
Search by job, company or skills

About Trustify Technology
Trustify Technology is a fast-growing software engineering and digital transformation company providing AI-driven software development, verification & validation, and automation solutions for global clients across the US, UK/EU, Japan, and Singapore.
Trustify aims to be the top-tier technology outsourcing partner from Vietnam, combining human expertise with AI power to deliver high-quality, cost-effective solutions.
Responsibilities
1. AWS Serverless Infrastructure
◦ Design and provision serverless infrastructure using Terraform (IaC - first approach).
◦ Manage and optimize AWS AppSync - resolvers, schema management, subscriptions, VTL/JS resolver pipeline.
◦ Deploy and manage AWS Lambda - function packaging, layers, concurrency settings, cold start optimization, versioning & aliases.
◦ Configure and optimize CloudFront distributions - cache behaviors, origin groups, Lambda@Edge / CloudFront Functions, custom error pages.
◦ Set up and manage S3 for static hosting - bucket policies, versioning, lifecycle rules, CORS configuration.
◦ Configure EventBridge, SQS, SNS for event-driven Lambda triggers and async processing.
◦ Manage Step Functions for Lambda orchestration workflows.
2. Database Infrastructure
◦ Provision and manage Aurora PostgreSQL Serverless v2 - cluster configuration, scaling policies, parameter groups, IAM auth.
◦ Manage Multi-AZ setup, automated backups, snapshot lifecycle, and point-in-time recovery for Aurora.
◦ Provision and manage AWS DocumentDB - cluster config, instance sizing, parameter groups, TLS setup.
◦ Provision and manage AWS ElastiCache (Redis) - cluster mode, replication groups, eviction policies, TTL strategies for caching and session management.
◦ Manage database credentials and rotation via AWS Secrets Manager/ Parameter Store for per-tenant configuration.
◦ Monitor database performance - low queries, connection limits, Aurora auto-scaling triggers.
3. Authentication & Multi-Tenancy
◦ Implement and manage tenant-level authentication via DB - tenant resolution, connection routing per tenant.
◦ Integrate AWS Cognito or custom JWT-based auth with AppSync authorization modes.
◦ Configure AppSync authorization - API Key, IAM, Cognito User Pools, Lambda Authorizer per resolver.
◦ Implement tenant isolation at network, IAM, and data layer.
4. CI/CD & Deployment Automation
◦ Build and maintain CI/CD pipelines for serverless deployments using GitHub Actions / GitLab CI.
◦ Implement deployment strategies for Lambda - blue/green via aliases, canary deployments with CodeDeploy.
◦ Automate AppSync schema deployment and resolver updates.
◦ Set up Terraform remote state (S3 + DynamoDB locking) and environment promotion pipelines.
◦ Implement deployment gates - automated testing, smoke tests, rollback triggers.
◦ Manage environment promotion: dev → staging → production with approval workflows.
5. Monitoring, Logging & Observability
◦ Set up observability for serverless - AWS X-Ray tracing across Lambda → AppSync → Aurora.
◦ Configure CloudWatch - Log Groups, Metric Filters, Dashboards, Alarms for Lambda errors/throttles/duration.
◦ Implement centralized logging - Lambda structured logs → CloudWatch Logs Insights or OpenSearch.
◦ Set up real-time alerting for Lambda cold starts, AppSync errors, Aurora failover events.
◦ Implement cost monitoring and anomaly detection for serverless workloads.
6. Security & Compliance
◦ Implement IAM least-privilege for Lambda execution roles and AppSync service roles.
◦ Configure VPC private subnets for Lambda functions accessing Aurora/MongoDB.
◦ Set up AWS WAF on CloudFront for DDoS protection and rate limiting.
◦ Manage KMS encryption for S3, Aurora, and Secrets Manager.
◦ Integrate security scanning into CI/CD - Checkov for Terraform, Trivy for container images.
◦ Implement GuardDuty, AWS Config Rules, and Security Hub for continuous compliance.
7. Collaboration & Best Practices
◦ Contribute to infrastructure architecture discussions and decision records (ADRs).
◦ Define DevOps standards, runbooks, and operational playbooks.
◦ Partner with development teams to embed DevOps culture and shift-left security practices.
◦ Drive serverless cost optimization (FinOps) and platform improvement initiatives.
◦ Report infrastructure status, risks, and roadmap to Engineering Manager / CTO.
Requirements
Must-Have
◦ 4+ years of DevOps/Cloud Engineering experience, with at least 2+ years focused on AWS Serverless.
◦ Proven senior experience owning infrastructure end-to-end in a product or startup environment.
◦ Strong hands-on experience with AWS Lambda - optimization, cold starts, layers, concurrency.
◦ Experience with AWS AppSync - schema design, resolvers (VTL/JS), auth modes, subscriptions.
◦ Proficient with Terraform for serverless infrastructure provisioning.
◦ Experience with Aurora PostgreSQL - cluster management, Serverless v2, backup/restore.
◦ Experience with MongoDB and DynamoDB in production environments.
◦ CI/CD experience for serverless - GitHub Actions, GitLab CI, or CodePipeline.
◦ Strong understanding of multi-tenant architecture patterns at DB and API level.
◦ Experience with CloudFront + S3 static hosting and CDN optimization.
◦ Proficient with AWS IAM, Secrets Manager, KMS for security and secrets management.
◦ Scripting skills in Python and/or Bash.
◦ Good English communication skills - technical reading and writing.
Nice-to-Have
◦ AWS Certified DevOps Engineer - Professional or AWS Solutions Architect - Professional.
◦ Experience with MongoDB (Atlas or self-managed).
◦ Knowledge of Lambda@Edge / CloudFront Functions.
◦ Familiarity with AWS Step Functions and EventBridge for event-driven architecture.
◦ Experience with serverless frameworks - AWS SAM, Serverless Framework.
◦ Knowledge of row-level security (RLS) in PostgreSQL for multi-tenancy.
◦ Experience with AWS Cognito for authentication and user pool management.
◦ FinOps experience - serverless cost optimization, Lambda power tuning.
◦ Previous experience contributing to DevOps team setup in a greenfield project.
Your Benefits
◦ Sponsorship for professional certification exams (AWS certifications preferred)
◦ Flexible working hours (core time: 9:00 AM – 6:00 PM, Monday to Friday) and work-from-home policy
◦ Healthcare: Annual health check-up, Premium Health Insurance
◦ 12 annual leaves + public holidays
◦ 13th-month salary
◦ Bonus for excellent project performance
◦ Year End Party (YEP), company trip, team building activities, happy hour
◦ Snacks, coffee, tea and soft drinks available in the office
◦ Marriage gift, sick leave support, funeral/maternity support
◦ Lunar New Year gifts
◦ Free parking, provided devices
Contact Us to Apply
Company: Trustify Technology JSC.
Email: [Confidential Information]
Head Office: 307/20-21 Nguyen Van Troi, Tan Son Hoa Ward, HCMC
Website: https://trustifytechnology.com/
Working hours: 9:00 AM – 6:00 PM, Monday – Friday
Job ID: 150828427
We don’t charge any money for job offers