Job Description

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

AWS Platform Technical Lead

We are looking for a Principal Engineer to lead our AWS Cloud Engineering team, owning the Amazon Web Services platform for the enterprise. This is a foundational platform role — you are the AWS technical authority, setting architectural direction,establishingengineering standards, and ensuring the platform is secure, scalable, and built to last.

You lead from the front. You design the systems others build on, mentor the engineers around you, and hold the line on quality and best practices. You bring deep AWSexpertise, a platform-owner mindset, and the leadership presence to align engineers and stakeholders around a shared technical visionThis role demands a cloud-first thinker who ensures cloud solutions meet business needs efficiently while prioritizing Infrastructure as Code (IaC) to create repeatable, automated deployments. You need to have a proventrack recordof architecting cloud environments from scratchYou'lldrive cloud transformation initiatives acrossall CSP’s with a focus on AWSplatforms while ensuring every design decision considers security, reliability, and scalability.

This is not a hands-off leadership role — you write code, review designs, and stay close to the work.

Major Responsibilities

1. AWS Platform Ownership

• Own the enterprise AWS platform end-to-end: AWS Organizations structure, account hierarchy, while collaborating with several teams to ensure the platform is stable and compliant.

• Define andmaintainthe AWS Landing Zone — AWS Control Tower, Service Control Policies (SCPs), billing controls, and account vending patterns — as the foundation all product teams build on.

• Serve as the final technical authority on AWS architecture decisions, reviewing designs for scalability, security, and operational excellence before they reach production.

• Build self-service platform capabilities that enable product engineering teams to move fast without compromising standards.

2. Technical Team Leadership

• Lead the AWS cloud engineering team as the technical anchor — set direction, conduct design reviews, unblock engineers, and drive delivery on platform initiatives.

• Establish and enforce engineering standards:IaCpatterns, naming conventions, tagging strategy, branching models, and deployment practices.

• Mentor engineers at all levels, building depth on the team and raising the bar on what “excellence” looks like in cloud engineering.

• Partner with architecture, security, operations, and business stakeholders to translate enterprise requirements into platform capabilities.

3. Infrastructure as Code & Automation

• Design and own the Terraformframeworkfor all AWS resource provisioning — reusable modules, remote state management via S3/DynamoDB, pipeline integration, and policy guardrails.

• Build and maintain CI/CD pipelines using AWSCodePipeline,CodeBuild, GitHub Actions, and Amazon ECR for both platform infrastructure and application teams.

• Write production-quality automation to extend platform functionality, integrate AWS APIs, andeliminateoperational toil.

• Implement policy-as-code using OPA, AWS Config Rules, and Service Control Policies to enforce governance at scale without manual gatekeeping.

4. Networking, Security & Compliance

• Architect andoperateAWS networking: VPC design, VPC Lattice, AWSPrivateLink, Transit Gateway, AWS WAF, Shield Advanced, NAT Gateway, and hybrid connectivity via AWS Direct Connect and Site-to-Site VPN.

• Own the enterprise security posture on AWS — IAM Roles for Service Accounts (IRSA), ECR Image Signing, AWS Secrets Manager, least-privilege IAM design, and SIEM/CSPM integration (AWS Security Hub, Prisma Cloud, or Wiz).

• Drive continuous automated compliance across applicable regulatory frameworks (HIPAA, PCI, SOC 2)socontrols are enforced in real time, not discovered at audit.

• Integrate observability — Amazon CloudWatch, AWS X-Ray, Datadog, and SLO/SLI frameworks — as a first-classplatformcapability across all workloads.

5. Platform Strategy & Continuous Improvement

• Own the AWS platform roadmap, evaluating new AWS services and capabilities and making deliberate decisions about what the enterprise adopts and when.

• Incorporate FinOps practices across the platform: Reserved Instances, Savings Plans,rightsizing, AWS Budgets alerting, and cost allocation as engineering disciplines, not afterthoughts.

• Research and pilot emerging AWS capabilities — Amazon Bedrock, EKS Auto Mode, Amazon Q for Developer — evaluating their fit for enterprise adoption.

• Foster a culture of operational excellence: blameless postmortems, runbook-driven operations, and continuous improvement cycles that make the platform more reliable over time.

Required Qualifications

• 10+ years in cloud and infrastructure engineering with 5+ years of deep, hands-on AWS experience at enterprise scale.

• Proven ownership of an AWS Organization — account hierarchy, Billing, Service Control Policies, IAM, and multi-account governance in production.

• Demonstrated technical leadership: you have led a platform team or major enterprise cloud initiative, set technical direction, and grown engineers around you.

Deep AWSexpertiserequiredacross:

Compute & Containers EKS (Managed + Auto Mode), ECS/Fargate, EC2, Auto Scaling Groups

Networking: VPC, VPC Lattice, AWSPrivateLink, Transit Gateway, AWS WAF, Shield Advanced, Direct Connect

Data & Messaging: Amazon Redshift, SNS/SQS, S3, AWS Glue, Kinesis, Amazon MWAA

Security: IAM, IRSA, AWS Security Hub, ECR Image Signing, Secrets Manager, VPC Endpoints

IaC& Automation: Terraform (modules, remote state, OPA), AWSCodePipeline, AWS Config, CloudFormation

Observability: Amazon CloudWatch, AWS X-Ray, Datadog, SLO/SLI design, PagerDuty integration

Languages: Python, Go, and Terraform

Preferred Qualifications

• AWS Certified Solutions Architect – Professional (strongly preferred)

• AWS Certified DevOps Engineer – Professional

• HashiCorpTerraform Associate or Professional certification

• Experience in regulated industries applying HIPAA, PCI-DSS, or FedRAMP controls on AWS

• Familiarity with AWS Outposts, EKS Anywhere, and multi-cloud connectivity patterns

• Experience with Amazon Bedrock, SageMaker, andMLOpspatterns on AWS

Education

Bachelor’s degree in Computer Science, Engineering, or a related field — or equivalent demonstrated experience.

Pay Range

The typical pay range for this role is:

$144,200.00 - $288,400.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments

We anticipate the application window for this opening will close on: 06/12/2026

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.