Search by job, company or skills

trustify technology

DevOps Engineer (AWS Serverless)

Save
  • Posted 2 days ago
  • Be among the first 10 applicants
Early Applicant

Job Description


About Trustify Technology

Trustify Technology is a fast-growing software engineering and digital transformation company providing AI-driven software development, verification & validation, and automation solutions for global clients across the US, UK/EU, Japan, and Singapore.

Trustify aims to be the top-tier technology outsourcing partner from Vietnam, combining human expertise with AI power to deliver high-quality, cost-effective solutions.

Responsibilities

1. AWS Serverless Infrastructure

◦ Design and provision serverless infrastructure using Terraform (IaC - first approach).

◦ Manage and optimize AWS AppSync - resolvers, schema management, subscriptions, VTL/JS resolver pipeline.

◦ Deploy and manage AWS Lambda - function packaging, layers, concurrency settings, cold start optimization, versioning & aliases.

◦ Configure and optimize CloudFront distributions - cache behaviors, origin groups, Lambda@Edge / CloudFront Functions, custom error pages.

◦ Set up and manage S3 for static hosting - bucket policies, versioning, lifecycle rules, CORS configuration.

◦ Configure EventBridge, SQS, SNS for event-driven Lambda triggers and async processing.

◦ Manage Step Functions for Lambda orchestration workflows.

2. Database Infrastructure

◦ Provision and manage Aurora PostgreSQL Serverless v2 - cluster configuration, scaling policies, parameter groups, IAM auth.

◦ Manage Multi-AZ setup, automated backups, snapshot lifecycle, and point-in-time recovery for Aurora.

◦ Provision and manage AWS DocumentDB - cluster config, instance sizing, parameter groups, TLS setup.

◦ Provision and manage AWS ElastiCache (Redis) - cluster mode, replication groups, eviction policies, TTL strategies for caching and session management.

◦ Manage database credentials and rotation via AWS Secrets Manager/ Parameter Store for per-tenant configuration.

◦ Monitor database performance - low queries, connection limits, Aurora auto-scaling triggers.

3. Authentication & Multi-Tenancy

◦ Implement and manage tenant-level authentication via DB - tenant resolution, connection routing per tenant.

◦ Integrate AWS Cognito or custom JWT-based auth with AppSync authorization modes.

◦ Configure AppSync authorization - API Key, IAM, Cognito User Pools, Lambda Authorizer per resolver.

◦ Implement tenant isolation at network, IAM, and data layer.

4. CI/CD & Deployment Automation

◦ Build and maintain CI/CD pipelines for serverless deployments using GitHub Actions / GitLab CI.

◦ Implement deployment strategies for Lambda - blue/green via aliases, canary deployments with CodeDeploy.

◦ Automate AppSync schema deployment and resolver updates.

◦ Set up Terraform remote state (S3 + DynamoDB locking) and environment promotion pipelines.

◦ Implement deployment gates - automated testing, smoke tests, rollback triggers.

◦ Manage environment promotion: dev → staging → production with approval workflows.

5. Monitoring, Logging & Observability

◦ Set up observability for serverless - AWS X-Ray tracing across Lambda → AppSync → Aurora.

◦ Configure CloudWatch - Log Groups, Metric Filters, Dashboards, Alarms for Lambda errors/throttles/duration.

◦ Implement centralized logging - Lambda structured logs → CloudWatch Logs Insights or OpenSearch.

◦ Set up real-time alerting for Lambda cold starts, AppSync errors, Aurora failover events.

◦ Implement cost monitoring and anomaly detection for serverless workloads.

6. Security & Compliance

◦ Implement IAM least-privilege for Lambda execution roles and AppSync service roles.

◦ Configure VPC private subnets for Lambda functions accessing Aurora/MongoDB.

◦ Set up AWS WAF on CloudFront for DDoS protection and rate limiting.

◦ Manage KMS encryption for S3, Aurora, and Secrets Manager.

◦ Integrate security scanning into CI/CD - Checkov for Terraform, Trivy for container images.

◦ Implement GuardDuty, AWS Config Rules, and Security Hub for continuous compliance.

7. Collaboration & Best Practices

◦ Contribute to infrastructure architecture discussions and decision records (ADRs).

◦ Define DevOps standards, runbooks, and operational playbooks.

◦ Partner with development teams to embed DevOps culture and shift-left security practices.

◦ Drive serverless cost optimization (FinOps) and platform improvement initiatives.

◦ Report infrastructure status, risks, and roadmap to Engineering Manager / CTO.

Requirements

Must-Have

4+ years of DevOps/Cloud Engineering experience, with at least 2+ years focused on AWS Serverless.

◦ Proven senior experience owning infrastructure end-to-end in a product or startup environment.

◦ Strong hands-on experience with AWS Lambda - optimization, cold starts, layers, concurrency.

◦ Experience with AWS AppSync - schema design, resolvers (VTL/JS), auth modes, subscriptions.

◦ Proficient with Terraform for serverless infrastructure provisioning.

◦ Experience with Aurora PostgreSQL - cluster management, Serverless v2, backup/restore.

◦ Experience with MongoDB and DynamoDB in production environments.

◦ CI/CD experience for serverless - GitHub Actions, GitLab CI, or CodePipeline.

◦ Strong understanding of multi-tenant architecture patterns at DB and API level.

◦ Experience with CloudFront + S3 static hosting and CDN optimization.

◦ Proficient with AWS IAM, Secrets Manager, KMS for security and secrets management.

◦ Scripting skills in Python and/or Bash.

◦ Good English communication skills - technical reading and writing.

Nice-to-Have

◦ AWS Certified DevOps Engineer - Professional or AWS Solutions Architect - Professional.

◦ Experience with MongoDB (Atlas or self-managed).

◦ Knowledge of Lambda@Edge / CloudFront Functions.

◦ Familiarity with AWS Step Functions and EventBridge for event-driven architecture.

◦ Experience with serverless frameworks - AWS SAM, Serverless Framework.

◦ Knowledge of row-level security (RLS) in PostgreSQL for multi-tenancy.

◦ Experience with AWS Cognito for authentication and user pool management.

◦ FinOps experience - serverless cost optimization, Lambda power tuning.

◦ Previous experience contributing to DevOps team setup in a greenfield project.

Your Benefits

◦ Sponsorship for professional certification exams (AWS certifications preferred)

◦ Flexible working hours (core time: 9:00 AM – 6:00 PM, Monday to Friday) and work-from-home policy

◦ Healthcare: Annual health check-up, Premium Health Insurance

◦ 12 annual leaves + public holidays

◦ 13th-month salary

◦ Bonus for excellent project performance

◦ Year End Party (YEP), company trip, team building activities, happy hour

◦ Snacks, coffee, tea and soft drinks available in the office

◦ Marriage gift, sick leave support, funeral/maternity support

◦ Lunar New Year gifts

◦ Free parking, provided devices

Contact Us to Apply

Company: Trustify Technology JSC.

Email: [Confidential Information]

Head Office: 307/20-21 Nguyen Van Troi, Tan Son Hoa Ward, HCMC

Website: https://trustifytechnology.com/

Working hours: 9:00 AM – 6:00 PM, Monday – Friday

More Info

Job Type:
Industry:
Employment Type:

About Company

Job ID: 150828427