GenAI Cloud Engineer

Description

The Civil Group at Leidos has an opening for an early career GenAI Cloud Engineer to help design, secure, and automate an AWS contact center platform that uses Amazon Connect, Lex V2, Amazon Q in Connect, Contact Lens, Bedrock, OpenSearch, and Lambda (Python). This is a cloud infrastructure/security engineering role, and you will write and maintain Python code and Infrastructure as Code (IaC) to build secure, compliant foundations; integrate AI services; and help improve customer experience through robust automation and guardrails.

You will work with senior engineers to implement a security first architecture that deflects customer contacts with voice/chat bots and provides agents real time AI assistance. This is an exciting opportunity to grow your software skills while gaining hands on experience with cloud networking, encryption, identity, observability, and GenAI safety controls in a mission environment.

Primary Responsibilities:

- Build secure, automated foundations (under guidance):
- Author Infastructure-as-Code (e.g. CloudFormation) to provision VPCs, private subnets, and interface VPC endpoints (PrivateLink) for Bedrock, OpenSearch, S3, KMS, CloudWatch, Lambda, Secrets Manager, STS, and EventBridge.
- Stand up encrypted S3 buckets, KMS CMKs, bucket/key policies, and logging baselines (CloudWatch, CloudTrail).
- Contribute to IAM least privilege roles, permission boundaries, and service principals for Connect, Q in Connect, Contact Lens, Lambda, and OpenSearch.
- Develop and maintain Python (serverless) services:
- Write Lambda functions for Bedrock orchestration, OpenSearch indexing/queries, knowledge sync hooks, and post contact summarization.
- Implement unit/integration tests, structured logging, error handling, and cost/latency guards; enable Model Invocation Logging for Bedrock.
- Amazon Connect stack enablement:
- Assist with instance configuration, Contact Lens (real time and post contact) enablement and redaction policies, S3 exports, and EventBridge events.
- Configure Lex V2 bots, conversation logging, and Connect flow integration, including safe generative fallback patterns.
- Help enable Amazon Q in Connect domains, KMS encryption, knowledge source integrations, and step by step guides.
- Data and AI safety controls:
- Implement Bedrock and Q guardrails and prompt templates; enforce PII minimization and safe fallbacks; participate in prompt evaluation and regression tests.
- Support privacy/compliance controls (data retention, redaction, access reviews) and contribute to threat modeling and remediation of findings.
- Search and analytics:
- Assist with provisioning and configuring OpenSearch Service (VPC only, KMS), vector/keyword indices, and lifecycle/snapshot policies.
- Build ingestion pipelines (Lambda or OpenSearch Ingestion) for knowledge content; tune analyzers/synonyms under direction.
- Web and chat entry:
- Contribute to CloudFront + WAF configurations for the chat front door, rate limits/bot control, and origin access policies.
- DevSecOps and operations:
- Use Git operations, CI/CD, and code reviews; maintain runbooks, diagrams, and SOPs.
- Participate in on call rotations and incident response drills as needed; implement alarms/dashboards (e.g., CloudWatch) for deflection, AHT, and model usage.

Basic Qualifications:

- Bachelor’s degree in Computer Science, Engineering, or related field and 2–4 years of relevant experience; or a Master’s with