DevOps Engineer
Indexed description
The Position
- Join the infrastructure team behind MDaaS, a real-time malware scanning platform handling 30M+ requests/day, built on AWS, Kubernetes, and event streaming.
- You'll work in an agile scrum team, owning infrastructure-as-code, CI/CD pipelines, and observability. Security and compliance are first-class requirements, not afterthoughts.
- Deploy and maintain workloads on EKS via ArgoCD, review GitOps PRs, handle sync failures, approve image updates
- Write and update Helm charts / Kustomize overlays across dev / staging / prod
- Triage alerts from Prometheus / Grafana / Coralogix, root cause analysis, resolve or escalate
- Review and apply Terraform changes: plan, validate, and merge infra PRs (EKS, MSK, ALB, IAM)
- Maintain CI/CD pipelines on Bitbucket Pipelines and GitHub Actions: fix broken builds, integrate security scans
- Configure and tune KEDA ScaledObjects for Kafka / RabbitMQ consumers
- Triage CVEs from Blackduck / Trivy reports: prioritize CVSS ≥ 7.0, coordinate patches with dev team
- Rotate secrets, verify External Secrets Operator sync, enforce no-hardcoded-credentials policy
- Document infrastructure and application changes for engineers and QA
- Participate in on-call rotation: incident response, post-mortems, runbook updates
- Research new tools and technologies to address current pain points and improve system reliability, scalability, and security: evaluate, prototype, and propose adoption when appropriate
- BA/BS in Computer Science, Engineering, or equivalent hands-on experience
- Strong verbal and written communication in English
- Self-motivated; works well in a fast-paced, collaborative team
- Eager to learn new tools and apply them quickly
- Passionate about solving problems in a principled, elegant way
- Comfortable both teaching and learning from teammates
- AWS hands-on: EKS, ECR, IAM/IRSA, MSK, S3, ALB, VPC, Security Groups
- Terraform: write modules, manage remote state, integrate with CI
- Kubernetes: RBAC, ingress, network policies, HPA, resource tuning: cluster management via Rancher or K9s
- Helm + Ansible: author charts and playbooks, manage versioning
- Docker: multi-stage builds, image optimization
- Linux/Windows systems administration
- Bitbucket Pipelines, GitHub Actions, or TeamCity: write and maintain, not just use
- ArgoCD: sync policy, health checks, rollback
- PR-based deployments; no direct commits to main/prod
- Prometheus, Grafana, CloudWatch, Elasticsearch: setup and maintain
- Structured logging, alert routing, dashboard authoring
- Least privilege: IAM, IRSA, K8s RBAC: no wildcard permissions
- Secret management: External Secrets / AWS Secrets Manager, zero hardcoded credentials
- Supply chain: dependency scanning (Blackduck / Snyk / Trivy), CVE triage by CVSS score
- Network segmentation: private subnets, Security Groups, ingress/egress control
- Working knowledge of ISO/IEC 27001 and SOC 2 Type II: access control, audit trail, change management
- Familiar with CIS Benchmarks for Kubernetes and Linux hardening
- Python and/or Go — scripting, tooling, automation
- Able to read Node.js/TypeScript code to debug service issues independently
- Actively uses AI coding tools (GitHub Copilot, Cursor, Claude) in daily workflow: writing scripts, Terraform modules, Helm templates, and debugging
- Knows how to prompt effectively, verify AI output, and not blindly trust generated infrastructure code
- Experience in the cybersecurity industry
- Knowledge of compliance frameworks: NIST CSF, HIPAA, GDPR — applied to real infrastructure
- Istio: mTLS, VirtualService/DestinationRule, traffic management
- KEDA advanced: custom metrics, scale-to-zero, cooldown tuning
- Kafka (MSK) operations: topic management, consumer lag, AKHQ
- Policy-as-code: OPA/Gatekeeper or Kyverno
- OWASP container and API security principles
- Coralogix / Datadog with OpenTelemetry: custom pipelines, alert routing
- Kubecost cost analysis, Kubeshark traffic capture
- Experience with large-scale systems: 30M+ requests/day
- Azure exposure (secondary to AWS)
- Has used AI to generate, review, or optimize infrastructure-as-code (Terraform, Helm, bash scripts) and understands its limitations: hallucinations, outdated API references, security blind spots
- Experimented with AI APIs (OpenAI, Anthropic) to build internal automation or tooling
Recruiting Agencies: we do not accept unsolicited resumes from third party agencies for any of our open positions. To submit resumes for our jobs, there must be a recruiting contract approved by our legal team and endorsed by both parties. We are currently not accepting additional 3rd party agencies at this time.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search