AWS Network Security & Infrastructure Engineer

Paydoh

Location: Mumbai, Maharashtra, India
Job type: Part-time

Required skills

AWS
backend
banking
caching
CloudWatch
database
Docker
EC2
ElastiCache
Lambda
load balancing
microservices
NAT
network security
Redis
Serverless
SQL
VPC

About the role

Website:
Job details:

We are looking for a AWS Network Security & Infrastructure Engineer (Freelancer) who is expected to resolve :

1. Core VPC Requirements (The "Secure Perimeter")

VPC Segmentation: Expertise in designing a dedicated /16 CIDR VPC with 3-tier subnet isolation across 2 Availability Zones (ap-south-1a and 1b).

Public Subnets: Strictly for ALBs and NAT Gateways.

Private App Subnets: For Go-lang microservices on EC2/Docker and the AI Chatbot.

Private Database Subnets: Total isolation for RDS, MongoDB, and Redis with no public endpoints.with real time ruplication

Hybrid Connectivity: Hands-on experience with AWS Transit Gateway and Direct Connect (1 Gbps) to bridge your AWS VPC with the physical bank infrastructure.

2. Load Balancing & Traffic Engineering

Application Load Balancer (ALB): Configuring Multi-AZ ALBs to distribute traffic across your m6g.large backend fleet. Implementation of Internal ALBs specifically for the AI Chatbot layer to ensure it is never exposed to the internet.

Perimeter Protection: Integration of AWS WAF with the ALB to enforce SQL injection (SQLi) and Cross-Site Scripting (XSS) protections and rate-limiting. Enforcing TLS 1.2+ at the ALB level for all encrypted transit. 3. Production Reliability & Monitoring

Cost Optimization: Implementing a single NAT Gateway (cost-optimized) while maintaining high availability for the private subnets.

3. Observability: Setting up VPC Flow Logs and CloudWatch metrics to monitor the 100-200+ TPS bursts and ensure the Load Balancer isn't a bottleneck.

4. Caching & Performance (Redis):

Setup of AWS ElastiCache (Redis) using `cache.t4g.medium` nodes.

Configuration of 1 Primary + 1 Replica with Multi-AZ enabled for high availability.

Implementation of Global Datastore replication to the Hyderabad (ap-south-2) DR region.

5 Serverless Logic (Lambda):

Development and deployment of AWS Lambda functions to handle event-driven banking tasks (e.g., notification triggers, file processing).

Integrating Lambda with the Go-lang backend and S3 event notifications.

6 Secure Storage (S3):

Configuration of specific buckets: `audit-logs`, `app-backups`, and `static-assets`.

Enforcement of Server-side encryption (SSE-KMS) and Versioning.

Implementation of Lifecycle policies to move data to Glacier after 90 days.

7 Unified Backup & Compliance:

Implementation of the 7-day backup retention policy across RDS, MongoDB, Redis, and S3.

Management of KMS encryption keys for all storage volumes and snapshots.

Job Type- Contract

Interested Freelancer can email their resume at seema@paydoh.in

Click on Apply to know more.

This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.