DevOps Engineer

Join the infrastructure team behind MDaaS — a real-time malware scanning platform handling 30M+ requests/day, built on AWS, Kubernetes, and event streaming.

You'll work in an agile scrum team, owning infrastructure-as-code, CI/CD pipelines, and observability. Security and compliance are first-class requirements, not afterthoughts.

Deploy and maintain workloads on EKS via ArgoCD — review GitOps PRs, handle sync failures, approve image updates

Write and update Helm charts / Kustomize overlays across dev / staging / prod

Triage alerts from Prometheus / Grafana / Coralogix — root cause analysis, resolve or escalate

Review and apply Terraform changes — plan, validate, and merge infra PRs (EKS, MSK, ALB, IAM)

Maintain CI/CD pipelines on Bitbucket Pipelines and GitHub Actions — fix broken builds, integrate security scans

Configure and tune KEDA ScaledObjects for Kafka / RabbitMQ consumers

Triage CVEs from Blackduck / Trivy reports — prioritize CVSS ≥ 7.0, coordinate patches with dev team

Rotate secrets, verify External Secrets Operator sync, enforce no-hardcoded-credentials policy

Document infrastructure and application changes for engineers and QA

Participate in on-call rotation — incident response, post-mortems, runbook updates

Research new tools and technologies to address current pain points and improve system reliability, scalability, and security — evaluate, prototype, and propose adoption when appropriate

BA/BS in Computer Science, Engineering, or equivalent hands-on experience

Strong verbal and written communication in English

Self-motivated; works well in a fast-paced, collaborative team

Eager to learn new tools and apply them quickly

Passionate about solving problems in a principled, elegant way

Comfortable both teaching and learning from teammates

AWS hands-on: EKS, ECR, IAM/IRSA, MSK, S3, ALB, VPC, Security Groups

Terraform: write modules, manage remote state, integrate with CI

Kubernetes: RBAC, ingress, network policies, HPA, resource tuning — cluster management via Rancher or K9s

Helm + Ansible: author charts and playbooks, manage versioning

Docker: multi-stage builds, image optimization

Linux/Windows systems administration

Bitbucket Pipelines, GitHub Actions, or TeamCity — write and maintain, not just use

ArgoCD: sync policy, health checks, rollback

PR-based deployments; no direct commits to main/prod

Prometheus, Grafana, CloudWatch, Elasticsearch — setup and maintain

Structured logging, alert routing, dashboard authoring

Least privilege: IAM, IRSA, K8s RBAC — no wildcard permissions

Secret management: External Secrets / AWS Secrets Manager, zero hardcoded credentials

Supply chain: dependency scanning (Blackduck / Snyk / Trivy), CVE triage by CVSS score

Network segmentation: private subnets, Security Groups, ingress/egress control

Working knowledge of ISO/IEC 27001 and SOC 2 Type II — access control, audit trail, change management

Familiar with CIS Benchmarks for Kubernetes and Linux hardening

Python and/or Go — scripting, tooling, automation

Able to read Node.js/TypeScript code to debug service issues independently

Actively uses AI coding tools (GitHub Copilot, Cursor, Claude) in daily workflow — writing scripts, Terraform modules, Helm templates, and debugging

Knows how to prompt effectively, verify AI output, and not blindly trust generated infrastructure code

Experience in the cybersecurity industry

Knowledge of compliance frameworks: NIST CSF, HIPAA, GDPR — applied to real infrastructure

Istio: mTLS, VirtualService/DestinationRule, traffic management

KEDA advanced: custom metrics, scale-to-zero, cooldown tuning

Kafka (MSK) operations: topic management, consumer lag, AKHQ

Policy-as-code: OPA/Gatekeeper or Kyverno

OWASP container and API security principles

Coralogix / Datadog with OpenTelemetry — custom pipelines, alert routing

Kubecost cost analysis, Kubeshark traffic capture

Experience with large-scale systems: 30M+ requests/day

Azure exposure (secondary to AWS)

Has used AI to generate, review, or optimize infrastructure-as-code (Terraform, Helm, bash scripts) and understands its limitations: hallucinations, outdated API references, security blind spots

Experimented with AI APIs (OpenAI, Anthropic) to build internal automation or tooling