• Design, implement and maintain the tools and systems that support service reliability, monitoring, and alerting. • Collaborate with other engineering teams to ensure services are designed with reliability in mind, and provide guidance on the appropriate use of tooling and automation. • Identify opportunities to improve the reliability, scalability, and efficiency of our services and drive their implementation. • Work with infrastructure engineers to understand the challenges they face in operating our services and develop tools and systems to help them manage these challenges. • Participate in incident response and post-mortems to identify and address systemic issues. • Continuously evaluate new technologies and industry best practices to improve our SRE tooling and incident response procedures. • Gain and maintain an intimate understanding of how the critical parts of the site work (services, infrastructure, product, tools, and processes) • Lead high-urgency incidents and mentor less-experienced engineers in effectively handling incidents.

• Design and Implement Infrastructure as Code (IaC): Utilize Terraform to automate and manage infrastructure across Azure and Cloudflare, ensuring consistent and scalable deployments. • Database Management: Oversee PostgreSQL DB operations and automate DB-related tasks to streamline database management. • Message Queue Configuration: Deploy and configure message queues to facilitate efficient data processing and communication between services. • CI/CD Pipeline Management: Develop and maintain CI/CD pipelines using GitHub Actions, automating the software delivery process to improve deployment efficiency. • Infra Security and Management: Ensure security across the infrastructure, enforcing RBAC practices and applying best practices for compliance and security within the DevOps lifecycle. • Monitor, Optimize, and Ensure Observability of System Performance: Implement and maintain monitoring and observability solutions to track and optimize system performance, identify bottlenecks, and maintain system health. • Troubleshoot and Resolve Infrastructure Issues: Quickly diagnose and resolve any infrastructure-related issues, ensuring minimum disruption to our services.

• Create, maintain and evolve Terraform modules for provisioning the data infrastructure. • Manage state management, workspaces and infrastructure versioning best practices. • Ensure reproducible, auditable and traceable infrastructure via code. • Provision and manage networks (VPCs, subnets, firewall rules) following security best practices. • Configure IAM: roles, policies and service accounts with the principle of least privilege. • Manage Google Cloud Storage (GCS) as the storage layer for the data platform. • Ensure compliance with cloud security and governance policies. • Provision and configure Databricks workspaces via Terraform/IaC. • Manage clusters, jobs, notebooks and permissions on the platform. • Integrate Databricks with GCP infrastructure (service accounts, VPC, GCS, IAM). • Build and maintain CI/CD pipelines for infrastructure (GitHub Actions or similar). • Apply GitOps practices: all infrastructure changes via Pull Request with review and automated validation. • Ensure secure and auditable deployment across multiple environments (dev/staging/prod). • Implement secrets and credential management following best practices (Secret Manager, Vault, etc.). • Automate and standardize environments to ensure consistency and eliminate manual configuration. • Support the data team with reliable, self-service infrastructure.

• Provide DevSecOps platform services that integrate security, compliance, and monitoring into all phases of cloud infrastructure and data products lifecycle management • Integrate IT Security Office approved-automated security controls, orchestrating vulnerability management, administering policy compliance, and providing continuous monitoring • Maintain secure and stable systems that enable continuous integration and delivery and reduce operational risk and support enterprise agility • Perform continuous scanning of all source and executable repositories for evolving threats detected after services are implemented • Ensure all code and IaC changes are version-controlled, peer-reviewed, security-scanned, and approved before promotion to production • Maintain continuous monitoring and alerting for all production deployments, with rollback procedures in place • Provide CI/CD pipeline and workflows for building, testing, and deploying. Promote workloads across environments with automated controls and approvals • Integrate security and compliance checks into CI/CD pipelines • Document all DevSecOps processes, standards, and toolset configurations, and maintain version-controlled documentation accessible to stakeholders • Integrate change control gates into the automated CI/CD workflow, with appropriate controls to prevent unauthorized or unreviewed code deployments to production • Coordinate with AO teams to establish and maintain standards for DevSecOps processes and toolsets, ensuring integration and interoperability across the enterprise ecosystem • Facilitate integration with third-party development, operations, and security tools to enable end-to-end visibility and control • Provide comprehensive end-user guides and training content for containerized pipeline features and security practices for the development team members • Conduct regular review and updates of DevSecOps practices and toolsets to incorporate emerging technologies, threat intelligence, and lessons learned • Create DevSecOps metrics reports (example: deployment frequency, mean time to resolution, vulnerability remediation time) to demonstrate effectiveness and drive improvement