Principal Cloud Infrastructure Engineer; AWS

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

We are looking for a Principal Engineer to lead our Cloud Engineering team and own the Amazon Web Services platform for the enterprise. This is a foundational platform role — you are the AWS technical authority, setting architectural direction, establishing engineering standards, and ensuring the platform is secure, scalable, and built to last.

You lead from the front. You design the systems others build on, mentor the engineers around you, and hold the line on quality and best practices. You bring deep AWS expertise, a platform-owner mindset, and the leadership presence to align engineers and stakeholders around a shared technical vision. This role demands a cloud‑first thinker who ensures cloud solutions meet business needs efficiently while prioritizing Infrastructure as Code (IaC) to create repeatable, automated deployments.

You need to have a proven track record of architecting cloud environments from scratch. You'll drive cloud transformation initiatives across all CSPs with a focus on AWS platforms while ensuring every design decision considers security, reliability, and scalability.

This is not a hands‑off leadership role — you write code, review designs, and stay close to the work.

Own the enterprise AWS platform end‑to‑end: AWS Organizations structure, account hierarchy, IAM governance, networking architecture, security posture, and cost management.

Define and maintain the AWS Landing Zone — AWS Control Tower, Service Control Policies (SCPs), billing controls, and account vending patterns — as the foundation all product teams build on.

Serve as the final technical authority on AWS architecture decisions, reviewing designs for scalability, security, and operational excellence before they reach production.

Build self‑service platform capabilities that enable product engineering teams to move fast without compromising standards.

Lead the cloud engineering team as the technical anchor — set direction, conduct design reviews, unblock engineers, and drive delivery on platform initiatives.

Establish and enforce engineering standards:
IaC patterns, naming conventions, tagging strategy, branching models, and deployment practices.

Mentor engineers at all levels, building depth on the team and raising the bar on what “good” looks like in cloud engineering.

Partner with architecture, security, operations, and business stakeholders to translate enterprise requirements into platform capabilities.

Design and own the Terraform framework for all AWS resource provisioning — reusable modules, remote state management via S3/Dynamo

DB, pipeline integration, and policy guardrails.

Build and maintain CI/CD pipelines using AWS Code Pipeline, Code Build, Git Hub Actions, and Amazon ECR for both platform infrastructure and application teams.

Write production‑quality automation in Python and Go to extend platform functionality, integrate AWS APIs, and eliminate operational toil.

Implement policy‑as‑code using OPA, AWS Config Rules, and Service Control Policies to enforce governance at scale without manual gatekeeping.

Architect and operate AWS networking: VPC design, AWS Private Link, Transit Gateway, AWS WAF, Shield Advanced, NAT Gateway, and hybrid connectivity via AWS Direct Connect and Site‑to‑Site VPN.

Own the enterprise security posture on AWS — IAM Roles for Service Accounts (IRSA), ECR Image Signing, AWS Secrets Manager, least‑privilige IAM design, and SIEM/CSPM integration (AWS Security Hub, Prisma Cloud, or Wiz).

Drive continuous automated compliance across applicable regulatory frameworks…