Logo for ZOLL CMS GmbH

Principal Cloud Engineer

Role overview

Qualifications

  • BA/BS degree in Computer Science, Information Security, or related field, or equivalent experience required
  • 7+ years of experience developing production-level applications or automated deployment pipelines using Infrastructure as Code in a public cloud environment (AWS, Azure, GCP) required
  • Deep expertise with AWS services and meaningful hands-on experience with GCP is strongly preferred
  • Strong knowledge of NIST 800-53 security controls and the FedRAMP authorization process

Responsibilities

  • Lead ZOLL's FedRAMP authorization initiative from an infrastructure, security, and compliance-as-code perspective
  • Provide thought leadership on cloud architecture, platform reliability, and regulatory compliance
  • Mentor and develop less-experienced cloud engineers, providing technical guidance, code reviews, and career development support
  • Serve as the primary cloud engineering lead for ZOLL's FedRAMP authorization initiative, owning the infrastructure and platform compliance workstream

About the company

ZOLL CMS GmbH logo

ZOLL CMS GmbH

Medical Devices & Equipment

Die ZOLL Medical Corporation trägt als eines der weltweit führenden Unternehmen im Bereich Medizinprodukte und Softwarelösungen dazu bei, Leben zu retten. Unser Geschäftsbereich Cardiac Management Solutions (CMS) entwickelt Produkte zum Schutz und zur Behandlung von Herzpatienten. Dazu gehört unsere tragbare Kardioverter-Defibrillator-Weste (WCD), die LifeVest®. Bis heute wurde die LifeVest® weltweit von Hunderttausenden Patienten getragen und hat Tausende Leben gerettet. Wir alle tragen mit unserer Arbeit bei ZOLL CMS dazu bei, dass Herzpatienten diese lebensrettende Therapie erhalten.

Company details

Company typeSME
IndustryMedical Devices & Equipment
Company size201 - 500

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Acute Care Technology

At ZOLL, we're passionate about improving patient outcomes and helping save lives. We provide innovative technologies that make a meaningful difference in people's lives. Our medical devices, software and related services are used worldwide to diagnose and treat patients suffering from serious cardiopulmonary and respiratory conditions.

The Acute Care Technology division of ZOLL Medical Corporation develops and delivers innovative lifesaving products and software solutions to EMS, hospital, public safety, and military customers globally. Products include AEDs, trauma kits, ventilators, temperature management solutions, and more. Our dedicated employees take pride in their commitment to improving patient outcomes while delivering world-class customer service.

At ZOLL, you won't just have a job. You'll have a career—and a purpose.

Join our team. It's a great time to be a part of ZOLL!

ZOLL Medical does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need ZOLL immigration sponsorship (e.g. H1B, TN, STEM, OPT, etc.) either now or in the future.

Job Type

Hybrid

Job Summary

As a Principal Cloud Engineer at ZOLL, you will be recognized as an expert within the cloud engineering discipline, requiring a highly specialized skill set and deep knowledge of emerging trends that influence best practices across the organization. You will contribute to the development of innovative principles and ideas, working on unusually complex problems and providing solutions that are highly creative. In this role, you will develop and implement new products, processes, standards, and operational plans that directly impact the achievement of functional results—with a primary focus on leading ZOLL's FedRAMP authorization initiative from an infrastructure, security, and compliance-as-code perspective. You will communicate regularly with leadership to align cloud strategy with organizational objectives, regulatory requirements, and FedRAMP readiness milestones.

Essential Functions

Strategic & Technical Leadership

  • Apply broad expertise across cloud infrastructure, security engineering, and compliance domains to lead and contribute to company objectives in creative and effective ways
  • Provide thought leadership on cloud architecture, platform reliability, and regulatory compliance; work on broader organization projects that require understanding of the wider business
  • Lead the development of innovative principles, standards, and operational plans for cloud infrastructure that have measurable impact on functional results
  • Own collaboration involving coordination among SRE, software engineering, security, compliance, and leadership groups to drive cross-functional alignment
  • Communicate with leadership on cloud strategy, FedRAMP readiness posture, and risk decisions; convey advanced technical information and persuade diverse stakeholders
  • Work on significant and unique issues where analysis requires evaluation of intangibles; exercise independent judgment in selecting methods, techniques, and evaluation criteria
  • Be accountable for results that may impact the entire cloud engineering function
  • Cloud Engineering & Platform Operations
  • Provide automated and orchestrated management of all SaaS platforms and technical solutions, driving innovative approaches to unusually complex problems
  • Lead AWS and GCP development, maintenance, automation, and orchestration for application pools, websites, data services, virtual networks, security, monitoring, service discovery, and other platform services; ensuring delivery on schedule and in accordance with ZOLL quality standards
  • Lead and contribute to the definition of, and enforce patterns, best practices, and strategies for source control structure, branching, and CI/CD across the organization
  • Architect and enhance platform services with Terraform, Ansible, Git, Artifactory, Jenkins, Packer, and related tooling
  • Define, build, and enhance observability patterns and platforms using OTEL, Coralogix, Grafana, and other tooling
  • Define, promote, and maintain SRE best practices across the ZOLL organization and product lines
  • Partner with Architects and product development teams within Agile processes to build resilient services and expand ZOLL's SaaS portfolio
  • FedRAMP Authorization & Compliance
  • Serve as the primary cloud engineering lead for ZOLL's FedRAMP authorization initiative, owning the infrastructure and platform compliance workstream
  • Lead the documentation and implementation of NIST 800-53 security controls as they apply to cloud infrastructure, with emphasis on the high-friction control families: AC (Access Control), AU (Audit and Accountability), CM (Configuration Management), IA (Identification and Authentication), IR (Incident Response), RA (Risk Assessment), SA (System and Services Acquisition), SC (System and Communications Protection), and CA (Assessment, Authorization, and Monitoring)
  • Define and maintain the FedRAMP system boundary documentation, including in-scope services, environments, trust zones, interfaces, and excluded systems
  • Own the cloud infrastructure asset inventory—applications, compute, databases, SaaS dependencies, service accounts—with data classification, ownership, and monitoring status for each asset
  • Develop and enforce access control models aligned to FedRAMP requirements: user populations, authentication methods, approval workflows, periodic access reviews, separation of duties, and privileged access management
  • Collaborate with compliance and security on the vulnerability management program for FedRAMP scope: scanning tools, frequencies, severity handling, remediation SLAs, exception processes, and evidence retention
  • Implement and document the logging and audit strategy: log sources, event categories, centralization (OTEL/CloudTrail/VPC Flow Logs), retention periods, access controls, review cadence, alerting, and time synchronization—covering AU-2, AU-6, AU-11, and AU-12 as a cohesive set
  • Maintain the external system services register (SA-9) within SRE’s scope: providers, data exchanged, FedRAMP status, shared responsibility assumptions, monitoring expectations, and failure modes
  • Define configuration baselines for OS, containers, and cloud configurations; implement drift detection, deviation approval, and hardening aligned to CIS benchmarks
  • Establish encryption and key management documentation: data at rest/in transit protections, key ownership, rotation cadence, certificates, approved algorithms, and cryptographic boundaries
  • Drive the change management and secure SDLC process for FedRAMP: security gate definitions, approval artifacts, emergency change handling, and retention of evidence
  • Own and maintain the FedRAMP gap register and POA&M tracking from the infrastructure perspective, collaborating with security and compliance teams on remediation planning
  • Support continuous monitoring activities: monthly vulnerability scanning cadence, POA&M update cycles, annual assessment preparation, and significant change triggers
  • Produce and maintain assessor-ready evidence packages: scanner dashboards, ticket queues, remediation records, access review artifacts, configuration audit trails, and log review documentation
  • Mentorship & Collaboration
  • Mentor and develop less-experienced cloud engineers, providing technical guidance, code reviews, and career development support
  • May direct the activities of other engineers on complex projects or compliance workstreams
  • Collaborate with cross-functional teams to identify areas for improvement and drive innovative solutions
  • Participate in critical incident management and root cause analysis, with an after-hours rotation of tier-4 production support
  • Contribute to strategic planning for the team and platform, including long-range roadmap and capability investment decisions


Required/Preferred Education and Experience

  • BA/BS degree in Computer Science, Information Security, or related field, or equivalent experience required
  • 7+ years of experience developing production-level applications or automated deployment pipelines using Infrastructure as Code in a public cloud environment (AWS, Azure, GCP) required


Knowledge, Skills and Abilities

  • Deep expertise with AWS services (EC2, S3, RDS, Lambda, IAM, CloudWatch, CloudTrail, GuardDuty, VPC, ALB/NLB, CloudFront, Config, etc.); meaningful hands-on experience with GCP is strongly preferred
  • Expert-level experience with Infrastructure as Code tools (Terraform, CloudFormation) and configuration management (Ansible)
  • Proven experience designing and implementing CI/CD pipelines and release management processes at scale
  • Expert-level experience with logging and observability solutions (Coralogix, Splunk, OTEL, Grafana, ELK Stack, CloudWatch) including designing centralized logging architectures
  • Strong knowledge of NIST 800-53 security controls and the FedRAMP authorization process, including SSP documentation, continuous monitoring, and POA&M management
  • Demonstrated experience with cloud security and governance frameworks: SOC 2, HIPAA, FedRAMP, ISO 27001, CIS Benchmarks, or equivalent federal compliance standards
  • Experience defining and documenting system boundaries, data flows, access control models, and security architectures for compliance and audit purposes
  • Experience with vulnerability management programs: tool selection, scan scope definition, severity handling, remediation SLA enforcement, and evidence packaging
  • Solid understanding of encryption standards, key management practices, and certificate lifecycle management in cloud environments
  • Familiarity with ITIL/ITSM processes and proven experience running change management or release management frameworks
  • Excellent communication and stakeholder management skills, with demonstrated ability to convey advanced technical and compliance information to leadership and diverse non-technical audiences
  • Demonstrated ability to create formal networks across engineering, security, and compliance teams to drive coordinated outcomes
  • Desired:
  • Experience with TeamCity (build automation) and Artifactory (artifact repository)
  • Experience with policy-as-code and governance-as-code platforms (Stacklet, OPA, Sentinel, or similar)
  • Familiarity with 3PAO assessment processes and direct experience supporting FedRAMP audits or assessments
  • Experience with configuration baseline management and drift detection tooling
  • Knowledge of supplier risk management and external services evaluation for federal environments
  • Bonus points if you have:
  • 8+ years in a Software Development or Site Reliability Engineering role
  • AWS Certified Solutions Architect – Professional certification
  • AWS Certified Security – Specialty certification
  • AWS Certified DevOps Engineer – Professional certification
  • GCP Professional Cloud Architect or Professional Cloud Security Engineer certification
  • CISSP, CISM, or other recognized information security certification
  • Direct experience achieving or maintaining a FedRAMP authorization
  • Experience with Cloud Custodian/Stacklet for multi-account governance and policy enforcement


Travel Requirements

  • As required


Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

  • Standing - Occasionally
  • Walking - Occasionally
  • Sitting - Constantly
  • Talking - Occasionally
  • Hearing - Occasionally
  • Repetitive Motions - Frequently


ZOLL is a fast-growing company that operates in more than 140 countries around the world. Our employees are inspired by a commitment to make a difference in patients' lives, and our culture values innovation, self-motivation and an entrepreneurial spirit. Join us in our efforts to improve outcomes for underserved patients suffering from critical cardiopulmonary conditions and help save more lives.

#LI-REMOTE

#LI-HM1

The annual salary for this position is:

$150,000.00 to $165,000.00

This position is eligible for an annual bonus in accordance with the company's bonus plan. Factors which may affect starting salary include geography, skills, education, experience, and other qualifications of the successful candidate. Details of ZOLL's comprehensive benefits plans can be found at www.zollbenefits.com.

Applications will be accepted on an ongoing basis until this position is filled. For fully remote positions, compensation will comply with all applicable federal, state, and local wage laws, including minimum wage requirements, based on the employee’s primary work location.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, disability, or status as a protected veteran.

ADA: The employer will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Cloud Engineer Related jobs

Other jobs at ZOLL CMS GmbH

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.