DevOps Engineer

Works with: Product, Full-Stack, QA/SDET, fractional DevOps

We’re looking for a Senior DevOps/Cloud Engineer to make delivery fast, safe, and boring. In a fractional capacity, you’ll stand up and evolve our CI/CD, infrastructure-as-code, environments, observability, security guardrails, release strategy, backups/DR, and cost hygiene. You’ll document everything and enable the team to self-serve. Availability is time-boxed (retainer or sprint); incident coverage is during agreed hours, with optional extended/on-call by addendum.

• CI/CD: Build pipelines (build test scan deploy rollback) for web, APIs, and mobile; PR checks, artifacts, versioning, and release automation.
• Infrastructure-as-Code: Provision cloud resources with Terraform (or Bicep/Cloud Deployment Manager); manage dev/stage/prod parity and drift detection.
• Containers & Runtime: Containerize services (Docker); choose/run a simple, reliable runtime (e.g., AWS ECS Fargate or Azure Container Apps; EKS/GKE if required).
• Environments & Networking: VPC/VNet, subnets, routing, security groups/NSGs, load balancers, TLS certs, DNS (Route53/Cloud DNS), CDN (CloudFront/Azure CDN).
• Observability: Wire structured logs, metrics, traces (OpenTelemetry) with dashboards/alerts (CloudWatch/Prometheus/Grafana/New Relic/Datadog); error budgets, SLO/SLIs.
• Security & Compliance Hygiene: IAM least privilege, short-lived credentials, secrets management (SSM/Secrets Manager/Key Vault), image & dependency scanning (Trivy/Snyk), baseline CSPM checks.
• Release Ops: Blue/green or canary (where sensible), feature flags, rollback playbooks; artifact promotion and environment gates.
• Data & DR: Automated backups/restore tests for Postgres/SQL Server/Redis; retention policies; documented disaster recovery RTO/RPO.
• Cost Management (FinOps-lite): Budgets/alerts, tagging, right-sizing, on-demand vs reserved, monthly cost reports with recommendations.
• Documentation & Enablement: Runbooks, onboarding guides, architecture diagrams; coach engineers on pipelines, infra PRs, and incident response.
• Governance: Change via PRs only, approvals, audit trails; quarterly security/cost reviews.
• Tooling Baseline (flexible by client): GitHub Actions/Azure DevOps/GitLab CI; AWS/Azure/GCP; Terraform; Docker; CloudWatch/Prometheus/Grafana; Trivy/Snyk

• 5+ years in DevOps/SRE/platform engineering with production ownership of cloud workloads.
• Depth in one major cloud (AWS preferred) and working knowledge of Azure/GCP.
• Strong with Terraform (or equivalent IaC), Docker, and at least one CI platform (GitHub Actions/Azure DevOps/GitLab).
• Solid networking & security basics: VPC/VNet, load balancers, TLS, IAM/RBAC, secrets, least-privilege access.
• Observability experience: logs/metrics/traces, alerting, and SLO/SLIs; can design dashboards that engineers actually use.
• Proven release engineering: blue/green/canary, rollback strategies, artifact/version management.
• Database ops literacy: backups/restore, migrations, and performance basics for Postgres/SQL Server; cache (Redis) operations.
• Familiar with security scanning (containers/dependencies), patching, and basic compliance hygiene (e.g., SOC 2/ISO expectations).
• Excellent documentation & communication; comfortable working fractionally with clear SLAs and handoffs.

• NCRi welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.
• Please note that any offer of employment will be conditional upon the completion of background and reference checks, including a criminal record check and/or credit check (where applicable).
• We appreciate all applications; however, only those shortlisted will be contacted by our Talent Acquisition Team.