Highlights:

Location: Remote (CET hours preferred)

Compensation: €4,900 - €6,200 Gross + stock options

Language: Russian-speaking team

About Fundraise Up

We’re Fundraise Up - a global fundraising platform built to make donating to nonprofits fast, seamless, and accessible to all. Every month, our technology powers tens of millions of dollars in donations across the globe. We focus on innovation that directly impacts results: faster load times, higher conversion rates, global payment support, and accessibility-first design.

Our platform is trusted by many of the world’s leading nonprofits, including UNICEF, the Alzheimer’s Association, and a wide range of global NGOs. With a 4.9/5 rating across top software review platforms, we’re recognized not just for our impact - but for the quality of the product we deliver.

A Truly Global Product

We operate in the enterprise segment, serving nonprofit organizations across North America, the United Kingdom, Australia, and Europe.

We’re building a large and complex product ecosystem that serves nonprofits, donors, and partners around the world. The platform includes a modern checkout experience and customizable widgets (each a standalone SPA), donor, organization, and partner portals, admin tools, and several internal apps.

Our backend is powered by Node.js (Koa, NestJS) and MongoDB. The frontend stack includes Webpack, Vue.js, and React, with nearly all code written in TypeScript. For high-throughput messaging and background processing, we use Kafka (for millions of events) and Bull (Redis). Analytics data is stored in ClickHouse, and we use Elasticsearch for search.

The Team

We are a distributed team of 160+ product professionals, including 80+ engineers. Our team members are mainly based across Spain, Poland, Portugal, Georgia, Armenia, Serbia, Turkey, and Cyprus. Many of our developers bring 5 - 10+ years of experience, and we foster a culture of deep technical curiosity and knowledge sharing.

Despite our scale, we operate like a focused team - where every task matters and every voice is heard. We value thoughtful collaboration, strong engineering practices, and a product mindset. You’ll be joining a team where quality, mentorship, and mutual respect come first.

About the Role

You will join a small team responsible for the stability, performance, and security of our server infrastructure: bare metal, VMs, databases, queues, networking, and infrastructure security. Our philosophy is simple: the team owns its systems end-to-end, and every engineer should be able to diagnose and fix issues in their area of responsibility.

This role is for someone who enjoys working with real infrastructure (OS, hardware/virtualization, networks), not just cloud abstractions.

What You'll Do

• Work primarily with on‑premise infrastructure (bare metal and VMs): setup, maintenance, troubleshooting
• Drive clarity in ambiguous situations by defining requirements, assumptions, and next steps
• Own automation projects end‑to‑end (design → rollout → maintenance)
• Improve how we operate: harden and tune systems and also improve the way the team works in terms of operational hygiene
• Keep the platform stable, fast, and secure: servers, web servers, databases, queues
• Investigate production incidents across OS / networking / infrastructure layers, apply temporary mitigations, coordinate with developers and participate in post‑mortems
• Participate in on‑call rotations
• Use AI in all aspects of day‑to‑day work: researching, troubleshooting, developing

Requirements

• 4+ years as a DevOps Engineer / SRE (or very close responsibilities)
• Real, hands-on experience with servers (VMs, bare metal) at the OS level and below: configuring, troubleshooting, digging into “why it’s broken”
• Confident Linux skills (we use Ubuntu). We expect you to be comfortable with the core tools from Linux Crisis Tools
• Solid understanding of networking basics; ability to configure and troubleshoot iptables
• Ansible + Git
• Experience with Bash or Python scripting for automation/observability
• Production/on‑call experience: diagnosing incidents, restoring service, participating in post‑mortems
• Ownership and attention to detail. Downtime is expensive: five years ago, 10 minutes of downtime cost us $100k — today it’s even more

Nice to Have

We understand it’s impossible to be an expert in everything, but it’s important to have solid hands-on experience in two or more of the areas below:

• ClickHouse, MongoDB: what each database is used for, monitoring, troubleshooting performance and slow queries, sharding
• Kafka: operating clusters at scale (topic moves, broker replacements, tuning)
• Redis: high‑load tuning, replication, sharding, performance monitoring
• Elasticsearch: configuration, scaling, sharding/cluster management
• HAProxy / Nginx: load balancing, SSL/TLS, caching, reverse proxying, performance monitoring
• OS tuning: kernel/network stack/filesystem parameters for high‑load systems
• Full Disk Encryption on LVM: We use Clevis + Tang in production
• Infrastructure Security: Teleport, HashiCorp Vault

Bonus points

Great if you’ve worked with any of the following:

• VictoriaMetrics and how it differs from the Prometheus stack
• Complex CI/CD pipelines. We use scripted Jenkins pipelines
• Bare‑metal Kubernetes: provisioning, networking (MetalLB or alternatives), isolation from the internet, scaling across providers (like OVH, Hetzner) and integration with existing infrastructure
• Flux and GitOps
• Terraform

Why work with us

• A strong, collaborative product team that owns what it builds
• Clear product vision and access to real customer feedback from global nonprofit leaders
• Flat structure: no politics, just great work with great people
• Transparent company culture-we share how we’re growing, where revenue comes from, and what’s next
• Long-term focus: we offer equity options and value sustained, meaningful contribution

Benefits

• 31 days off
• 100% paid telemedicine plan
• Home Office Setup Assistance: the company offers assistance with purchasing furniture (office chair, office desk, monitor) and other items to create a comfortable workspace.
• English learning courses
• Relevant professional education
• Gym or swimming pool
• Co-working
• Remote working.

_{**Please note: All official correspondence from Fundraise Up will exclusively originate from the @fundraiseup.com domain. Exercise caution and ensure the authenticity of emails claiming to be from our company.}

Responsibilities

We are looking for an exceptional Senior Backend Developer (GOlang) to join our growing Engine team. The Engine team develops and maintains most things related to Workato Recipe runtime. Everything related to recipe execution: DSL, pulling events, processing webhooks, executing jobs. There are various aspects to it: performance, scaling, storage, durability, atomicity, concurrency guarantees, data protection, and encryption.

• Build/extend/troubleshot/fix complex heterogeneous GOlang applications, as well as small self-contained GOlang microservices.

• Improve execution engine of custom third-party code (isolation, performance, new features).

• Write well designed, testable, efficient code in GOlang.

• Integration of data storage solutions Postgres/S3/DynamoDB/Kafka/ClickHouse etc.

• Contribute in all phases of the development lifecycle.

• Provide code reviews to your teammates.

• Evaluate and propose improvements to existing system.

• Identify bottlenecks and bugs, and devise solutions to these problems.

• Help maintain code quality, organization and automatization. 

Requirements

Qualifications / Experience / Technical Skills

• Strong experience in building scalable distributed backend applications (7+ years).

• Great understanding of all building blocks of large web applications: databases, load balancers, application servers, message brokers, caching, monitoring, etc.

• Good understanding of network protocols and stacks.

• Good understanding of DB technologies: classic databases and modern no-SQL.

• Knowledge of basic data structures and algorithms and how they are used is a must.

• Excellent debugging, analytical, problem solving, and social skills.

• BS/MS degree in Computer Science, Engineering or a related subject, 7+ years of industry experience.

Can be a plus

• Experience in related fields (DevOps, ML, DBA, Enterprise applications, etc).

• Experience in building/deploying data processing pipelines.

Soft Skills / Personal Characteristics

• Readiness to work remotely with teams distributed across the world and timezones.

Job Req ID: 2314

About the Role

Our Mapping team tackles the spatial intelligence of the platform: road matching, low-latency ETA predictions, and processing thousands of coordinates every second to ensure every journey is accurately tracked.

We’re looking for a Mid/Senior Backend Engineer to join a team that keeps frameworks lean and focuses on what matters: clean, maintainable code, shipped fast with TDD, DDD, and continuous integration and delivery.

We are a Go shop, and while we’re busy migrating away from our Ruby monolith, our stack includes PostgreSQL, MongoDB, RabbitMQ, Redis, gRPC, and Thrift. Everything runs on AWS and Kubernetes, managed via Terraform.

Our interview process includes a recruiter screen, algorithms and live coding. Senior+ candidates also complete a system design section and a structured review of past experience and achievements.

Responsibilities

• Write high-quality, performant code primarily in Go.
• Implement new microservices while helping us responsibly manage and migrate away from legacy services.
• Work closely with product managers, designers, and data scientists to turn abstract requirements into concrete technical designs.
• Ensure our systems stay responsive under heavy load, optimising for both latency and reliability.

Requirements

• 3+ years of experience (5+ years for seniors) building and maintaining scalable backend services.
• We use Go. If you know it, great. If not, we’ll interview you in your strongest language (Python, C++, Java, Ruby, etc.). We hire for engineering fundamentals, not syntax.
• In-depth knowledge of relational and NoSQL databases (PostgreSQL, MongoDB, Redis) and experience with message brokers like RabbitMQ or Kafka.
• At least 1 year of hands-on experience with mapping-related work such as processing noisy geospatial data, map-matching techniques, or road network graphs and routing algorithms.
• Upper-Intermediate (B2) English proficiency or higher. You should be comfortable debating technical trade-offs with your peers.

Nice to have

• Driver-side intuition for navigation systems (rerouting behavior, GPS drift, missed turns, real-world edge cases).
• Experience with routing engines like OSRM.
• Proficiency in C++.
• Familiarity with open geospatial datasets such as OpenStreetMap.

What we Offer

• Office-based role in Nicosia, four days a week with flexible start and finish times, plus one remote day of your choice
• Competitive salary
• Employee stock options plan
• Private medical and dental insurance
• Daily Lunch allowance
• Latest-generation MacBook Pro and 4k display
• Professional development stipend
• Relocation support, including visa sponsorship and allowance

About the Role:

Wrike’s Security team is the frontline defense ensuring the integrity and credibility of the data stored within our platform. In this senior position, you will own and evolve the security posture for Wrike’s production, Kubernetes, and GCP environments. You aren't just maintaining systems; you are architecting a "secure by default" infrastructure that allows our engineering and other teams to move fast without compromising safety.

Your Impact:

• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet.

• Strategic Defense: Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management.

• Collaborative Architecture: Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes.

• SIEM Evolution: Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility.

• Mentorship: Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.

Your Qualifications:

• Cloud & Container Mastery: Extensive experience with GCP permissions and security configurations within Kubernetes, Azure, and on-prem environments.

• Technical Depth: High proficiency in Intrusion Detection, Exploit Dev, Linux Operations and Security Understanding

• Security Architecture: Proven ability to identify gaps in cloud designs and recommend enhancements for authentication, authorization, and bastion host setups.

• Communication: Ability to distill complex security risks into actionable insights for both technical peers and non-technical stakeholders.

• Autonomy: Proven track record of managing large projects with complex deliverables and foreseeing potential roadblocks before they manifest.

Standout Qualities:

• Certifications: Possession of industry-recognized credentials such as CISSP, Google Security Engineer or GIAC.

• Operational Excellence: Deep hands-on experience with (Open Source) SIEM solutions and Google Security Operations or Google Security Command Center

• Philosophy: You view security not just as a job, but as a craft; you balance strict security principles with the pragmatic needs of the business.

Team Dynamics:

• Leadership: You will report to Swen Groeneveld, Head of Security Operations

• The Squad: You will join a high-performing 14-member team consisting of AppSec and Compliance specialists.

• Role Level: This is a Senior level role, requiring you to lead people you do not directly manage.

Our Work Style:

• Tech Stack: GCP, Kubernetes (k8s), Terraform, Linux, Rapid7, Tenable, and SIEM platforms.

• Methodology: Performance-driven environment utilizing Scrum-based processes, including biweekly and quarterly planning.

• Environment: Hybrid work mode.

Why Join Wrike?

• 5 Weeks of paid vacation
• Sick Leave Compensation 
  • 5 Paid Uncertified Sick Days
  • 2 weeks fully paid w/ medical certificate, additional 
  • 4 weeks paid at 80% salary rate
• Parental Leave (fully paid): 18 Weeks Maternity / 4 Week Paternity 
• 2 Volunteer Days
• Meal Vouchers (CZK 220 per working day)
• Annual Prague Travel Card (Lítačka)
• Hybrid Working Model
• Benefit budget with flexible options, including a MultiSport card, Canadian Medical membership, contributions to a pension savings plan and additional choices available through Benefit Plus

This remote position is open to residents of Czechia

About the Role:

Wrike’s Security team is the frontline defense ensuring the integrity and credibility of the data stored within our platform. In this senior position, you will own and evolve the security posture for Wrike’s production, Kubernetes, and GCP environments. You aren't just maintaining systems; you are architecting a "secure by default" infrastructure that allows our engineering and other teams to move fast without compromising safety.

Your Impact:

• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet.

• Strategic Defense: Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management.

• Collaborative Architecture: Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes.

• SIEM Evolution: Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility.

• Mentorship: Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.

Your Qualifications:

• Cloud & Container Mastery: Extensive experience with GCP permissions and security configurations within Kubernetes, Azure, and on-prem environments.

• Technical Depth: High proficiency in Intrusion Detection, Exploit Dev, Linux Operations and Security Understanding

• Security Architecture: Proven ability to identify gaps in cloud designs and recommend enhancements for authentication, authorization, and bastion host setups.

• Communication: Ability to distill complex security risks into actionable insights for both technical peers and non-technical stakeholders.

• Autonomy: Proven track record of managing large projects with complex deliverables and foreseeing potential roadblocks before they manifest.

Standout Qualities:

• Certifications: Possession of industry-recognized credentials such as CISSP, Google Security Engineer or GIAC.

• Operational Excellence: Deep hands-on experience with (Open Source) SIEM solutions and Google Security Operations or Google Security Command Center

• Philosophy: You view security not just as a job, but as a craft; you balance strict security principles with the pragmatic needs of the business.

Team Dynamics:

• Leadership: You will report to Swen Groeneveld, Head of Security Operations

• The Squad: You will join a high-performing 14-member team consisting of AppSec and Compliance specialists.

• Role Level: This is a Senior level role, requiring you to lead people you do not directly manage.

Our Work Style:

• Tech Stack: GCP, Kubernetes (k8s), Terraform, Linux, Rapid7, Tenable, and SIEM platforms.

• Methodology: Performance-driven environment utilizing Scrum-based processes, including biweekly and quarterly planning.

Why Join Wrike?

• 5 Weeks of paid vacation
• Sick Leave Compensation 
  • 5 Paid Uncertified Sick Days
  • 2 weeks fully paid w/ medical certificate, additional 
  • 4 weeks paid at 80% salary rate
• Parental Leave (fully paid): 18 Weeks Maternity / 4 Week Paternity 
• 2 Volunteer Days
• Meal Vouchers (CZK 220 per working day)
• Annual Prague Travel Card (Lítačka)
• Benefit budget with flexible options, including a MultiSport card, Canadian Medical membership, contributions to a pension savings plan and additional choices available through Benefit Plus

About the Role:

Wrike’s Security team is the frontline defense ensuring the integrity and credibility of the data stored within our platform. In this senior position, you will own and evolve the security posture for Wrike’s production, Kubernetes, and GCP environments. You aren't just maintaining systems; you are architecting a "secure by default" infrastructure that allows our engineering and other teams to move fast without compromising safety.

Your Impact:

• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet.

• Strategic Defense: Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management.

• Collaborative Architecture: Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes.

• SIEM Evolution: Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility.

• Mentorship: Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.

Your Qualifications:

• Cloud & Container Mastery: Extensive experience with GCP permissions and security configurations within Kubernetes, Azure, and on-prem environments.

• Technical Depth: High proficiency in Intrusion Detection, Exploit Dev, Linux Operations and Security Understanding

• Security Architecture: Proven ability to identify gaps in cloud designs and recommend enhancements for authentication, authorization, and bastion host setups.

• Communication: Ability to distill complex security risks into actionable insights for both technical peers and non-technical stakeholders.

• Autonomy: Proven track record of managing large projects with complex deliverables and foreseeing potential roadblocks before they manifest.

Standout Qualities:

• Certifications: Possession of industry-recognized credentials such as CISSP, Google Security Engineer or GIAC.

• Operational Excellence: Deep hands-on experience with (Open Source) SIEM solutions and Google Security Operations or Google Security Command Center

• Philosophy: You view security not just as a job, but as a craft; you balance strict security principles with the pragmatic needs of the business.

Team Dynamics:

• Leadership: You will report to Swen Groeneveld, Head of Security Operations

• The Squad: You will join a high-performing 14-member team consisting of AppSec and Compliance specialists.

• Role Level: This is a Senior level role, requiring you to lead people you do not directly manage.

Our Work Style:

• Tech Stack: GCP, Kubernetes (k8s), Terraform, Linux, Rapid7, Tenable, and SIEM platforms.

• Methodology: Performance-driven environment utilizing Scrum-based processes, including biweekly and quarterly planning.

• Environment: Hybrid work mode.

Why Join Wrike?

• 25 calendar days of paid vacation
• Sick Leave Compensation (5 Paid Uncertified Sick Days)
• Parental Leave: 18 Weeks Maternity / 4 Week Paternity 
• 2 Volunteer Days
• Medical Insurance (Employees + Dependents)
• Hybrid Working Model
• School Allowance (Up to €600/month for school aged kids)
• Simcard w/ Unlimited Internet Access for active employees
• Office Lunch Allowance (via Wolt) on Wednesdays / Thursday

This remote position is open to residents of Cyprus

About the Role:

Wrike’s Security team is the frontline defense ensuring the integrity and credibility of the data stored within our platform. In this senior position, you will own and evolve the security posture for Wrike’s production, Kubernetes, and GCP environments. You aren't just maintaining systems; you are architecting a "secure by default" infrastructure that allows our engineering and other teams to move fast without compromising safety.

Your Impact:

• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet.

• Strategic Defense: Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management.

• Collaborative Architecture: Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes.

• SIEM Evolution: Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility.

• Mentorship: Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.

Your Qualifications:

• Cloud & Container Mastery: Extensive experience with GCP permissions and security configurations within Kubernetes, Azure, and on-prem environments.

• Technical Depth: High proficiency in Intrusion Detection, Exploit Dev, Linux Operations and Security Understanding

• Security Architecture: Proven ability to identify gaps in cloud designs and recommend enhancements for authentication, authorization, and bastion host setups.

• Communication: Ability to distill complex security risks into actionable insights for both technical peers and non-technical stakeholders.

• Autonomy: Proven track record of managing large projects with complex deliverables and foreseeing potential roadblocks before they manifest.

Standout Qualities:

• Certifications: Possession of industry-recognized credentials such as CISSP, Google Security Engineer or GIAC.

• Operational Excellence: Deep hands-on experience with (Open Source) SIEM solutions and Google Security Operations or Google Security Command Center

• Philosophy: You view security not just as a job, but as a craft; you balance strict security principles with the pragmatic needs of the business.

Team Dynamics:

• Leadership: You will report to Swen Groeneveld, Head of Security Operations

• The Squad: You will join a high-performing 14-member team consisting of AppSec and Compliance specialists.

• Role Level: This is a Senior level role, requiring you to lead people you do not directly manage.

Our Work Style:

• Tech Stack: GCP, Kubernetes (k8s), Terraform, Linux, Rapid7, Tenable, and SIEM platforms.

• Methodology: Performance-driven environment utilizing Scrum-based processes, including biweekly and quarterly planning.

Why Join Wrike?

• 25 calendar days of paid vacation
• Sick Leave Compensation (5 Paid Uncertified Sick Days)
• Parental Leave: 18 Weeks Maternity / 4 Week Paternity 
• 2 Volunteer Days
• Medical Insurance (Employees + Dependents)
• School Allowance (Up to €600/month for school aged kids)
• Simcard w/ Unlimited Internet Access for active employees

This remote position is open to residents of Estonia

About the Role:

Wrike’s Security team is the frontline defense ensuring the integrity and credibility of the data stored within our platform. In this senior position, you will own and evolve the security posture for Wrike’s production, Kubernetes, and GCP environments. You aren't just maintaining systems; you are architecting a "secure by default" infrastructure that allows our engineering and other teams to move fast without compromising safety.

Your Impact:

• Own Infrastructure Security: Design, implement, and improve security controls- including hardening, network segmentation, IAM, and endpoint security - across our entire fleet.

• Strategic Defense: Lead the technical direction for cyber security defense, covering enterprise posture management, threat detection, and vulnerability management.

• Collaborative Architecture: Partner with ITOps, SysOps, DevOps and XOps to embed security into the core of our architecture and change management processes.

• SIEM Evolution: Develop and maintain our SIEM strategy and the surrounding infrastructure to ensure proactive visibility.

• Mentorship: Educate and coach engineering teams on secure system design, providing guidance that elevates the security IQ of the entire organization.

Your Qualifications:

• Cloud & Container Mastery: Extensive experience with GCP permissions and security configurations within Kubernetes, Azure, and on-prem environments.

• Technical Depth: High proficiency in Intrusion Detection, Exploit Dev, Linux Operations and Security Understanding

• Security Architecture: Proven ability to identify gaps in cloud designs and recommend enhancements for authentication, authorization, and bastion host setups.

• Communication: Ability to distill complex security risks into actionable insights for both technical peers and non-technical stakeholders.

• Autonomy: Proven track record of managing large projects with complex deliverables and foreseeing potential roadblocks before they manifest.

Standout Qualities:

• Certifications: Possession of industry-recognized credentials such as CISSP, Google Security Engineer or GIAC.

• Operational Excellence: Deep hands-on experience with (Open Source) SIEM solutions and Google Security Operations or Google Security Command Center

• Philosophy: You view security not just as a job, but as a craft; you balance strict security principles with the pragmatic needs of the business.

Team Dynamics:

• Leadership: You will report to Swen Groeneveld, Head of Security Operations

• The Squad: You will join a high-performing 14-member team consisting of AppSec and Compliance specialists.

• Role Level: This is a Senior level role, requiring you to lead people you do not directly manage.

Our Work Style:

• Tech Stack: GCP, Kubernetes (k8s), Terraform, Linux, Rapid7, Tenable, and SIEM platforms.

• Methodology: Performance-driven environment utilizing Scrum-based processes, including biweekly and quarterly planning.

Why Join Wrike?

• 28 calendar days of paid vacation
• Sick Leave Compensation (5 Paid Uncertified Sick Days)
• Parental Leave: 18 Weeks Maternity / 4 Week Paternity
• 2 Volunteer Days
• Health Insurance (Employees + Dependents)
• Life Insurance Plan
• Utility Allowance (30 EUR/month, subject to taxation)
• Fitness plan (800 EUR/year)
• Full-remote & On-demand access to Co-working space

What’s Next? 

The Opportunity 

The DevSecOps Engineer role has been created to embed security into our engineering, DevOps and cloud delivery pipelines. Working closely with our Development, DevOps, Infrastructure and Security teams, you will engineer, automate and maintain security controls across our CI/CD pipelines, cloud workloads and application lifecycle. 

This position is critical in uplifting our secure by design practices, reducing vulnerabilities, and ensuring our rapidly evolving development environments adhere to best-in-class security standards. (Infosec presentations highlight the explicit gap for DevSecOps capability and security integration into Dev and Cloud projects).

Key Responsibilities

• Integrate security controls into CI/CD pipelines (Azure DevOps, GitHub Actions, Jenkins or equivalent). 
• Implement automated SAST, SCA, DAST, container scanning and secrets management controls. (Referenced in secure development lifecycle expectations.)   
• Work with Development and DevOps teams to ensure secure design principles, threat modelling and secure coding practices are embedded early in the lifecycle. 
• Engineer and maintain tooling for vulnerability management across code, containers, pipelines and cloud workloads. 
• Automate security guardrails across Azure resources, Kubernetes clusters, API gateways, serverless workloads and service meshes. 
• Support and enhance the deployment of security policies (IAM, key vaults, network controls, hardening baselines). 
• Partner with engineering squads to review architecture changes and ensure security requirements are addressed. 
• Contribute to incident response activities where application or pipeline security is implicated. 
• Contribute to uplift of our secure engineering policies, developer training and SSDLC processes. (Supports expectations stated in internal assessments and training docs).

Requirements:

• Experienced in DevOps or platform engineering with a strong security mindset. 
• Hands-on experience with at least one CI/CD platform (Azure DevOps preferred). 
• Good understanding of application security principles (OWASP Top 10, SANS/CWE Top 25). 
• Experience integrating or running security scanners: SAST, SCA, DAST, container scanning, IaC scanning. 
• Experience with infrastructure as code (Terraform, ARM/Bicep, Helm). 
• Familiar with cloud security (preferably Azure) and container security best practices. 
• Capable of supporting vulnerability management processes and remediation workflows. 
• Ability to collaborate with Software Engineering, DevOps, SRE, Cloud and Security teams. 
• Strong communicator able to translate risk into engineering friendly language. 

Nice to Have:

• Kubernetes (AKS), service mesh, container runtime security. 
• Experience integrating security telemetry into SIEM/SOAR pipelines. 
• Exposure to Zero Trust design principles. 
• Threat modelling and automated security testing frameworks. 

Kineto is a next-generation platform that enables creators, educators, and small businesses to generate, deploy, and operate fully functional AI-powered web applications – instantly and at scale. It combines LLM-driven code generation, multi-tenant Postgres (Neon), dynamic hosting (GKE and Knative), automated deployments (Flux), analytics, billing, and a seamless chat-based UX to make software creation accessible to everyone. Our team is growing rapidly, and we’re now seeking an experienced Infrastructure Engineer who can design, build, and maintain our cloud-native platform, with a focus on scalability, reliability, and automated operations.

What you’ll do:

Cloud and platform engineering (DevOps):

• Design, implement, and manage the core infrastructure powering Kineto's platform on Google Cloud Platform (GCP), including networking, security, and identity management.
• Build and operate resilient, highly available distributed systems using Kubernetes (GKE), Knative, Istio, and related cloud-native technologies.
• Automate the entire infrastructure life cycle (IaC) using Terraform and Terragrunt, ensuring secure, reproducible, and auditable environments.
• Implement and maintain CI/CD pipelines (e.g. GitHub Actions and TeamCity) and deployment tools like Flux and Helm for GitOps-driven application delivery.
• Optimize and manage the multi-tenant data layer on Postgres and Neon, focusing on robust tenant isolation, performance, backups, and safe schema management.

Operational excellence and reliability:

• Drive site reliability engineering (SRE) practices, including monitoring, alerting (Prometheus, Grafana), logging (Loki), and incident response.
• Solve complex operational challenges, such as optimizing scale to zero for cost efficiency, minimizing cold starts, enhancing autoscaling behavior, and managing queue backpressure.
• Implement platform-wide performance tuning (e.g. container resource limits, distributed locks, caching strategies, and GC configurations).
• Ensure platform security and compliance by implementing best practices for secrets management, network segmentation, and vulnerability scanning.

Technical leadership:

• Own major infrastructure roadmap items, including multi-region deployments, disaster recovery planning, advanced tenancy separation, and ephemeral preview environments.
• Champion DevOps and SRE principles across the engineering team, mentoring engineers on cloud-native best practices, operational readiness, and debugging complex distributed systems.
• Collaborate with product and engineering teams to define the long-term vision for the platform's architecture and operational model.

We’d be glad to have you on our team if you:

• Have five or more years of experience building and operating large-scale, commercial cloud-native infrastructure, with a strong focus on DevOps/SRE practices.
• Possess deep, hands-on expertise with GCP (or AWS/Azure) and Kubernetes administration and operations (GKE experience is a strong plus).
• Are proficient with infrastructure-as-code (IaC) tools, particularly Terraform, for managing complex environments.
• Have a solid understanding of Linux internals, networking (CNI and service mesh), security, and distributed system design.
• Are familiar with CI/CD tools, GitOps (e.g. Flux), monitoring stacks (Prometheus/Grafana), and logging systems.
• Thrive in cross-functional teams and excel at communicating complex infrastructure ideas clearly.

#LI-YY1