• Implement best in class cloud-based solutions in AWS using infrastructure as code • Deploy, setup, and run infrastructure configurations for various AWS services, utilizing Infrastructure as Code such as Terraform • Engage with technical stakeholders including but not limited to application development, networking, infrastructure, information security, risk, enterprise identity and access management, and security operations • Enable and optimize the automation of application and infrastructure environments • Be part of a team where you collaborate to build cloud infrastructure, with an understanding of AMI, Containers and serverless functions • Develop, maintain and improve continuous integration/continuous delivery (CI/CD) pipelines for delivering features, fixes and system updates in development, integration and production environments. • Set up, integrate, and maintain a scalable, stable set of CI/CD tools to support development, testing, and security scanning. • Implement Amazon CloudWatch, Splunk and other third party monitoring solutions to provide continuous monitoring capabilities, track all aspects of the system, infrastructure, performance, application errors and roll up metrics. • Analyze functional and non-functional business requirements, translate them into technical operational requirements, and propose CI/CD pipelines with tools and plugins.

Role Description HERE is seeking a Government focused DevOps Engineer to join our team! The primary responsibilities for this role will span CI/CD pipeline engineering and cloud operations, maintaining and improving our GitHub CI/CD pipelines, and supporting our AWS cloud infrastructure. In this role, you will grow your hands-on experience with real production build systems and cloud platforms while having the opportunity to work on practical projects that directly impact both our development velocity and operational reliability. You will play a vital role in ensuring our infrastructure complies with federal standards, directly supporting the delivery of our secure browser environment to public sector clients. We're actively evolving toward a cloud-agnostic, multi-cloud architecture and migrating to Kubernetes for container orchestration. While current AWS and ECS experience is essential, having exposure to Azure, GCP, and Kubernetes will position you well for our infrastructure roadmap. Responsibilities - CI/CD Pipeline Development: - Build, maintain, and optimize CI/CD pipelines for multi-platform builds (Windows, macOS, Linux). - Work with YAML configurations, pipeline stages, artifacts, and deployment workflows. - Integrate security and vulnerability scanning tools directly into the CI/CD pipeline to support automated compliance validations (DevSecOps). - Cloud Infrastructure Operations: - Help maintain and improve AWS infrastructure including ECS/Fargate deployments, RDS databases, Route53 DNS, VPC networking, and IAM policies. - Support multi-tenant, multi-region, and highly isolated or public-sector specific cloud architectures (e.g., AWS GovCloud deployments). - Container & Deployment Management: - Work with Docker containers, ECS task definitions, and ECR registries. - Deploy and manage containerized Node.js applications in production environments. - Assist in the implementation of hardened container base-images aligned with federal or highly-regulated industry security benchmarks. - Release Management: - Help manage release processes including version promotion, release channels (canary, beta, stable), and automated deployment to staging and production environments. - Database Operations: - Support PostgreSQL on AWS RDS—backups, SSH tunneling through bastion hosts, read-only user management, and database configuration for multi-tenant environments. - Automation & Scripting: - Write and maintain automation scripts in Bash, PowerShell, Python, and Node.js. - Build tools to improve infrastructure reliability and developer experience. - Internal Tools Support: - Help maintain web-based DevOps tools built with Express.js, React, and TypeScript—tools for cloud settings management, tenant provisioning, and deployment monitoring. Qualifications - Ideally 2 to 4 years of experience with the following core requirements: - GitLab CI/CD: Experience with GitLab CI/CD pipelines—YAML configuration, stages, jobs, artifacts, rules, dependencies. - Understanding of CI/CD best practices and pipeline optimization. - AWS Cloud Fundamentals: Production level experience with core AWS services—EC2, ECS/Fargate, RDS, Route53, VPC, IAM, Secrets Manager, CloudWatch. Comfortable navigating the AWS Console and CLI. - Multi-Platform Scripting: Solid scripting skills in Bash (Linux) and PowerShell (Windows). Ability to write maintainable automation scripts for both platforms. - Containerization: Hands-on Docker experience—building images, writing Dockerfiles, docker-compose, understanding container networking, and working with ECS/ECR. - Build Systems: Experience with build tools and package managers—npm/Node.js, .NET/NuGet, Python packaging. Understanding of dependency management and build artifacts. - Version Control: Strong Git fundamentals—branching strategies, merge requests, tagging. Experience with GitHub (or GitLab) workflows and code review practices. - Linux/Unix & Windows: Comfortable in both environments—SSH, file permissions, package managers, systemd, PowerShell. Understanding of cross-platform operational challenges. - Node.js/JavaScript: Comfortable reading and writing JavaScript/Node.js code. Experience with npm, package.json, and basic Express.js applications for tooling. - Functional knowledge of federal compliance frameworks like FedRAMP, NIST SP 800-53, DISA STIGs, or DoD Cloud SRG (IL4-IL6). - U.S. citizenship is mandatory; holding an active Secret clearance is preferred, or the ability to obtain one as required. - Ability to function effectively under stringent change control processes, regular auditing, and detailed documentation standards. Nice to Have - Kubernetes experience (EKS, GKE, AKS) or willingness to learn, we're migrating from ECS to K8s. - Multi-cloud experience (Azure, GCP) or cloud-agnostic architecture knowledge. - GitLab Runner administration and configuration. - AWS CDK or CloudFormation for Infrastructure as Code. - Terraform for multi-cloud infrastructure management. - TypeScript development experience. - PostgreSQL database administration and optimization. - .NET build systems and NuGet package management. - React or frontend framework experience. - Airflow or workflow orchestration tools. - Helm charts and Kubernetes manifest management. - Familiarity with FIPS 140-2/3 cryptographic compliance standards. - Hands-on experience with GitHub Actions administration and environment scaling. - Exposure to enterprise secret management tools like HashiCorp Vault or CyberArk. - Direct support of ATO (Authority to Operate) processes and eMASS documentation. Benefits - Generous Paid Time Off, Paid Holidays & Sick Time - Competitive & Comprehensive Health Insurance - Thoughtfully-Planned Paid Parental Leave - Financial Well-Being Plans (FSA) (401k) (Life Insurance) - Stock Options - Professional Development Courses - Employee Resource Groups Additional Perks - One Medical - Free Membership - Talkspace - Mental Health Therapy 24/7 - Team Lunches - Casual dress code - Commuter Benefits (NYC employees only) - Citibike (NYC employees only) Salary Range $145k - $185k This base salary range represents the low and high end salary range for this particular position; not all encompassing of the total compensation package. Actual salaries may vary depending upon but not limited to experience, special skill set, education and location. This range represents only one aspect of HERE’s total compensation package offered to employees. Other forms of compensation may be stock options, commissions, paid time off and other variable benefits.

• Liderarás la estrategia de infraestructura cloud y seguridad de la compañía en entornos GCP y AWS. • Definir y ejecutar la estrategia de seguridad cloud: zero trust, segmentación de red, mínimo privilegio y defense-in-depth en GCP y AWS. • Implementar controles preventivos y detectivos: WAF, DDoS mitigation, IDS/IPS, SIEM y gestión de vulnerabilidades (SAST, DAST, CVE tracking). • Integrar seguridad en el pipeline CI/CD (shift-left): secret scanning, image scanning y análisis de dependencias. • Liderar respuesta a incidentes, threat modeling y coordinación de ejercicios de red team / pentesting externo. • Diseñar y mantener infraestructura cloud en GCP (GKE, Cloud Run, Cloud SQL, Pub/Sub, IAM) y AWS (ECS/Fargate, EKS, RDS, SQS, VPC, IAM). • Gestionar IaC (Terraform), pipelines CI/CD, observabilidad (Prometheus, Grafana, DataDog) y confiabilidad (SLOs/SRE).

• Own production reliability for Climavision’s customer-facing platform and radar-derived weather data services across Azure, colocation, and edge Kubernetes environments. • Contribute to the definition and improvement of SLIs, SLOs, alerting standards, and operational metrics used to measure platform reliability. • Support and coordinate production incident response efforts, including troubleshooting, mitigation, communication, and postmortem analysis. • Diagnose and resolve complex production issues across application services, Kubernetes infrastructure, storage, and distributed systems. • Drive multi-replica and multi-cluster high availability across Climavision’s .NET services. • Improve reliability and operational maturity of production platform services, including observability, autoscaling, ingress, and distributed storage. • Partner with software engineering teams to improve production readiness, resiliency patterns, deployment safety, and operational visibility before services reach production. • Support and evolve Climavision’s observability platform, including metrics, logging, distributed tracing, dashboarding, and alerting.