DevOps Engineer (Crypto Custody Platform)

Location: Remote/Hybrid, overlap with UTC+2/3

Team: DevOps/SRE

Domain: Digital Asset Custody, cloud platform, infrastructure, CI/CD, security, observability

About The Role

We are looking for a DevOps Engineer to help build, operate, and improve the platform for a security-first crypto custody product: cloud infrastructure, Kubernetes, CI/CD, GitOps delivery, observability, and production operations.

The role involves hands-on work with AWS, Kubernetes, Terraform, GitLab CI/CD, GitOps, observability, and security tooling. We value an engineer who can investigate production infrastructure issues, automate routine work, and improve platform reliability without adding unnecessary complexity.

What You'll Do

• Maintain and evolve AWS infrastructure using Terraform.

• Work with Kubernetes/EKS: deployment, networking, troubleshooting, and resource management.

• Develop GitLab CI pipelines for build, test, security checks, and deployment.

• Support a GitOps delivery model with ArgoCD and Helm.

• Configure and improve monitoring, logging, and alerting.

• Work with secrets, IAM, service accounts, and least-privilege access patterns.

• Participate in incident troubleshooting, root cause analysis, and runbook improvements.

• Help embed security practices into delivery flows: image scanning, dependency scanning, and policy checks.

• Collaborate with backend, frontend, and security teams on infrastructure and delivery topics.

Must-have Experience

• 2-3+ years of experience as a DevOps, SRE, or Platform Engineer.

• Strong Linux knowledge and solid networking basics: DNS, TLS, HTTP.

• Hands-on experience with AWS or another major cloud provider.

• Experience operating Kubernetes in production or close-to-production environments.

• Experience with Terraform or another IaC tool.

• Experience building and maintaining CI/CD pipelines, preferably with GitLab CI.

• Understanding of GitOps; experience with ArgoCD or Flux is a plus.

• Experience with Docker/OCI images, container registries, and Helm charts.

• Basic understanding of observability: metrics, logs, traces, and alerts.

• Understanding of security basics: IAM, secrets management, vulnerability scanning, and least privilege.

• Ability to investigate issues using logs, metrics, and documentation.

• Readiness to document decisions and maintain runbooks/operational docs.

Nice to Have

Cilium, Istio, Gateway API, Kyverno.

• External Secrets Operator, IRSA, OIDC to AWS.

• GitLab CI catalog components or reusable pipeline templates.

• OpenTelemetry, VictoriaMetrics/Prometheus, Loki, OpenSearch, Grafana.

• Supply chain security: Cosign, SLSA, SBOM, Trivy, SonarQube.

• Teleport, PAM, VPN-first/private infrastructure access.

• Runtime security tools: Falco, Tetragon.

• Bare-metal, k3s, Ansible.

• Confidential Computing: Intel TDX, AMD SEV-SNP, Kata Containers.

• Fintech, crypto, regulated, or security-sensitive domain experience.

Soft Skills

• Ownership mindset: drive tasks to completion and think about reliability and maintainability after release.

• Clear communication with backend, frontend, security, product, and compliance teams.

• Pragmatic engineering approach: choose simple, maintainable solutions and avoid unnecessary infrastructure complexity.

• Security-first mindset: consider least privilege, failure modes, auditability, and production access risks.

• Comfort with ambiguity and fast iteration without losing engineering discipline