AWS Workspaces Cloud Engineer

Job DescriptionJob DescriptionAWS Workspaces Cloud Engineer, Remote4 Month+ Contract (Potential for longer term) 100% Remote Due to our government client requirements, we can only consider US Citizen with ability to obtain and maintain a Public Trust Clearance.

NO THIRD PARTY RECRUITERS PLEASE! CANDIDATES MUST BE SELF-REPRESENTED.

Description

Seeking a strong Mid-Senior Level AWS WorkSpaces Cloud Engineer for a short-term contract supporting a high-impact team delivering secure, compliant, and scalable AWS solutions for virtual desktop infrastructure. This is a hands-on engineering role focused on building, automating, and operating Amazon WorkSpaces environments while supporting large-scale deployments, migrations to cloud-based desktops, and modernization of end-user computing for mission-critical systems.ResponsibilitiesImplement and manage AWS WorkSpaces deployments, including provisioning, bundling, scaling, and optimization using AWS Management Console, AWS CLI, SDKs, and automation toolsDesign and configure WorkSpaces directories (AWS Managed Microsoft AD, AD Connector, Simple AD, or Microsoft Entra ID integration), including trusts, OU selection, and directory synchronizationBuild and maintain infrastructure-as-code (IaC) for WorkSpaces environments using Terraform, AWS CloudFormation, AWS CDK, or scripts (PowerShell, Python, Bash)Execute virtual desktop migrations and transitions (rehost on-premises VDI to WorkSpaces, refactor applications for streaming, replatform to cloud desktops) using AWS tools and best practicesConfigure secure networking and access controls including VPCs, security groups, IP access control groups, PrivateLink (where applicable), AWS Global Accelerator, and integration with on-premises connectivity (Direct Connect, Site-to-Site VPN)Implement Zero-Trust security and identity solutions using AWS IAM, AWS SSO/IAM Identity Center, multi-factor authentication (MFA), certificate-based auth, SAML 2.0 federation, and Conditional Access policiesIntegrate and operate DevSecOps pipelines with AWS CodePipeline, CodeBuild, CodeDeploy, GitHub Actions, and security tools (Amazon GuardDuty, AWS Security Hub, AWS Config, Amazon Inspector)Automate compliance monitoring, evidence collection, and reporting using AWS Config rules, AWS Security Hub, CloudTrail, and custom automation for standards such as FedRAMP, NIST 800-53, or similar regulatory requirementsSupport application streaming and containerized/hybrid workloads, including integration with Amazon AppStream 2.0, WorkSpaces Thin Client, or related EUC servicesTroubleshoot production issues in WorkSpaces environments, perform root cause analysis, optimize performance/latency/cost, and manage updates, image builds, and bundlesContribute to architecture review packages, security documentation, diagrams, and authorization-to-operate (ATO) artifactsCollaborate daily with cloud architects, security engineers, VDI specialists, developers, and stakeholdersRequirements4+ years of hands-on experience building and operating production workloads in AWS (commercial and/or Government)2+ years working specifically with Amazon WorkSpaces and AWS End User Computing (EUC) servicesStrong proficiency in Infrastructure as Code: Terraform (required), CloudFormation/CDK (strong plus)Experience deploying and managing AWS WorkSpaces at scale, including directory services integration and bundle managementSolid understanding of AWS networking (VPC, security groups, access controls, connectivity options) and protocols relevant to virtual desktops (PCoIP, DCV)Hands-on experience with AWS DevOps tools (CodePipeline, CodeBuild, CodeDeploy) and GitHub ActionsFamiliarity with AWS security services (IAM, GuardDuty, Security Hub, Config, CloudTrail)Scripting and automation skills: PowerShell (required), Python or Bash (plus)U.S. citizenship and ability to obtain and maintain appropriate clearance (e.g., Public Trust)Preferred QualificationsActive AWS certifications:o AWS Certified Solutions Architect – Associate or Professionalo AWS Certified SysOps Administrator – Associateo AWS Certified DevOps Engineer – Professionalo AWS Certified Security – SpecialtyExperience with compliance frameworks such as FedRAMP High, NIST 800-53, or agency-specific controls (e.g., CMS ARS equivalents)Prior work on virtual desktop infrastructure (VDI) projects, migrations from on-premises Citrix/VMware Horizon to AWS WorkSpacesKnowledge of Amazon AppStream 2.0, WorkSpaces Thin Client, AWS Global Accelerator, or related EUC optimizationsExperience with Active Directory in AWS (Managed AD, AD Connector), SAML federation, MFA, and certificate-based authenticationFamiliarity with cost optimization, performance tuning, and high-availability configurations for WorkSpacesActive Public Trust clearance or higher

Please Note:Only those individuals selected for an interview will be contacted.No calls, inquiries, or Third-Party Vendors please.We are an equal opportunity employer. We encourage applications from candidates of all backgrounds and experiences. (The ACI Group is unable to sponsor H1B Visas).$1000 Referral Bonus - www.aci.com.Since 1988, The ACI Group, a Baltimore-based staffing firm, has been committed to hiring the industry's leading professionals, and presenting exciting career opportunities. We have access to varied types of contract, permanent and contract-to-perm positions and offer a choice of employment options including a full benefits package.