About The Role
We’re looking for an experienced AWS Solutions Engineer to
stand up a production-grade EC2 environment for a SaaS application
, configure all required services, and
implement rigorous security hardening
with complete documentation and handover.What You’ll Do (Scope of Work)
Environment & Networking
- Design and provision a secure VPC (public/private subnets, NAT Gateway, route tables, NACLs).
- Create security groups with least-privilege ingress/egress; enable VPC Flow Logs.
- Set up ALB/ELB and (optionally) CloudFront for TLS offload, WAF integration, and caching.
Compute & OS
- Launch hardened EC2 (Ubuntu 22.04 LTS or Amazon Linux 2023) with EBS encryption.
- Configure Nginx/Apache + PHP-FPM (or app runtime) for a typical SaaS stack; tune for performance.
- Optional containerization: Docker runtime & compose (or ECS) if recommended.
Data Layer
- Advise and provision either Amazon RDS (MySQL/PostgreSQL) or secure self-managed DB on private subnets.
- Set up automated backups (RDS snapshots / EBS snapshots) with retention & tested restores.
Security Hardening
- IAM design (roles, policies, MFA, SCPs if Organizations), SSM Session Manager (limit or disable SSH), key-based access only.
- OS hardening (CIS-aligned): unattended upgrades/patching, fail2ban, firewall rules, auditd/AIDE, log rotation.
- AWS WAF managed rules, Shield (Standard), GuardDuty, CloudTrail to S3 with integrity controls.
- Secrets management with AWS Secrets Manager/Parameter Store.
- TLS/SSL: ACM (via ALB/CloudFront) or Let’s Encrypt (if direct to EC2). HSTS and modern ciphers.
Observability & Operations
- CloudWatch metrics/logs/alarms, CloudWatch Agent, structured app logs.
- Uptime checks, error-rate and latency alarms; basic SLOs with alerting (email/SNS).
- CI/CD integration (GitHub Actions/CodeDeploy) for zero/minimal-downtime deploys.
- Backup & DR runbooks (RPO/RTO), AMI/snapshot strategy, restore drills.
DNS & Email
- Coordinate DNS (e.g., Cloudflare or Route 53).
- SMTP/transactional email integration (SES or existing provider), SPF/DKIM/DMARC where applicable.
Documentation & Handover
- Architecture diagram, IaC (Terraform/CloudFormation) or bash/Ansible scripts.
- Security hardening checklist, access matrix, Runbooks (deploy, rollback, backup/restore).
- Knowledge transfer session for our team.
Deliverables
- Production-ready AWS environment for our SaaS on EC2 with WAF, monitoring, backups.
- Security-hardened OS & network; IAM with least privilege.
- CI/CD pipeline for repeatable deployments.
- Docs & diagrams + handover; all infra credentials stored in Secrets Manager/Parameter Store.
- One round of post-go-live support (timing to be agreed).
Must-Have Experience
- 4–7+ years on AWS (EC2, VPC, ALB/CloudFront, RDS, IAM, WAF, CloudWatch, CloudTrail, GuardDuty).
- Strong Linux admin (Ubuntu/Amazon Linux), Nginx/Apache, PHP-FPM or modern runtimes.
- Security hardening (CIS, OWASP ASVS practices) and production incident hygiene.
- IaC (Terraform or CloudFormation) and CI/CD (GitHub Actions/CodeDeploy).
- Database ops (MySQL/PostgreSQL), performance tuning, and backup/restore strategies.
Nice to Have
- Experience with Moodle/Laravel/PHP optimizations (Opcache, Redis, PHP-FPM tuning).
- Docker/ECS, ECR; blue-green or rolling deploys.
- Familiarity with India’s DPDP Act basics for data protection.
Engagement Details
- Start: Immediate
- Mode: Hybrid—primarily remote; on-site meetings in Ghaziabad as required.
- Duration: Project-based (finalized after scoping).
- Compensation: Competitive; based on experience and scope.
How to ApplyEmail
hr@brainybuzz.co
with:
- Subject: AWS Solutions Freelancer – Delhi NCR (Your Name)
- Your CV/LinkedIn + GitHub (or portfolio).
- A short note on a similar SaaS on AWS you’ve delivered (stack, architecture diagram if possible).
- Your approach to hardening Ubuntu 22.04 on EC2 (bullet points).
- Availability and estimated effort & quote.
- City & ability to attend on-site in Ghaziabad when needed.
- Two references (preferred).
Shortlisting Task (optional but preferred)In 6–10 bullets, outline your recommended
high-level architecture
for a small multi-AZ SaaS on EC2 + RDS with WAF and CloudFront, including where you’d enforce TLS, logging, and backups.Skills: aws,ec2,security,amazon,php,ci,hardening
