Platform Engineer

Company Overview

Throughout our worldwide network of experts, clients and communities, we are renowned for our leadership in fire protection engineering – a legacy of responsibility we have proudly upheld since 1939. Today, our expertise extends broadly across closely related security and risk-based fields – from accessibility consulting and risk analysis to process safety, forensic investigations, security risk consulting, emergency management, digital innovation and more.

Our engineers and consultants collaborate to solve complex safety and security challenges, ensuring our clients can protect what matters most. For over 80 years, we have helped mitigate risks that threaten lives, property and reputations. Through technology, expertise and industry-leading research, we remain dedicated to our purpose of making our world safe, secure and resilient.

At Jensen Hughes, we believe that creating and sustaining a culture of trust, integrity and professional growth starts with putting our people first. Our employees are our greatest strength, and we value the unique perspectives and talents they bring to our organization. 

Our wide range of Global Employee Networks connect people from across the organization, supporting career development and providing forums for individuals to share experiences on topics they're passionate about. Together, we are cultivating a connected culture where everyone has the opportunity to learn, grow and succeed together.

Job Overview

We’re hiring a Platform Engineer to build and operate our cloud platform on AWS, with Terraform as the infrastructure control plane. You will design and implement Infrastructure CI/CD and PR-driven infrastructure delivery (GitOps principles) for cloud infrastructure and platform configuration (Git as source of truth, automated checks, controlled applies, strong auditability). You’ll also own platform-grade observability (Splunk preferred) and help enable secure, production-ready agentic AI capabilities using Amazon Bedrock and Bedrock AgentCore, partnering with application teams to establish reliable patterns and guardrails.

Responsibilities:

AWS platform engineering (multi-account)

• Design, build, and operate secure, reliable AWS foundations across a multi-account AWS environment (AWS Organizations / Control Tower where applicable), including networking, IAM, KMS, secrets, tagging, and shared services
• Establish scalable patterns for compute, storage, and networking; enable repeatable environments across dev/stage/prod
• Improve developer experience through standards, templates, and clear platform documentation

Terraform (deep expertise)

• Own Terraform architecture end-to-end: module strategy, state design, environment separation, provider/version management.
• Build and maintain a production-grade Terraform SDLC:
  • PR-driven workflows with plan previews, approvals, and promotion across environments
  • Controlled apply mechanisms with audit trails and rollback plans
  • Drift detection and safe reconciliation strategy • Import/migration/refactor patterns without downtime
  • Implement baseline guardrails (tagging, encryption, access controls) as code wherever feasible

Infrastructure CI/CD + PR-driven infrastructure delivery (GitOps principles)

• Implement PR-driven infrastructure delivery using GitOps principles (not Kubernetes-only):
  • Git as the source of truth; PRs as change requests
  • Automated validation/testing/security checks on every change
  • Safe promotion model (dev → stage → prod) with appropriate gates
  • Controlled applies for production (approval gates / break-glass procedures), with full traceability
  • Standardize pipelines in the team’s primary CI/CD platform (GitHub Actions) and integrate with existing enterprise tooling where needed
  • Establish repo structure, branching strategy, and operational runbooks for the infrastructure delivery workflow

Observability (Splunk preferred)

• Own the Splunk observability operating model: dashboards, alerting standards, SLOs/SLIs, runbooks, and on-call readiness
• Build/operate telemetry pipelines for reliability and cost efficiency (noise reduction, sampling/cardinality strategies, retention and routing).
• Partner with application teams to improve visibility, reduce MTTR, and drive incident learnings into platform improvements

Agentic AI enablement (Amazon Bedrock + AgentCore)

• Partner with engineering teams to enable agentic AI use cases using Amazon Bedrock and AgentCore (tool integration patterns, secure operation, production readiness)
• Help establish foundational patterns for agent deployment and operations (environments, permissions, observability, and evaluation/reliability practices) aligned to enterprise controls

Operational excellence

• Participate in incident response; lead postmortems and drive systemic, preventive fixes
• Measure and improve platform reliability, security posture, and cost efficiency over time

Requirements (must have):

• 8–10 years of experience in Platform Engineering / SRE / DevOps (or equivalent experience delivering platform outcomes)AWS expertise, including multi-account patterns (AWS Organizations / Control Tower preferred), networking, IAM/security, and operations
• Terraform expert with proven ownership of org-scale infrastructure-as-code (modules, state, CI controls, large refactors)
• Proven experience designing Infrastructure CI/CD and PR-driven infrastructure delivery (GitOps principles) for Terraform and cloud configuration:
  • PR-based automation with plan previews and security/policy checks
  • Controlled apply processes with approvals and auditability
  • Environment promotion patterns and rollback strategies
• Strong production experience with observability platforms such as Splunk, Datadog, Grafana, or Dynatrace, including building and operating dashboards, alerting standards, and telemetry pipelines (logs/metrics/traces) in production
• Strong Linux and troubleshooting skills; proficiency in automation (Python or Go preferred)

Preferred Qualifications:

• Experience building agentic AI solutions using Amazon Bedrock Agents and/or Amazon Bedrock AgentCore (deployment/operations, tool integration patterns)
• OpenTelemetry at scale (standards, collectors/gateways, sampling, correlation across logs/metrics/traces)
• Policy-as-code experience (Conftest/Sentinel or similar) applied to Terraform and platform guardrails
• Experience building an Internal Developer Platform (IDP) / self-service workflows (golden paths, templates, paved roads).
• Databricks on AWS platform support (workspace/cluster policies, reliability, cost controls; Unity Catalog familiarity a plus)

Jensen Hughes is an Equal Opportunity Employer. Qualified candidates will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

At Jensen Hughes, we embrace innovation and understand that people are increasingly using artificial intelligence (AI) tools like ChatGPT and other generative platforms to learn, prepare and communicate.  We have provided some guidelines regarding the responsible use of AI in the recruitment process.  Please click here to review.

The security of your personal data is important to us. Jensen Hughes has implemented reasonable physical, technical, and administrative security standards to protect personal data from loss, misuse, alteration, or destruction. We protect your personal data against unauthorized access, use, or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals may access your personal data for the purpose for which it was collected, and these individuals receive training about the importance of protecting personal data.  Jensen Hughes is committed to compliance with all relevant data privacy laws in all areas where we do business, including, but not limited to, the GDPR and the CCPA.  Additionally, our service providers are contractually bound to maintain the confidentiality of personal data and may not use the information for any unauthorized purpose.

*Policy on use of 3rd party recruiting agency for direct placements

Jensen Hughes will occasionally augment a recruiting search through agencies for certain positions when business conditions warrant. Jensen Hughes will not accept resumes, inquiries or proposals from recruiting agencies as an acceptable method to consider a candidate. 3rd party recruiting agencies must sign a standard Jensen Hughes agreement after being evaluated and accepted by a Human Resources or Talent Acquisition manager, or member of the talent acquisition team. Hiring managers and employees of Jensen Hughes are not authorized to accept resumes, engage in fee-based searches through recruiting firms or sign a search agreement. Please note this policy does not apply to “staffing firms” or firms that are involved with hiring temporary staff. Any recruiting agency interested in being considered may contact our recruiting team at jensenhughesrecruiting.com.