Senior DevOps

4-6 years of hands-on DevOps, platform engineering, or SRE experience in production cloud environments.
Proven track record managing multi-account, multi-environment AWS infrastructure at production scale.
Expert-level Terraform: modules, workspaces, remote backends, state management, resource import, and lifecycle management.
Strong Ansible: role authoring, Jinja2 templating, inventory management, tag-scoped deployments, and Docker Compose integration.
Deep hands-on experience with: EKS, RDS, ElastiCache, ECR, VPC, NLB, IAM, Secrets Manager, S3, EC2.
AWS SSO / IAM Identity Center: managing multiple account access with named profiles.
Comfortable switching between accounts and regions without cross-contaminating state or credentials.
Production EKS operations: node group management (x86, GPU, Graviton), workload deployments, Helm, and cluster upgrades.
Proficient with Kubernetes CLI tooling at the workload, service, and cluster level; disciplined about environment context verification before any operation.
Experience with NVIDIA GPU workloads or heterogeneous node scheduling is a strong plus.
VPC design: subnets, routing tables, NAT Gateway, NLB with EIP, security groups, and VPN integration.
Reverse-proxy / API gateway experience: Traefik or NGINX with TLS, middleware chains, and OIDC auth delegation.
IAM security: least-privilege policy design, role assumption, and SCPs.
Secrets management: AWS Secrets Manager, HashiCorp Vault, or equivalent - no plaintext credentials in repos.
Familiarity with Zero Trust networking principles.
Identity provider administration (Keycloak or equivalent): realm configuration, OIDC client setup, and forward-auth integration.
OAuth2/OIDC protocol fluency: understands token flows, redirect URIs, and JWKS endpoints well enough to debug silently broken auth.
GitLab CI or GitHub Actions: multi-stage pipelines with environment promotion and security scan gates.
Prometheus + Grafana or equivalent observability stack: metric scraping, dashboards, and alerting rules.
Structured logging pipeline (ELK, Loki, or equivalent).
Team-first mindset- documents everything, communicates blast radius before acting, and treats runbooks as a team asset.
Active ownership- raises blockers early, follows through on on-call issues without being prompted, and closes the loop.
Honesty and transparency- surfaces risks and misconfigurations quickly; never dismisses a "this looks wrong" instinct.
Hard-working and dependable- maintains high operational standards under high-pressure situations without taking shortcuts that create future risk.
Team-first mindset- shares knowledge proactively, unblocks colleagues, and treats code review as a teaching opportunity rather than gatekeeping.
Active ownership- raises concerns early, follows through on commitments, and closes the loop without being reminded.
Honesty and transparency- surfaces bad news quickly, acknowledges mistakes, and documents lessons learned so the team does not repeat them.
Hard-working and dependable- comfortable sustaining high-quality output under delivery pressure without cutting corners on security, testing, or maintainability.
HashiCorp Vault in production: dynamic credentials, PKI secrets engine, HA setup.
GitOps tooling: ArgoCD or Flux for Kubernetes delivery.
Security certifications: AWS Security Specialty, CKS (Certified Kubernetes Security Specialist), or OSCP.
Experience with GPU-accelerated workloads and NVIDIA device plugin for Kubernetes.
Compliance framework exposure: SOC 2, ISO 27001, or GDPR operational controls.