Infrastructure / Site Reliability Engineer (SRE) Bank-Grade Cloud Infrastructure & Platform Reliability Location: US-based (Remote friendly) Experience: Senior-level preferred (5–10+ years) Company: Stablecore About Stablecore Stablecore is building the digital-asset side-core for banks. We help regulated financial institutions safely launch and operate crypto-native products, stablecoins, tokenized deposits, custody, and on-chain payments, while integrating directly with their existing banking cores and compliance frameworks. Our customers are banks. Our counterparts are regulators. Our systems must be correct, auditable, resilient, and secure by default. Role Overview We are looking for an Infrastructure / SRE Engineer to design, operate, and harden the cloud and platform foundations that Stablecore runs on. This role owns reliability, security posture, deployment safety, and operational maturity across a multi-region, bank-grade environment. You will work closely with backend engineers, security, and compliance to ensure that the systems moving real money remain available, correct, and defensible under audit. This is not “keep the lights on” IT. You’ll be building and operating infrastructure that regulators, bank risk teams, and third-party auditors scrutinize in detail. What You’ll Work On - Design and operate multi-region AWS infrastructure with strong isolation and failure boundaries - Own production EKS clusters (multi-region, multi-AZ) including: - Cluster lifecycle, upgrades, and node management - Network policies, ingress/egress, and service isolation - Operate Aurora PostgreSQL (Global Database): - Writer / reader topology - Cross-region replication, failover, and DR testing - Build and maintain CI/CD pipelines in GitLab: - Secure build pipelines - Environment promotion and deployment safety - Artifact integrity and traceability - Manage container supply chain security using Harbor: - Image scanning - Provenance and access control - Operate identity and access control via Keycloak: - Realm design and lifecycle - Integration with internal services and gateways - Design and maintain Cloudflare protections: - WAF, rate limiting, bot protection - Zero Trust access patterns - Implement observability, alerting, and incident response: - Metrics, logs, traces - On-call readiness and runbooks - Partner with security and compliance teams on: - SOC 2 / ISO / bank TPRM requirements - Evidence generation and audit readiness - Participate in architecture decisions around: - Multi-tenancy vs isolation - Blast-radius reduction - Availability vs consistency tradeoffs Technical Stack - Cloud: AWS (EKS, Aurora Global, IAM, KMS, VPC, networking) - CI/CD: GitLab - Edge & Security: Cloudflare - Identity: Keycloak - Container Registry: Harbor - Platform: Kubernetes - Observability: Metrics, logs, tracing (tool-agnostic, but production-grade) What We’re Looking For - Strong experience operating production AWS infrastructure at scale - Deep hands-on experience with Kubernetes / EKS - Experience running PostgreSQL or Aurora in high-availability, regulated environments - Comfort owning production reliability, including on-call and incident response - Strong security instincts around: - IAM and least privilege - Network boundaries - Secrets management - Experience designing systems that survive audits, failures, and human error - Clear communication and calm judgment during incidents Nice to Have - Experience supporting fintech, banking, or regulated platforms - Prior exposure to SOC 2, ISO 27001, FFIEC, or bank TPRM processes - Experience with multi-region DR testing and failover exercises - Familiarity with GitOps or infrastructure-as-code patterns - Experience supporting platforms that move money or other irreversible assets Why This Role Is Interesting - You’ll build infrastructure that banks trust with real money - Reliability, security, and correctness actually matter here - Problems are concrete, high-stakes, and non-theoretical - Close collaboration with backend, security, and compliance teams - Opportunity to shape foundational platform decisions early

• Own the DevSecOps roadmap • Define and execute the strategy for integrating security across our SDLC — SAST, DAST, dependency scanning, secrets detection, container security — ensuring controls are comprehensive without becoming delivery bottlenecks • Lead complex, cross-functional programs • Manage a portfolio of interdependent security and infrastructure initiatives • Map dependencies, hold delivery cadences accountable, and escalate the right things at the right time • Build paved roads • Design shared pipeline templates, hardened base images, and reusable IaC modules that embed security as a default — reducing cognitive load on developers and eliminating per-team reinvention of compliance • Own risk and compliance • Maintain a clear view of technical security risk across your portfolio • Keep teams continuously audit-ready against relevant frameworks (SOC 2, ISO 27001, HIPAA, HITRUST) through automation, not heroics • Communicate across all levels • Translate security risk into business language for executives, and compliance requirements into engineering priorities for teams

• Define product infrastructure according to the architecture guidelines; • Ensure environment resilience; • Align and manage SLIs, SLAs, and SLOs; • Troubleshoot application infrastructure (understands, participates, and proposes solutions); • Assist with application troubleshooting when requested by developers; • Drive monitoring, logging, and automation solutions; • Document product infrastructure; • Understand and participate in capacity and cost planning for the infrastructure; • Analyze application trends; • Propose new solutions for the product; • Participate in POCs and tests for new solutions; • IaC: Infrastructure as Code; • Deploy/create cloud infrastructure (Azure, OCI, AWS, and GCP); • Request and follow up on on-premises infrastructure work with the respective teams.

• Help build and scale the internal development platform. • Build tools, services, and automation for the engineering team. • Provide autonomy and a self-serve culture for teams. • Foster adoption of IA and agentic development while ensuring security and architectural standards.