preparation of architectural diagrams and infrastructure documentation detailing the device-to-cloud secure tunnel.