DevOps Engineer (senior)

Full-time

Job description

We’re looking for a Senior DevOps Engineer who can bring structure, clarity, and stability to our cloud infrastructure. Our environments run on AWS and use services like VPC/TGW/Cloud WAN, Control Tower, IAM Identity Center (SSO), S3, Lambda, RDS/Aurora, Databricks, CloudWatch, CloudTrail, Security Hub, and KMS. We also operate complex network connectivity (BGP, IPsec/IKEv2, Direct Connect, site‑to‑site VPN, DNS, TLS, RADIUS/EAP‑TLS).

This is not about over‑engineering. We need someone who can make things reliable, secure, and easy to operate at scale. If you enjoy bringing order to complex cloud estates and making production environments secure, observable, and predictable, we’d love to hear from you.

Responsibilities

  • Map and document our current AWS multi‑account landscape (Control Tower landing zone, networking, security services), including clear diagrams, processes, and ownership.

  • Design and operate connectivity: BGP routing, IPsec/IKEv2 tunnels, Direct Connect, site‑to‑site VPNs, DNS, TLS/mTLS, and RADIUS (EAP‑TLS).

  • Harden and standardize AWS: S3 security (encryption, policies, access controls), KMS key management, CloudTrail logging, Security Hub guardrails, and least‑privilege IAM (with IAM Identity Center SSO).

  • Build and maintain CI/CD with GitHub Actions, chaining composite Terraform modules and enforcing per‑client segregation of pipelines, state, and secrets.

  • Implement observability with CloudWatch (metrics, logs, alarms) and reliable recovery practices (runbooks, rollback strategies, backup/restore).

  • Partner with developers and data teams to ensure smooth integration with Lambda, RDS/Aurora, and Databricks.

  • Continuously improve performance, security, and cost‑efficiency; keep documentation current and actionable.

Knowledge and skills

  • Deep AWS experience across networking and core services: VPC/TGW/Cloud WAN, Control Tower, IAM Identity Center (SSO), S3, Lambda, RDS/Aurora, CloudWatch, CloudTrail, Security Hub, KMS.

  • Production‑grade networking: BGP, IPsec/IKEv2, Direct Connect, site‑to‑site VPN, DNS, TLS, and RADIUS (EAP‑TLS).

  • Infrastructure as Code with Terraform (AWS provider): authoring reusable modules, versioning, and environment isolation.

  • CI/CD with GitHub Actions, including policy‑as‑code, secrets management, and promotion workflows.

  • Ability to simplify and document complex systems—clear architectures, runbooks, and ownership models.

  • A pragmatic problem‑solver who favors stability, security, and maintainability over complexity.

  • Proficiency in English (min. B2).

Nice to have

  • Azure & Microsoft ecosystem via Terraform (Azure provider): Azure AD/Entra ID, Intune, Conditional Access, Microsoft Sentinel, SharePoint.

  • Terraform GitHub Provider for repo/organization governance and automation.

  • Automated compliance: CIS Benchmarks, OWASP SAMM, ISO 27001 control implementation, secret scanning, SBOM generation.

  • Containers & platforms: Docker; Helm/Kustomize; GitOps tools (Flux or Argo CD); service mesh and networking (Istio, Cilium, eBPF); Kubernetes security contexts.

Apply now

Reach out to our team of experts to create a market-ready software solution. We usually reply in 24h.

Got questions?
Feel free to contact Diana!

diana-sarbu
Diana Sârbu
Contact person
Contact
Share this job:

Elephant benefits

In addition to team events (Teambuilding, Christmas party and more), here are a few perks we offer:
icon-open-book
Learning events and certifications
icon-heartbeat
Private medical subscription with Regina Maria
icon-backpack
Extra vacation days
icon-envelope
Headspace subscription
icon-envelope
Bookster subscription (RO)
icon-healthcare
Therapy sessions