• Own and improve the reliability, scalability, and day-to-day operability of our production platform. • Design and evolve deployment workflows that make shipping safer, faster, and more predictable for engineering teams. • Improve our Kubernetes workloads and surrounding runtime concerns - configuration, secrets handling, resource usage, resilience, and environment consistency. • Raise the bar for observability: make failures easier to detect, debug, and learn from through pragmatic monitoring, alerting, and instrumentation. • Partner closely with application engineers to improve developer experience, reduce toil, and remove infrastructure bottlenecks that slow delivery down. • Operate with autonomy: identify operational risks, propose sensible improvements, and follow through without needing to be managed.

Role Description - Take ownership of AWS-based infrastructure, managed via Terraform across a multi-account, multi-tenant estate. - Drive improvements in multi-tenant SaaS infrastructure design, scalability, and self-service (documentation, runbooks, PR-based workflows) so engineering teams are not blocked on tickets. - Enable AI engineering and product teams — infrastructure for AWS Bedrock, LangChain-based services, and sandbox accounts so AI features and internal tooling can move fast without compromising guardrails. - Maintain and extend CI/CD pipelines with GitHub Actions (including OIDC to AWS). - Ensure high-quality Docker usage for local dev setups, testing pipelines, and deployments. - Own operational identity management with FusionAuth (SSO, migrations, Terraform operationalisation). - Improve monitoring and observability with Sentry and CloudWatch (including cross-account patterns for developers). - Champion security, privacy, and compliance best practices across the platform (including ISO 27001-aligned controls). - Support migration programmes (e.g. E-WISE, MINT/Esperanto) with AWS accounts, networking, DNS, and cutover work. - Collaborate with engineering, product, operations, IT, and external partners. Qualifications - At least 5–8 years of DevOps experience, with a strong track record in AWS cloud infrastructure (multi-account strongly preferred). - AI-minded: comfortable supporting LLM/AI workloads on AWS (e.g. Bedrock, LangChain services, Lambda/ECS patterns, observability and cost control for inference pipelines) and working in teams that develop with AI-assisted workflows. - Proven expertise with Terraform (IaC) and Git-based workflows. - Experience setting up and managing CI/CD pipelines (GitHub Actions, or comparable tools). - Deep knowledge of security and compliance in cloud environments. - Skilled in monitoring and observability (Sentry, CloudWatch, or equivalents). - Experience operating SSO/identity in SaaS. - Hands-on experience with multi-tenant SaaS platforms and migration programmes (DNS, auth, data plane). - Strong communication skills, able to advise both technical and non-technical stakeholders. - Excellent English skills (min. B2+). Requirements - Salary range: - Poland & EU: PLN 16,800 - 28,200 (B2B contract) + 20 paid days off. - Poland: PLN 14,000 - 23,500 (Contract of Employment). Benefits - Access to the WorkSmile platform offering benefits adapted to your preferences. - 175 PLN monthly lump sum (ryczałt) for remote employees. - Various internal initiatives: webinars, knowledge sharing sessions.

• Configure, manage, and optimize Cloudflare services including: Web Application Firewall (WAF) CDN and caching strategies Firewall rules, rate limiting, bot management, and custom rules • Analyze Cloudflare logs to identify: Security threats and attack patterns Performance bottlenecks False positives and rule tuning opportunities • Partner with engineering teams to safely expose APIs and customer-facing endpoints • Own AWS security posture, including: IAM best practices and least-privilege access Network security (VPCs, security groups, NACLs) Encryption, key management, and compliance controls • Drive AWS cost optimization initiatives: Analyze usage patterns and spend Recommend and implement savings strategies (e.g., right-sizing, reservations, architectural improvements) • Establish and maintain security and operational standards across AWS accounts and environments • Design, optimize, and maintain centralized logging and observability across: Amazon CloudWatch, New Relic, Sumo Logic, Cloudflare • Improve signal-to-noise ratio by: Reducing redundant or low-value logs Standardizing log formats and metadata • Build and refine dashboards, alerts, and SLO/SLI-based monitoring to improve system visibility and reliability • Create, document, and continuously improve incident response processes, including: Detection, escalation, and communication Root cause analysis and post-incident reviews • Act as a senior responder for security and availability incidents Drive preventative improvements based on incident learnings • Partner with engineering and product teams to embed security and reliability earlier in the development lifecycle

• Design, develop and maintain automation framework and scripts to streamline security processes and workflows • Deploy and manage AWS resources using Terraform, ensuring secure and scalable infrastructure • Implement innovative security solutions to reduce the mean time to detect and respond • Implement and optimize AWS Step Functions and Lambda for serverless automation workflows • Leverage AWS security-centric services (e.g., IAM, Control Tower, KMS, Macie, GuardDuty, CloudTrail, EventBridge) to enhance cloud security • Collaborate with cross-functional teams to integrate security automation into CI/CD pipelines • Monitor and troubleshoot AWS infrastructure to ensure high availability, performance and compliance • Stay updated on AWS best practices, security trends, and emerging technologies to drive continuous improvements • Perform hands-on support for a wide range of security technologies, including, but not limited to: Pipeline security, DevSecOps, CloudFormation templates, Terraform, Docker, Kubernetes, SIEM, CSPM and Vulnerability Scanners.