DEVOPS GUARDIAN (Bare-Metal Infrastructure)

DEVOPS GUARDIAN (Bare-Metal Infrastructure)

Company: NEWAX TECHNOLOGIES (SMC-PRIVATE) LIMITED

Entity Type: Premier Digital Infrastructure Firm

The Mandate: "Infrastructure is Power." Newax Technologies hosts proprietary ecosystems on bare-metal servers to eliminate the "Rental Economy" of AWS/GCP. We need a paranoid, hyper-competent DevOps Guardian to protect the "Vault." You are responsible for maximum uptime, extreme abstraction, and ensuring zero vulnerabilities across our client deployments.

Core Responsibilities:

• Provision, secure, and monitor bare-metal Linux servers and Virtual Private Servers (VPS).
• Manage our self-hosted deployment environments (Coolify) to ensure seamless containerized rollouts.
• Enforce the "Sandbox Mandate": Ensure no core infrastructure is swapped in production without automated load testing and Canary Deployments.
• Configure and manage Nginx reverse proxies, SSL certificates, and strict firewall rules.
• Implement automated database backups, disaster recovery protocols, and system health telemetry.

Technical Requirements:

• Mastery of Containerization (Docker, Docker Compose).
• Deep knowledge of Linux architecture (Ubuntu/Debian) and CLI operations.
• Advanced web server configuration (Nginx).
• Strict server security hardening expertise (UFW, SSH key management, Fail2ban).
• Familiarity with CI/CD pipelines and self-hosted PaaS solutions.

The Hiring Protocol (Proof of Work ONLY): To claim this seat, complete the following test:

The Trial: Provision a secure Virtual Private Server (VPS). Deploy a custom CLI container via Docker, configure an Nginx reverse proxy with SSL, and document your security firewall configurations. Submit the IP and documentation.

Job Type: Full-time

Pay: Rs500,000.00 - Rs1,100,000.00 per month

Application Question(s):

• At Newax, we reject the 'Rental Economy' of AWS and Vercel. We host enterprise Next.js and n8n applications on bare-metal VPS using Coolify and Docker. In 3 sentences, explain how you handle SSL certificate generation, auto-renewal, and reverse proxying for 50 different client domains pointing to a single bare-metal server IP.
• We hand you a completely raw, unconfigured Ubuntu 24.04 server exposed to the public internet. What are the first 5 terminal commands or configurations you execute to secure it against automated brute-force attacks before installing any application infrastructure?
• A client's bespoke Enterprise OS is live and handling active WebSocket connections for real-time telemetry. We need to deploy a major Next.js update. Explain how you execute a 'Canary Deployment' on a self-hosted Docker environment to route exactly 5% of traffic to the new container without dropping the existing WebSocket connections.
• Our primary bare-metal server experiences a catastrophic SSD failure. We have a self-hosted Supabase (PostgreSQL) database inside a Docker container. What automated backup strategy should you have already implemented to ensure we can restore the database to a completely different VPS within 15 minutes, with less than 1 hour of data loss?

Experience:

• Linux System/Docker/Nginx/Traefik/Bare-Metal Provisioning: 4 years (Required)

Language:

• Technical English (Fluent) (Required)

License/Certification:

• GitHub with IaC or RHCE/CKA certificates (Preferred)

Work Location: In person