Infrastructure & CloudOps Engineer

The CTO Intelligence Hub is OPSWAT’s internal data platform; a fleet of 20+ containerised applications running on AWS EC2 that deliver AI adoption analytics, financial intelligence, customer health scoring, sales leaderboards, and content generation to OPSWAT leadership and 590+ engineers worldwide. You will own the infrastructure layer that keeps this platform reliable, secure, and scalable.

This is a hands-on individual-contributor role. You will be the sole infrastructure owner on day one, working closely with the CTO and one AI Platform Architect to operationalise and evolve the system.

• →AWS infrastructure: EC2 instances (eu-north-1), S3 buckets, IAM roles, SSM-based remote access (no SSH), security group allowlists across 8 global offices
• →Container orchestration: Docker Compose fleet of 20+ services with sequential startup chains, health monitoring, auto-rollback, and OOM prevention on memory-constrained instances
• →CI/CD pipeline: GitHub Actions workflows (centralized deploy-app.yml), S3 artifact rotation, per-service smart change detection, post-deploy health checks
• →Reverse proxy & SSO: nginx routing, Cloudflare SSL termination, OAuth2 Proxy backed by Azure AD for single sign-on across all internal apps
• →Credential & secrets management: OAuth token lifecycle (token-proxy auto-refresh), GitHub org secrets, PAT rotation, SSM Parameter Store, per-app .env files
• →Data pipeline operations: EC2 #3 (Fabric → Parquet → S3), daily cron jobs, MSAL token refresh, lockfile and resume logic
• →Observability & incident response: health monitor (15-min cron), watchdog deep-checks, Telegram alerting, EC2 reboot recovery, Docker mount-corruption recovery
• →Security posture: network-level access controls, credential hygiene, OPSEC between corporate and personal identities

• 3–6 years hands-on AWS experience (EC2, S3, IAM, SSM — not just console clicks)
• Solid Docker and Docker Compose skills; you debug failed container starts at 2 am without fear
• GitHub Actions: writing and maintaining multi-job workflows with secrets, artifacts, and matrix builds
• Linux system administration (Ubuntu): cron, systemd, disk management, process investigation
• Python scripting for ops tasks (deployment scripts, health checks, API automation)
• nginx configuration: upstream proxying, path-based routing, SSL
• A security-first mindset: you default to least-privilege and always ask “what happens if this leaks?”

• Experience with Cloudflare (proxying, SSL, DNS management)
• Azure AD or OAuth2 Proxy familiarity
• PostgreSQL administration
• Experience operating ML/AI inference workloads
• GitHub App development (JWT-based installation tokens)
• Familiarity with Microsoft Fabric or Azure data services