We’re looking for a Senior DevOps Engineer who can bring structure, clarity, and stability to our cloud infrastructure. Our environments run on AWS and use services like VPC/TGW/Cloud WAN, Control Tower, IAM Identity Center (SSO), S3, Lambda, RDS/Aurora, Databricks, CloudWatch, CloudTrail, Security Hub, and KMS. We also operate complex network connectivity (BGP, IPsec/IKEv2, Direct Connect, site‑to‑site VPN, DNS, TLS, RADIUS/EAP‑TLS).
This is not about over‑engineering. We need someone who can make things reliable, secure, and easy to operate at scale. If you enjoy bringing order to complex cloud estates and making production environments secure, observable, and predictable, we’d love to hear from you.
Map and document our current AWS multi‑account landscape (Control Tower landing zone, networking, security services), including clear diagrams, processes, and ownership.
Design and operate connectivity: BGP routing, IPsec/IKEv2 tunnels, Direct Connect, site‑to‑site VPNs, DNS, TLS/mTLS, and RADIUS (EAP‑TLS).
Harden and standardize AWS: S3 security (encryption, policies, access controls), KMS key management, CloudTrail logging, Security Hub guardrails, and least‑privilege IAM (with IAM Identity Center SSO).
Build and maintain CI/CD with GitHub Actions, chaining composite Terraform modules and enforcing per‑client segregation of pipelines, state, and secrets.
Implement observability with CloudWatch (metrics, logs, alarms) and reliable recovery practices (runbooks, rollback strategies, backup/restore).
Partner with developers and data teams to ensure smooth integration with Lambda, RDS/Aurora, and Databricks.
Continuously improve performance, security, and cost‑efficiency; keep documentation current and actionable.
Deep AWS experience across networking and core services: VPC/TGW/Cloud WAN, Control Tower, IAM Identity Center (SSO), S3, Lambda, RDS/Aurora, CloudWatch, CloudTrail, Security Hub, KMS.
Production‑grade networking: BGP, IPsec/IKEv2, Direct Connect, site‑to‑site VPN, DNS, TLS, and RADIUS (EAP‑TLS).
Infrastructure as Code with Terraform (AWS provider): authoring reusable modules, versioning, and environment isolation.
CI/CD with GitHub Actions, including policy‑as‑code, secrets management, and promotion workflows.
Ability to simplify and document complex systems—clear architectures, runbooks, and ownership models.
A pragmatic problem‑solver who favors stability, security, and maintainability over complexity.
Proficiency in English (min. B2).
Azure & Microsoft ecosystem via Terraform (Azure provider): Azure AD/Entra ID, Intune, Conditional Access, Microsoft Sentinel, SharePoint.
Terraform GitHub Provider for repo/organization governance and automation.
Automated compliance: CIS Benchmarks, OWASP SAMM, ISO 27001 control implementation, secret scanning, SBOM generation.
Containers & platforms: Docker; Helm/Kustomize; GitOps tools (Flux or Argo CD); service mesh and networking (Istio, Cilium, eBPF); Kubernetes security contexts.