Senior Platform Engineer II - TAN PAN First American India Pvt Ltd

Company Summary

Job Summary

ABOUT FIRST AMERICAN INDIA First American (India) Private Limited (“FAI”) is a Global Capability Centre (GCC) of the First American Financial Corporation (FAF: NYSE) a leading provider of title insurance, settlement services and risk solutions for real estate transactions since 1889. FAI delivers Software Development, IT Infrastructure, Data & Analytics, back-office, and knowledge-processing operations to support First American's global operations across the US, UK, Australia & Canada. We build technology that powers millions of real-estate transactions, with a people-first culture that encourages innovation, collaboration, and solving real-world problems at scale. Job Title: Senior Platform Engineer II, AWS

About the Role (Remote India)

Design and deliver core building blocks of the AWS platform—secure account vending via AWS Control Tower and AVM, hub-and-spoke networking with centralized VPC endpoints, IAM Identity Center federation, Service Control Policies (SCPs), centralized root account management, org-wide AWS Config and GuardDuty, and org-level logging—enabling application teams to move fast on a standardized, Well-Architected foundation. You will bring a strong product mindset, take end-toend ownership of your work, communicate clearly, and collaborate effectively within the AWS team and across Platform Engineering. Key Responsibilities • Implement and enhance Terraform (and CloudFormation where required) pipelines in GitHub for AWS Organizations, SCPs, OU structure, resource tagging, and automated account vending (ServiceNow intake → plan/apply workflows). • Design and roll out hub-and-spoke networking: per-account VPCs connected via Transit Gateway, policy-based routes to Palo Alto inspection, centralized VPC interface endpoints, and DNS resolution hierarchy. • Build and maintain organization-level guardrails: SCPs, IAM permission boundaries, and least-privilege roles; integrate policy-as-code tests and guardrails. • Implement centralized root account management: eliminate day-to-day root usage, enforce MFA and credential vaulting, monitor root activity, and govern break-glass access through approved processes. • Deploy and operate org-wide AWS Config (aggregators, conformance packs, and remediation) and Amazon GuardDuty (delegated admin, threat detection, and Security Hub integration) across all accounts. • Configure IAM Identity Center with Entra ID federation; enable keyless CI/CD (GitHub Actions OIDC) and workload roles for EKS/ECS and platform automation. • Stand up and tune org-level logging and metrics: CloudTrail, VPC Flow Logs, DNS query logs, Config and GuardDuty findings → aggregation → Splunk/Elastic; ensure audit and detective control coverage. • Drive Terraform IaC migration and platform standards aligned to the AWS Well-Architected Framework (security, reliability, operational excellence). • Leverage AI tooling (Cla