Summary of The Role
Own and operate our AWS/Linux estate for the SaaS solutions hosted by the business. Apply strong information security practices (least-privilege IAM, patching, secrets management, TLS, vulnerability remediation). Bring serverless awareness to choose the right architecture per use case. Collaborate with engineering to plan safe releases, improve observability, and drive reliability and cost efficiency.
Role Responsibilities
- Design, provision, and operate AWS infrastructure (EC2/ASG, ELB, MySQL, S3, IAM, VPC, CloudWatch).
- Build and maintain Terraform modules, backends, and promotion workflows; review infra changes via PRs.
- Manage Linux systems (Rocky): hardening, patching, systemd, storage/filesystems.
- Own Puppet configuration management (modules, manifests, environments).
- Containerize with Docker; maintain images, registries, and runtime configuration.
- Operate MySQL users/roles, backups/restores, parameter tuning, slow-query triage. Ability to build replicable slaves and troubleshoot
- Engineer networking: VPC/subnets, routing, SGs/NACLs, DNS (Route 53), VPN/Direct Connect, TLS/PKI.
- Apply information security controls: IAM least privilege, secrets (SSM/Secrets Manager), patch compliance, vuln remediation, access reviews. Awareness of ISO 27001.
- Introduce serverless where it fits (Lambda jobs, event processing, light APIs); integrate with existing services.
- Observability: metrics/logs/traces, dashboards/alerts, runbooks, on-call participation and incident reviews.
- Cost stewardship: rightsizing, autoscaling policies, storage lifecycle, monthly reviews and actions.
- Ability to script with Bash and Python.
- Administer TeamCity & Jenkins: jobs/pipelines for build, test, packaging, and controlled deployments; agent fleet hygiene and backups.
- Participate in on-call rota.
- Documentation & knowledge transfer: playbooks, handover notes, and KT sessions.
Essential Skills, Knowledge & Experience
- Expert AWS and Linux administration in production.
- Strong networking fundamentals (TCP/IP, HTTP/TLS, routing, load balancing, firewalls).
- Solid MySQL operations (backup/restore, replication basics, performance).
- Terraform (modules, backends, testing, code review).
- Puppet (module design, environments).
- Docker (image authoring, multi-stage builds, registry usage).
- Scripting for automation (Bash plus one of Python).
- Experience supporting Java services alongside LAMP components.
- Demonstrable information security mindset and practice.
Nice to have
- Ansible for ad-hoc/host lifecycle tasks.
- Containers orchestration basics (ECS/EKS/Kubernetes).
- Nginx/Apache tuning, reverse proxying.
- HashiCorp toolchain (Packer, Vault), SSM Parameter Store/Secrets Manager patterns.
- Monitoring stacks (Nagios, APM) and alert design.
Qualification
- 6–8+ years in DevOps or Senior system Engineer, running production systems.
- Evidence of IaC-driven environments and reliable release processes.
- Relevant certifications (AWS, Linux, Terraform) are a plus.
Personal Attributes
- Must be accountable with a strong work ethic, a sense of urgency and ownership, and be able to work effectively both independently and as part of a team.
- Data driven, highly organized, and detailed oriented.
- Able to deliver as efficiently as possible without compromising quality or the customer experience.
- First class communicator with an ability to engage sales teams, operational teams and customer stakeholders up to a senior level with confidence.
- Efficient in approach, developing optimized and simple working methods and processes with a keen eye for detail.
- Continually improving, caring about quality, and delivering customer value.
Work Environment
- General Work Hours: 1.30PM – 10.30PM (WFH) Sri Lanka Time – 45hrs/week.
- Location: Remote WFH + Occasional Meets at our Colombo 5 office – Sri Lanka.
- Benefits: Paid leave, career upskilling opportunities, eLearning courses.
Generating Apply Link...
.png)
