Description

We are seeking a Senior Infrastructure Engineer with a deep specialization in Security Design to lead the evolution of our cloud-native ecosystem. In this role, you will be responsible for architecting, building, and maintaining highly available AWS infrastructure while ensuring that security is not an afterthought, but a core component of the design. You will bridge the gap between systems engineering and cyber defense, building resilient platforms that are “secure by design.”

Key Responsibilities

  • Infrastructure Security Architecture: Lead the design and implementation of secure AWS infrastructure, ensuring VPC patterns, peering, and transit gateways follow strict security segmentation.
  • Kubernetes Platform Engineering: Architect and manage production-grade EKS clusters using Docker and Kubernetes, implementing advanced security controls including OPA/Gatekeeper and workload identity.
  • CI/CD Automation: Design and maintain secure automation pipelines using GitHub Actions, ensuring security checks are integrated into the deployment lifecycle.
  • Automated Security Infrastructure: Build and maintain central identity and access systems using Keycloak, integrating OIDC/OAuth and LDAP across the enterprise.
  • Security as Code: Develop modular, reusable Terraform templates and YAML configurations that incorporate automated compliance checks and security best practices.
  • Data & Secret Protection: Manage and secure Postgres DB instances, including encryption strategies and secret management workflows (AWS KMS) to ensure zero-trust data handling.
  • Defensive Automation: Develop custom Python-based tooling to automate infrastructure audits, remediation of drift, and security response workflows.

Must-Have Qualifications

  • 10+ years in Infrastructure or Systems Engineering with a proven track record of designing secure large-scale environments.
  • Expert-level mastery of AWS, Kubernetes, and Docker.
  • Mandatory proficiency in Python for infrastructure automation and security tool development.
  • Hands-on experience building and managing pipelines with GitHub Actions.
  • Expert-level Terraform experience and mastery of YAML for configuration management.
  • Practical experience designing and deploying Keycloak and OIDC/OAuth protocols.
  • Experience managing and securing Postgres relational databases.

Nice to Have

  • Alternative Tools: Experience with Jenkins, Azure DevOps (ADO), or Ruby scripting.
  • Shell Scripting: Proficiency in Bash or Shell for system-level maintenance.
  • Certifications: AWS Certified Solutions Architect or AWS Certified Security – Specialty.
  • Regulatory Knowledge: Experience designing for compliance frameworks such as SOC2, ISO 27001, or NIST.