What are the responsibilities and job description for the Infrastructure as Code (IaC) Engineer position at Custom Business Solutions, Inc.?
Infrastructure as Code (IaC) Engineer
Job Summary
We are seeking an experienced Infrastructure as Code (IaC) Engineer to support a centralized cloud enablement team responsible for building, deploying, and operating standardized AWS infrastructure using Terraform, Spacelift, Rundeck, and GitHub.
This role focuses on creating and maintaining reusable IaC patterns, build and deployment automation, and governance controls that enable secure, scalable self-service infrastructure across a multi-account AWS environment. You will work closely with platform, security, and application teams to deliver reliable "paved road” solutions while maintaining strong compliance and operational rigor. Must Have Skills
- 5 years of hands-on Terraform experience in production AWS environments
- Strong AWS cloud infrastructure experience in multi-account environments
- Production experience with Spacelift for Terraform orchestration
- Experience designing and operating Rundeck automation jobs
- Enterprise GitHub experience including GitHub Actions and CI/CD pipelines
- Strong understanding of GitOps and PR-driven deployment processes
- Experience implementing secure automation using IAM roles, OIDC, and least-privilege access
- Experience building reusable Terraform modules and centralized IaC patterns
- Hands-on experience provisioning AWS services via Terraform:
- IAM
- VPC / Networking
- EC2 / Auto Scaling
- S3 / RDS
- CloudWatch / Logging
- KMS / Encryption
- Strong troubleshooting, documentation, and cross-functional collaboration skills
- Experience with EKS or ECS
- Experience migrating teams into centralized IaC or platform tooling
- FinOps experience including cost tagging, chargeback, and showback
- Policy-as-code exposure (OPA, Sentinel, or equivalent)
- Experience with Terraform tooling such as tflint, checkov, tfsec, and infracost
- Experience in regulated or risk-sensitive environments
- Design, build, and maintain Terraform modules and IaC patterns used by multiple delivery teams
- Implement and operate Terraform deployments via Spacelift, including stack design, approvals, drift detection, and environment promotion
- Develop and maintain Rundeck jobs for AWS operational automation, break-glass actions, and platform support workflows
- Build and support GitHub-based CI/CD pipelines using GitOps principles (PR-driven change control)
- Establish and enforce AWS standards for:
- Account structure and environments
- Tagging, cost allocation, and ownership
- Security, access control, and auditability
- Implement secure automation using IAM roles, OIDC, and least-privilege access
- Collaborate with application and platform teams to onboard workloads to standardized IaC tooling
- Produce and maintain documentation, runbooks, and onboarding guides
- Troubleshoot IaC, pipeline, and automation failures; participate in root cause analysis as needed
Infrastructure as Code (Terraform)
- Advanced experience with:
- Module design, reuse, and versioning
- Remote state using S3 and DynamoDB
- Multi-account and multi-environment deployments
- Standards enforcement via validation and lifecycle rules
- Experience supporting centralized Terraform modules consumed by multiple teams
Strong practical experience with:
- AWS Organizations, SCPs, and multi-account strategies
- Cross-account IAM role design
- Account bootstrap / landing zone concepts
Production experience using Spacelift for Terraform:
- Stack and dependency design
- Environment promotion and approvals
- Worker configuration (private or AWS-hosted preferred)
- Drift detection and scheduled runs
Rundeck (Operational Automation)
- Strong understanding of:
- Job security, RBAC, and approvals
- Credential management using IAM roles (no static keys)
- Error handling, retries, and notifications
- Familiarity with job-as-code or version-controlled job patterns
Enterprise GitHub experience, including:
- Branch protection rules and CODEOWNERS
- Required reviews and PR-based change control
- GitHub Actions for CI/CD
- OIDC-based authentication to AWS
Experience implementing:
- Least-privilege IAM and permission boundaries
- Secure secrets handling (no credentials in code)
- Approval workflows and separation of duties
Operational & Collaboration Skills
- Strong operational mindset and troubleshooting ability
- Experience supporting shared platforms used across multiple teams
- Ability to clearly document solutions and support adoption
- Strong communication skills with cross-functional stakeholders