Senior Platform Engineer II

Company Summary First American (India) is a GCC (Global Capability Center) of the First American Financial Corporation (NYSE: FAF) family of companies. FAI is a proud member of the FORTUNE 500 companies and has been amongst the Fortune 100 Best Companies to Work For® list for eight consecutive years. First American Financial Corporation provides comprehensive title insurance, closing/settlement, property data and technology solutions. First American (India) creates quality solutions for its customers by combining software, back office, and knowledge processing operations to fulfill First American's business requirements. Our priorities are our employees, customers, and shareholders - in that order. First American (India) has been ranked amongst India's Best Companies To Work For™ 2023: Listed amongst the Top 100 by Great Place To Work® India, FAI is also certified Best Workplaces for Women and Workplace with Inclusive Practices. Software Services helps build First American's product suite that encompasses the best in class Title Insurance, Settlement and Mortgage solutions platforms. Leverages technology product stack across Microsoft platform predominantly to develop, enhance and maintain the best in class applications. The R & D division delivers solutions for the title insurance industry leveraging the best of NLP, AI and ML. Job Summary ABOUT FIRST AMERICAN INDIA First American (India) Private Limited (“FAI”) is a Global Capability Centre (GCC) of the First American Financial Corporation (FAF: NYSE) a leading provider of title insurance, settlement services and risk solutions for real estate transactions since 1889. FAI delivers Software Development, IT Infrastructure, Data & Analytics, back-office, and knowledge-processing operations to support First American's global operations across the US, UK, Australia & Canada. We build technology that powers millions of real-estate transactions, with a people-first culture that encourages innovation, collaboration, and solving real-world problems at scale. Job Title: Senior Platform Engineer II, AWS About the Role (Remote India) Design and deliver core building blocks of the AWS platform—secure account vending via AWS Control Tower and AVM, hub-and-spoke networking with centralized VPC endpoints, IAM Identity Center federation, Service Control Policies (SCPs), centralized root account management, org-wide AWS Config and GuardDuty, and org-level logging—enabling application teams to move fast on a standardized, Well-Architected foundation. You will bring a strong product mindset, take end-toend ownership of your work, communicate clearly, and collaborate effectively within the AWS team and across Platform Engineering.

Key Responsibilities

• Implement and enhance Terraform (and CloudFormation where required) pipelines in

GitHub for AWS Organizations, SCPs, OU structure, resource tagging, and automated account vending (ServiceNow intake → plan/apply workflows).

• Design and roll out hub-and-spoke networking: per-account VPCs connected via Transit

Gateway, policy-based routes to Palo Alto inspection, centralized VPC interface endpoints, and DNS resolution hierarchy.

• Build and maintain organization-level guardrails: SCPs, IAM permission boundaries, and

least-privilege roles; integrate policy-as-code tests and guardrails.

• Implement centralized root account management: eliminate day-to-day root usage, enforce

MFA and credential vaulting, monitor root activity, and govern break-glass access through approved processes.

• Deploy and operate org-wide AWS Config (aggregators, conformance packs, and

remediation) and Amazon GuardDuty (delegated admin, threat detection, and Security Hub integration) across all accounts.

• Configure IAM Identity Center with Entra ID federation; enable keyless CI/CD (GitHub

Actions OIDC) and workload roles for EKS/ECS and platform automation.

• Stand up and tune org-level logging and metrics: CloudTrail, VPC Flow Logs, DNS query logs,

Config and GuardDuty findings → aggregation → Splunk/Elastic; ensure audit and detective control coverage.

• Drive Terraform IaC migration and platform standards aligned to the AWS Well-Architected

Framework (security, reliability, operational excellence).

• Leverage AI tooling (Claude, Cursor) and agentic automations to accelerate IaC

development, reviews, and operational runbooks—within approved security guardrails.

• Enforce infrastructure-as-code-only operations; contribute policy-as-code tests and

eliminate console-only changes.

• Partner with InfoSec to triage Security Hub, Prisma, and Qualys findings and drive

remediation through IaC updates.

• Support change management and CAB submissions for production platform changes.
• Apply a strong product mindset: understand application-team needs, deliver platform

capabilities with clear value, and measure adoption and outcomes.

• Take end-to-end accountability and ownership for assigned platform components—from

design and IaC through rollout, operations, and continuous improvement.

• Collaborate well within the AWS Product Team and with other Platform Engineering teams

(Azure, GCP, Blueprint and Modules, DNA Enablement) to align patterns, standards, and shared deliverables.

• Communicate clearly in design reviews, documentation, incident response, and stakeholder

updates; escalate risks and dependencies proactively. Key Requirements

• 8–10 years in cloud/platform engineering (3–5+ on AWS) delivering enterprise platform

components with Terraform and CI/CD (GitHub; Spacelift experience a plus).

• Solid AWS networking (VPC, Transit Gateway, routing, load balancers), DNS, and centralized

VPC endpoints; familiarity with centralized security inspection.

• Hands-on with AWS Organizations, Control Tower, AVM, SCPs, and IAM least-privilege

design; practical experience with permission boundaries and IAM policies.

• Experience with centralized root account management, AWS Config (rules, aggregators,

remediation), and GuardDuty at organization scale.

• Experience with IAM Identity Center, federation, and keyless CI/CD patterns (OIDC).
• Logging and monitoring pipeline engineering (CloudTrail, CloudWatch, flow logs,

Splunk/Elastic integrations).

• Proficient with AWS KMS, Secrets Manager, and secrets automation; strong scripting

(Python, PowerShell, Bash) and Linux fundamentals.

• Strong Git workflows, IaC governance, and clear technical documentation.
• Strong product mindset with experience translating platform requirements into pragmatic,

adoptable solutions.

• Good communication skills; demonstrated end-to-end accountability and ownership of

platform deliverables.

Nice to Have

• Spacelift knowledge or hands-on experience.
• Azure and GCP cloud knowledge as an added advantage for multi-cloud alignment.
• Cloudflare (Tunnel/WAF/Bot) or Palo Alto VM-Series experience.
• EKS (IRSA), GitHub Actions OIDC, and container platform patterns.

FAI is committed to create an environment that respects, supports and inspires all individuals. We do not discriminate on the basis of color, religion, sex, gender identity, sexual orientation and age. At FAI, we celebrate diversity and believe that an inclusive workforce benefits employees, the organization and our community. We are an Equal Opportunity Employer. For more information about our company and dedication to putting People First, check out https://firstam.wd1.myworkdayjobs.com/faicareers. Apply To This Job