DevOps Engineer · Eatery Club

We are building the infrastructure that powers restaurant ordering, real-time WebSockets, and multi-tenant CDN delivery for thousands of users across Eastern Europe. Our platform runs on AWS EKS with Karpenter-managed node pools, served through CloudFront edge, and backed by MySQL RDS, Redis, and SQS — all provisioned through Terraform across three environments (dev / staging / prod).

We are looking for a DevOps Engineer who takes ownership of production systems and builds things that last. Not someone who runs commands — someone who designs the pipeline, writes the module, monitors the result, and fixes the alert at 10PM if needed.

This role owns the Kubernetes platform at the cluster level — you will administer node pools, manage upgrades, design topology changes, and support engineering teams deploying PHP/Laravel and Next.js workloads daily.

What you'll do

Infrastructure

• Manage and evolve AWS infrastructure using Terraform — modules, multi-region, Terraform Cloud remote state across workspaces
• Operate and tune Karpenter NodePools (spot + on-demand) for workload-specific isolation: backend, queue, transaction, websocket, and more

• Own EKS cluster lifecycle — version upgrades, node group migrations (currently AL2 → AL2023), IRSA, Velero backups

   

CI/CD

• Maintain Jenkins pipelines (EC2-hosted, x86 + ARM64 agents) with Groovy shared libraries
• Enforce security gates: Trivy container scanning, Hadolint Dockerfile linting, SonarQube quality checks

• Manage multi-arch Docker builds and ECR repositories per service

   

Observability

• Operate the ELK stack — Filebeat, Metricbeat, Elasticsearch, Kibana
• Maintain Grafana dashboards, Elastic APM, Pyroscope continuous profiling, and OpenTelemetry collector

• Tune CloudWatch alarms and Falco runtime threat detection

   

Security & Edge

• Manage CloudFront distributions with WAFv2 — IP allowlists, geo-blocking, rate limiting, origin header verification
• Administer secrets via AWS Secrets Manager + External Secrets Operator

• Maintain WireGuard VPN and network-level access controls

   

What we're looking for

Required

• 3+ years of hands-on DevOps or platform engineering in production
• Terraform at team scale: modules, remote state, peer review, deployed to production — not just local experiments
• AWS: EKS, VPC, CloudFront, WAF, RDS, ALB, IAM, Secrets Manager, SQS, S3 — at depth, not surface level
• Kubernetes: cluster-level thinking — RBAC, ingress, PodDisruptionBudgets, node group management, helm charts, troubleshooting OOMKills and failed rollouts
• Jenkins or equivalent CI/CD tool with real pipeline ownership
• Python or Bash scripting for automation

Nice to have

• Karpenter (NodePool / EC2NodeClass design)
• ELK stack operations (Filebeat, Metricbeat, Elasticsearch index lifecycle)
• Velero, AWS Backup, disaster recovery playbooks
• Falco or similar runtime security tooling
• Experience deploying PHP/Laravel and Next.js workloads in containers
• Maxwell CDC, RDS Proxy, or Redis operations experience

Our stack at a glance

Terraform · AWS EKS · Karpenter · Helm · Jenkins · Docker · ECR · CloudFront · WAFv2 · RDS MySQL · ElastiCache Redis · SQS · Elasticsearch · Grafana · Elastic APM · OpenTelemetry · Pyroscope · Falco · Velero · WireGuard