Senior AWS Serverless Engineer (Must: AWS Cognito)

Santex is a US-based global company founded in 1999, with 26 years of experience in the software industry. Headquartered in California with offices in Córdoba, Argentina, its talent network spans over 18 countries thanks to its flexible, remote-first culture. Santex specializes in custom enterprise software development, operating through Hubs that include eCommerce, BIM, Mobility, Content Delivery, Integration, Web & Mobile Development, Cloud Computing, Artificial Intelligence (AI), Data Science, IT Consulting, and Services. The company is committed to making a positive impact across three dimensions: economic, social, and environmental.

Role: AWS Serverless Engineer (Must: AWS Cognito)

Engagement overview
The client is a globally recognized quick-service restaurant brand operating a large-scale digital ordering platform across mobile (iOS, Android), web, and kiosk channels. Their in-house Digital Engineering team has built and operates a production AWS Cognito identity platform serving millions of monthly active users across North America.
This engagement extends that platform to support European markets across multiple EMEA regions, with loyalty registration and authentication scoped to country-specific rules. The North American architecture is complete and documented. The candidate's primary mandate is backend middleware and identity implementation only — no UI work.

Scope assumptions: Backend middleware and identity services only · No UI work · Dynatrace APM integration included

Required qualifications

• Demonstrated production experience with AWS serverless infrastructure: Lambda, Cognito, SES, IAM, ACM, and CloudWatch
• Hands-on Terraform experience for AWS, including multi-environment or multi-region deployments
• Node.js proficiency — all Lambda functions are JavaScript
• Working knowledge of OAuth 2.0, OpenID Connect, and password-based Cognito authentication flows
• Familiarity with GDPR and AWS data residency controls in an EU deployment context
• Available to begin immediately

Preferred qualifications

• Direct AWS Cognito experience: USER_PASSWORD_AUTH flows, forced password reset ( FORCE_CHANGE_PASSWORD state), and admin-initiated flows
• Experience implementing country-specific registration and consent logic within a shared identity platform
• JIT account migration experience with forced reset on first login patterns
• Dynatrace APM integration in a Lambda/serverless environment
• Social IdP integration via Cognito (Google, Apple, Facebook)
• Kount or equivalent fraud detection API integration
• Multi-regional identity platform experience at scale (1M+ MAU)

Candidate profile notes

The right candidate is a self-sufficient AWS serverless engineer who can work from existing architecture documentation and deliver independently against a fixed production deadline. This is not a design or architecture role — the client has a senior architecture team in place.
The most critical differentiator is experience with Cognito's password-based authentication model and forced migration/reset flows. Strong AWS generalists without Cognito-specific experience can succeed with solid Lambda, SES, and Terraform fundamentals, but expect a steeper ramp given the timeline.

Location

• Location: Remote — EU or US Eastern timezone overlap required Start: Immediate