• GenAI Cloud Engineer

    Leidos (Gaithersburg, MD)


    Description

    The Civil Group at Leidos has an opening for an early career GenAI Cloud Engineer to help design, secure, and automate an AWS contact center platform that uses Amazon Connect, Lex V2, Amazon Q in Connect, Contact Lens, Bedrock, OpenSearch, and Lambda (Python). This is a cloud infrastructure/security engineering role, and you will write and maintain Python code and Infrastructure as Code (IaC) to build secure, compliant foundations; integrate AI services; and help improve customer experience through robust automation and guardrails.

     

    You will work with senior engineers to implement a security first architecture that deflects customer contacts with voice/chat bots and provides agents real time AI assistance. This is an exciting opportunity to grow your software skills while gaining hands on experience with cloud networking, encryption, identity, observability, and GenAI safety controls in a mission environment.

    Primary Responsibilities:

    - Build secure, automated foundations (under guidance):

    - Author Infastructure-as-Code (e.g. CloudFormation) to provision VPCs, private subnets, and interface VPC endpoints (PrivateLink) for Bedrock, OpenSearch, S3, KMS, CloudWatch, Lambda, Secrets Manager, STS, and EventBridge.

     

    - Stand up encrypted S3 buckets, KMS CMKs, bucket/key policies, and logging baselines (CloudWatch, CloudTrail).

     

    - Contribute to IAM least privilege roles, permission boundaries, and service principals for Connect, Q in Connect, Contact Lens, Lambda, and OpenSearch.

    - Develop and maintain Python (serverless) services:

    - Write Lambda functions for Bedrock orchestration, OpenSearch indexing/queries, knowledge sync hooks, and post contact summarization.

     

    - Implement unit/integration tests, structured logging, error handling, and cost/latency guards; enable Model Invocation Logging for Bedrock.

    - Amazon Connect stack enablement:

    - Assist with instance configuration, Contact Lens (real time and post contact) enablement and redaction policies, S3 exports, and EventBridge events.

     

    - Configure Lex V2 bots, conversation logging, and Connect flow integration, including safe generative fallback patterns.

     

    - Help enable Amazon Q in Connect domains, KMS encryption, knowledge source integrations, and step by step guides.

    - Data and AI safety controls:

    - Implement Bedrock and Q guardrails and prompt templates; enforce PII minimization and safe fallbacks; participate in prompt evaluation and regression tests.

     

    - Support privacy/compliance controls (data retention, redaction, access reviews) and contribute to threat modeling and remediation of findings.

    - Search and analytics:

    - Assist with provisioning and configuring OpenSearch Service (VPC only, KMS), vector/keyword indices, and lifecycle/snapshot policies.

     

    - Build ingestion pipelines (Lambda or OpenSearch Ingestion) for knowledge content; tune analyzers/synonyms under direction.

    - Web and chat entry:

    - Contribute to CloudFront + WAF configurations for the chat front door, rate limits/bot control, and origin access policies.

    - DevSecOps and operations:

    - Use Git operations, CI/CD, and code reviews; maintain runbooks, diagrams, and SOPs.

     

    - Participate in on call rotations and incident response drills as needed; implement alarms/dashboards (e.g., CloudWatch) for deflection, AHT, and model usage.

    Basic Qualifications:

    - Bachelor’s degree in Computer Science, Engineering, or related field and 2–4 years of relevant experience; or a Master’s with <2 years; or 4 additional years of experience in lieu of a degree.

     

    - 2+ years of software development with Python, including building and troubleshooting AWS Lambda functions.

     

    - Hands on experience with core AWS services: IAM, VPC networking (subnets, security groups, routing), S3, CloudWatch, and at least one of: EventBridge, API Gateway, or Secrets Manager.

     

    - Infrastructure as Code experience with CloudFormation and use of Git based CI/CD.

     

    - Foundational security knowledge: least privilege IAM, encryption at rest (KMS), secure logging/monitoring, and basic threat modeling concepts.

     

    - Networking fundamentals: DNS, TLS, CIDR/subnetting, and private connectivity patterns (e.g., VPC endpoints/NAT).

     

    - Strong written and verbal communication; able to document designs and explain technical choices to teammates.

     

    - Ability to obtain a Public Trust clearance.

    Preferred Qualifications:

    - Practical exposure to one or more AWS contact center/AI services:

    - Amazon Connect, Contact Lens, Amazon Q in Connect, Amazon Lex V2.

     

    - Amazon Bedrock (LLM and embeddings) and guardrails; experience calling LLM APIs.

     

    - Experience with Retrieval Augmented Generation (RAG) and vector search; AWS OpenSearch Service configuration (VPC only, KMS) and k NN/HNSW indices.

     

    - Experience configuring KMS key policies, grants, and multi account access; S3 data protection (BPA, lifecycle, access points).

     

    - Familiarity with SSO/SAML and AWS IAM Identity Center; understanding of role based access for agents/admins/analysts.

     

    - Web edge security: AWS WAF, CloudFront, bot control/rate limiting.

     

    - Observability and analytics: CloudWatch dashboards/alarms, X Ray, Athena/Glue.

     

    - Understanding of privacy/compliance considerations (PII redaction, data retention), and familiarity with FISMA and FedRAMP concepts as applied to contact centers.

     

    - Certifications (any of): AWS Solutions Architect – Associate/Professional, AWS Security Specialty, AWS DevOps Engineer, CISSP/CCSP.

     

    At Leidos, we don’t want someone who "fits the mold"—we want someone who melts it down and builds something better. This is a role for the restless, the over-caffeinated, the ones who ask, “what’s next?” before the dust settles on “what’s now.”

     

    If you’re already scheming step 20 while everyone else is still debating step 2… good. You’ll fit right in.

    Original Posting:

    October 28, 2025

     

    For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

    Pay Range:

    Pay Range $67,600.00 - $122,200.00

     

    The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

     

    \#Remote

    REQNUMBER: R-00169539

    All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Leidos will consider qualified applicants with criminal histories for employment in accordance with relevant Laws. Leidos is an equal opportunity employer/disability/vet.