Role Description
This is a full-time role which can be performed remote anywhere in the US, or in our Boise, ID office if you're local. You'll own our AWS infrastructure end to end, but this isn't a keep-the-lights-on job: there's real infrastructure to build. You'll stand up new customer environments as we grow, scale the cloud and ML infrastructure behind our forecasting products, and build the automation behind our SOC 2 program.You view compliance as a byproduct of good engineering and not a quarterly fire drill.
We're an AI-driven company: AI tooling runs throughout our engineering workflow, because it's how a team our size covers this much ground.
If you're passionate about building cloud infrastructure, automation, and work that makes the electric grid safer, we'd love to hear from you.
Responsibilities
- Build and manage CI/CD pipelines in GitHub Actions: build container images, push them to Amazon ECR, and promote them across environments using short-lived federated credentials, not long-lived keys.
- Own our infrastructure as code: Terraform modules and remote state, nothing that lives only in the console, and a bill kept honest with budgets, billing alerts, and right-sizing.
- Operate our hybrid compute footprint: Amazon ECS on AWS Fargate, plus Amazon EC2 instances running Dockerized workloads under systemd.
- Own observability and centralized logging: our self-hosted Prometheus/Grafana stack, the log pipeline and search stack behind it, and alert rules worth acting on.
- Operate our machine-learning services: deploy and run containerized inference for our customers, manage GPU instances, and keep multi-gigabyte model images and their registry lifecycle under control.
- Own Amazon RDS for PostgreSQL: backups and point-in-time recovery, version upgrades, parameter groups, connection limits, and the slow-query conversation with the app team.
- Own networking end to end: VPCs and segmentation, ALBs, NGINX in front of our Java apps, and the secure access paths engineers use to reach private infrastructure.
- Implement and manage AWS security controls (IAM, encryption, and audit logging) and own the infrastructure side of our SOC 2 program: access control, patch automation, and vulnerability management.
Minimum Qualifications
- Experience: 5+ years in DevOps, SRE, or platform engineering.
- Cloud Infrastructure (AWS): Design, deployment, and operation of scalable cloud architectures such as Amazon ECS in production (task definitions, service deploys, rollbacks), Amazon EC2, Amazon RDS, Amazon S3, VPC networking (private subnets, NAT vs. VPC endpoints, security groups, DNS), and Elastic Load Balancing.
- Infrastructure as Code: Terraform in production, including writing modules, managing remote state, and handling drift.
- Automation and CI/CD: GitHub Actions for building, testing, and deploying containerized services or equivalent experience you can transfer.
- Monitoring and Logging: You’ve owned an alerting stack rather than just read its dashboards, and you can defend which alerts you deleted. Comfortable with Prometheus and Grafana, and with a log search stack (Elasticsearch/Kibana, OpenSearch, or similar).
- Python and Linux: Python for automation, tooling, and diagnostics; Linux administration in production (Ubuntu, Amazon Linux).
- Security: Least-privilege IAM design, secrets management, encryption, and supply-chain hygiene in CI
- Working with AI Tools: Fluency with AI assistants in day-to-day engineering work, paired with a grasp of the concepts underneath them. Know what the models are doing and when and why they fail. You move faster with them, and you know enough to catch them when they’re confidently wrong.
Desired Qualifications
- JVM Applications: Keeping Maven-built Java/Spring applications healthy in production: heap and GC behavior.
- PostgreSQL Depth: Query and index tuning, RDS Performance Insights, and pg_stat_statements.
- ML and GPU Operations: Serving models in production, managing the instances behind them, and orchestrating jobs (SkyPilot or similar).
- Geospatial or Weather Data: Familiarity with HRRR, GRIB, Zarr, or similar gridded datasets.
- Compliance: SOC 2, plus control automation, vulnerability scanning, and patch management at scale.
- Critical-Infrastructure Customer Support: Supporting a product deployed into regulated customer environments which includes utility-sector security reviews, NERC CIP exposure, or third-party risk assessments.
Benefits
- 120 hrs of paid time off
- Health Insurance
- Dental & Vision Insurance
- Short-term disability insurance
- Long-term disability insurance
- Health Savings Account (HSA)
- Flexible Spending Account (FSA)
- Paid holidays
- Flexible work schedule