DevSecOps Engineer

What You Will Do

Platform & Abstraction Design (Primary Focus)
- Design and build developer-facing abstractions over AWS and Kubernetes that hide infrastructure complexity.
- Build platform services, APIs, CLIs, controllers, or operators that enable simple deployment workflows similar to modern PaaS platforms.
- Define opinionated defaults for networking, security, scaling, and reliability, while allowing controlled extensibility.
- Treat platform components as long-lived products with clear interfaces, documentation, and adoption metrics.

Software Engineering:
Write production-grade code primarily in:
- Go or Python for platform services, automation, and Kubernetes integrations.
- TypeScript for contributing to the internal developer portal and related APIs.

Apply strong software engineering fundamentals:
- API and interface design
- Versioning and backward compatibility
- Error handling and failure modes
- Testing and maintainability
- Design code with the expectation that other engineers and tenant teams build on top of it.

Internal Developer Portal (Custom-Built)
- Contribute features and improvements to a custom internal developer portal built with TypeScript and NextJS.
- Design workflows, forms, and APIs that enable self-service provisioning, deployment, and observability.
- Ensure the portal reflects platform standards, guardrails, and golden paths.
- Collaborate closely with backend platform components to deliver a cohesive developer experience.

CI/CD, GitOps & Deployment Workflows
- Design and maintain GitOps-based deployment workflows using ArgoCD.
- Build reusable CI/CD abstractions using GitLab CI/CD for build, test, and promotion workflows.
- Integrate CI pipelines with ArgoCD for safe, auditable, and repeatable deployments.
- Support deployment strategies such as canary and blue-green deployments to minimise downtime.
- Reduce deployment friction for tenants by standardising workflows and removing the need for deep CI/CD or Kubernetes expertise.

Infrastructure as Code (IaC)
- Design and maintain reusable Terraform modules that encode platform standards and guardrails.
- Abstract AWS and Kubernetes primitives behind stable, versioned interfaces.
- Ensure infrastructure changes are auditable, repeatable, and safe for multi-tenant usage.

Databases and Data Protection
- Design platform-level patterns for database provisioning and operations.
- Support and validate backup and restore strategies, including automated backups, snapshot management, and recovery testing.
- Work with tenants to ensure data durability, recoverability, and minimal downtime during incidents.

Observability and Monitoring
- Build platform-level observability capabilities using Elastic Cloud for logs, traces, dashboards, and alerting.
- Integrate Prometheus for metrics scraping and collection, with metrics surfaced via Elastic.
- Apply the Four Golden Signals (latency, traffic, errors, saturation) as a core observability principle.
- Provide standard dashboards, alerts, and SLOs that tenants inherit by default.

Production Support and Incident Management
- Participate in incident response for platform components.
- Design platform features that improve debuggability, enable safe rollbacks, and reduce MTTR.
- Drive post-incident improvements by evolving platform design rather than relying on manual processes.

Performance, Optimisation, and Reliability
- Design platform components for scalability, performance, and cost efficiency.
- Identify and address bottlenecks at the platform layer.
- Continuously improve reliability through automation, better defaults, and guardrails.

Tenant Engagement, Developer Experience & Knowledge Sharing
- Engage tenant teams as a technical advisor on platform usage and best practices.
- Produce clear documentation, diagrams, runbooks, and examples that improve onboarding and adoption.
- Gather feedback from tenants and iterate on platform capabilities based on real usage.

Continuous Learning
- Stay current with developments in AWS, Kubernetes, GitOps, and the cloud-native ecosystem.
- Evaluate new tools and patterns relevant to internal developer platforms and PaaS-style workflows.
- Share learnings within the team and contribute to continuous improvement.

Required Skills and Experience

Strong hands-on experience with:

• AWS

• Kubernetes

• Terraform

• GitLab CI/CD

• ArgoCD

• Elastic Cloud (logs, traces, dashboards, alerting)

• Prometheus (metrics scraping and collection)

- Strong programming skills in Go or Python.
- Working knowledge of TypeScript, with a willingness to contribute to a NextJS codebase.
- Proven experience building tooling, services, or abstractions that other engineers depend on.
- Experience supporting production systems, including incident response.
- Experience with databases, including backup, restore, and recovery considerations.
- Ability to communicate clearly with tenant teams and internal stakeholders.

Nice to Have (Bonus)
- Strong experience with TypeScript, React, or NextJS.
- Experience building custom Internal Developer Portals or self-service platforms.
- Experience building Kubernetes controllers, operators, or admission webhooks.
- Familiarity with canary, blue-green, or other progressive delivery techniques.
- Experience with SLOs and reliability engineering practices.