Senior DevOps Engineer — sanctions.io (Spain / Remote-Friendly) --- We're hiring a Senior DevOps Engineer at sanctions.io — a compliance SaaS company with ~300 customers in the financial sector. If Kubernetes, AWS, and security are your home turf, and you like real ownership over infrastructure, let's talk. --- About the Role At sanctions.io, our infrastructure is the product. When screening latency spikes or a pipeline stalls, our customers notice — and in compliance, reliability isn't a nice-to-have. We're looking for a \*\*Senior DevOps Engineer\*\* to own our cloud infrastructure end-to-end. You'll lead the migration from AWS ECS to Kubernetes, harden our security posture, and make sure our platform scales cleanly as we grow. This is a \*\*high-autonomy, high-ownership role\*\* — you'll make real decisions, not implement tickets. You'll be the primary infrastructure owner, working closely with the Head of Engineering and development team, with occasional collaboration with external support. --- What You'll Do Kubernetes Migration (near-term priority) - Architect and execute the full migration of services from AWS ECS to Kubernetes (EKS) - Design cluster topology, namespace strategy, network policies, and secrets management - Validate rollout with proper testing, rollback planning, and documentation - Set up GitOps workflows (ArgoCD or Flux preferred) Infrastructure Ownership - Own all AWS infrastructure: networking (VPC, subnets, SGs), compute, storage (S3, RDS), IAM, ECR - Manage Terraform configurations across staging and production environments - Improve Docker image builds, optimise for size and scan for vulnerabilities - Collaborate with engineers on infrastructure needs for new features (e.g. AI workloads, vector search, batch processing) CI/CD & Automation - Maintain and improve GitHub Actions workflows and deployment pipelines - Implement blue/green or canary deployments where appropriate - Introduce automation that reduces toil and human error Monitoring & Reliability - Own observability: Prometheus, Grafana, structured logging, and alerting strategy - Ensure Sentry is properly integrated and actionable - Define and own incident response procedures and on-call processes - Think proactively about failure modes and disaster recovery Security - Container security scanning and hardening - Secrets management (external-secrets, sealed-secrets, or equivalent) - Network segmentation, SSL/TLS, access controls, and IAM hygiene - Stay current on AWS security best practices and act on them --- What We're Looking For Must-Have - \*\*5+ years of DevOps/infrastructure engineering\*\* in production cloud environments - \*\*Kubernetes (3+ years, production-grade)\*\* — EKS strongly preferred - Helm, Kustomize or equivalent - Ingress, network policies, HPA/VPA - Experience migrating workloads *\*to\ Kubernetes (from ECS or Docker Compose) - Real debugging and troubleshooting experience - \*\*Strong AWS\*\* — ECS, EC2, S3, SQS, RDS (PostgreSQL), VPC, IAM, ECR - \*\*Terraform\*\* — managing real multi-environment codebases, not just tutorials - \*\*GitHub Actions\*\* and solid CI/CD fundamentals - Docker image optimisation and container security awareness - \*\*Spanish native or fluent (C1+), excellent English\*\* — our tech team is in Spain; our product and customers are international - Based in Spain or willing to relocate — \*\*Tenerife preferred\*\* , but strong candidates in CET timezone are considered for remote Strong Plus - GitOps (ArgoCD or Flux) in production - AWS DevOps Agent - Elasticsearch cluster management and scaling - PostgreSQL administration under load (tuning, backups, replication) - Redis and Celery worker infrastructure - Familiarity with infrastructure needs for AI/ML workloads (GPU instances, batch inference pipelines) — not required, but we're moving in this direction Nice-to-Have - Experience in fintech, compliance, or regulated industries where security posture matters - Incident commander experience or structured on-call process ownership --- Our Stack AWS (ECS → EKS migration in progress) · Kubernetes · Terraform · Docker · GitHub Actions · Prometheus · Grafana · Sentry · PostgreSQL (RDS) · Elasticsearch · Redis · Celery · SQS · Python/Django backend --- What We Value - \*\*Ownership\*\* : The infrastructure is yours. If something is broken or could be better, you don't wait to be asked. - \*\*Pragmatism\*\* : You choose the right tool, not the trendiest. You balance ideal with shippable. - \*\*Clear communication\*\* : You write down what you did and why. Async-first team. - \*\*Reliability mindset\*\* : You think about failure modes before they become incidents, not after. - \*\*Openness to new tech\*\* : We're actively exploring AI capabilities — you should be comfortable adapting infrastructure to support new workload types. --- About sanctions.io sanctions.io provides API and portal services for sanctions screening, PEP data, and adverse media monitoring — used by ~300 customers and 500 users in the financial compliance space. We're a small, focused team building infrastructure that keeps the financial system clean. Remote-friendly (Spain-based team, CET timezone) Working language: Spanish (team) + English (product/customers) HQ: Tenerife, Spain --- *\*Interested? Apply via LinkedIn or reach out directly. We read every application.\