Stellenbeschreibung
We’re looking for an AWS Cloud Ops/DevOps Engineer to design, secure, and operate a multi-account AWS environment supporting regulated financial workloads. You’ll automate infrastructure, CI/CD, observability, and security controls across a stack that includes EC2, ECS, RDS, S3, CloudFront, API Gateway, CloudWatch, WAF/Shield, and more. You will building and maintaining the infrastructure that supports our 400k+ end customers and 5 product development teams as well as external suppliers - ensuring reliability, cost efficiency, and compliance in a highly regulated environment.
Core Responsibilities
Infrastructure & Platform:
* Manage Amazon EC2, ECS for containerized workloads.
* Implement Elastic Load Balancing, Amazon VPC, and Route 53 for networking and traffic routing, including secure VPC connectivity to RDS, Redis/ElastiCache, and other services.
* Operate Amazon RDS, DynamoDB, and ElastiCache for data services.
* Optimize Amazon S3 for storage and CloudFront for CDN delivery.
* Ensure uptime and availability of base infrastructure (firewalls, load balancers) and application workloads.
Automation & IaC:
* Build reproducible infrastructure using AWS CloudFormation, including reusable templates/modules to standardize App Runner and other service deployments across teams.
* Define and maintain CI/CD pipelines with AWS CodePipeline, CodeBuild, AWS CDK and GitHub Actions/GitLab CI, enabling consistent delivery and compliance enforcement.
* Automate tagging, encryption, and policy enforcement to meet compliance/security requirements.
Observability & Reliability:
* Configure Amazon CloudWatch (metrics, logs, alarms) and X-Ray for tracing, ensuring visibility across all workloads.
* Define and track SLIs/SLOs, uptime targets, and cost-per-user/session metrics to drive operational excellence.
* Establish alerting, runbooks, and escalation paths to ensure a stable and available service for end users.
Security & Compliance:
* Set up IAM roles, permissions, and guardrails to enforce least-privilege access.
* Enforce least-privilege with IAM Access Analyzer, KMS, and Secrets Manager.
* Implement AWS WAF, Shield, GuardDuty, Security Hub, and Config for security posture.
* Maintain audit readiness with AWS CloudTrail and compliance mapping (BaFin, DORA).
Data & Integration:
* Support API Gateway for microservices and SQS/SNS for messaging.
* Manage Database Migration Service (DMS) for data migrations.
* Knowledge of AWS End User Messaging
Qualifikationen
Required Skills
* Strong hands-on experience with VPC, Route 53, API Gateway, WAF, CloudFront, EC2, ECS, RDS, S3.
* Proficiency in CloudFormation and CDK for IaC.
* Observability: CloudWatch, X-Ray, log aggregation, and operational metrics.
* Security: IAM, KMS, WAF, Shield, GuardDuty, Security Hub, Config, and compliance policy enforcement.
* Scripting in Python/Bash and Linux administration.
Nice to Have
* Experience with OpenSearch, Kinesis, Redshift, ElastiCache.
* Define and maintain CI/CD pipelines with AWS CodePipeline, CodeBuild, AWS CDK and GitHub Actions, enabling consistent delivery and compliance enforcement
* Familiarity with AWS DevOps Guru, Step Functions, and Backup.
* Knowledge of BaFin cloud outsourcing and DORA compliance.
Zusätzliche Informationen
What's in it for you
* Work-Life Balance: Flexible working hours, extensive mobile office options
* Workation in European countries
* Training & Development: Participation in seminars and trainings, attendance at conferences and conventions, network of professional exchange partners
* Team Events: Regular rooftop barbecues, company outings, summer party, Christmas party, ice cream truck, as well as regular internal team events supported by dedicated team budgets
* Health: Free fruit, participation in the B2Run corporate run
* Additional Benefits: Company pension scheme, capital-forming benefits, public transport subsidy, discounted employee parking, and much more
* Dog-friendly workplace