Senior Database Engineer
N-iX is a global software development service company that helps businesses across the globe create next-generation software products. Founded in 2002, we unite 2,400+ tech-savvy professionals across 40+ countries, working on impactful projects for industry leaders and Fortune 500 companies. Our expertise spans cloud, data, AI/ML, embedded software, IoT, and more, driving digital transformation across finance, manufacturing, telecom, healthcare, and other industries. Join N-iX and become part of a team where your ideas make a real impact.
About the Project:
N-iX is assembling a dedicated delivery team for an intensive, high-visibility engagement with a US-based payments-technology business that is being carved out of its parent company into a standalone entity. The platform processes card payments end to end for thousands of institutional customers through five production .NET applications โ including a central payment gateway, a registration platform with an in-house encrypted card vault, an AWS-native ticketing / point-of-sale product, and a large commerce application with a single-tenant, per-customer database model.
Within a hard 90-day window the team delivers: an independent security assessment (penetration testing with code-assisted and cloud review), remediation of critical and high-severity findings verified by retest, end-of-life framework and dependency upgrades, and discovery / sequencing support for the transfer of the Azure and AWS estate to the new owner. The work is fast-paced, brownfield and security-centric, with direct exposure to the client's CTO-level stakeholders and a realistic Phase 2 (re-architecture and platform integration) for continuation.
Role Overview:
We are looking for a Senior Database Engineer (50% allocation) to own the database layer of the security remediation. The flagship legacy application runs a single-tenant model with roughly 2,000 production SQL Server databases (one per customer), and the registration platform stores encrypted cardholder data in a card vault whose business logic lives in T-SQL stored procedures. Nothing here can be done by hand at estate scale: the role is about programmatic scanning, schema-change automation and repeatable, evidence-producing runbooks that the client's retained team can execute estate-wide.
Key Responsibilities:
- Design and run programmatic security scanning across the single-tenant SQL Server estate (~2,000 databases): configuration, permissions, encryption posture, sensitive-data exposure.
- Build schema-change automation with rollout and rollback tooling โ templated migrations executed estate-wide by the retained team from your runbooks; no per-database manual work.
- Review and remediate T-SQL stored procedures and triggers flagged by the security assessment, including the encrypted card vault (deep review is AI-assisted and paired with the security team).
- Support encrypted card-vault data handling and migration scenarios: key-rotation impact, re-encryption, integrity verification.
- Harden the MySQL 8 / AWS Aurora databases of the AWS-native ticketing product.
- Produce retest evidence: before / after states, scripts, execution logs, residual-risk notes.
Requirements & Qualifications
- Experience: 6+ years as a DBA / database engineer on large production estates; proven work where changes are rolled out across hundreds or thousands of databases programmatically.
- Core stack (Must-Have): deep SQL Server 2017/2019 administration and performance; expert T-SQL (stored procedures, triggers); working MySQL 8 / AWS Aurora.
- Automation (Must-Have): schema-change automation across many single-tenant databases โ templated migrations, batching, verification, rollback.
- Sensitive data (Must-Have): hands-on experience with encrypted data stores โ encrypted card-vault handling / migration, key-rotation and re-encryption scenarios.
- Nice-to-Haves: Cosmos DB; DynamoDB; Azure SQL Managed Instance; PCI DSS exposure.
- English: fluent written and spoken English (B2+) for documentation, evidence packages and client calls.
- Working hours: standard EU hours with 2โ3 hours of overlap with US Eastern Time for client ceremonies.
We offer*:
- Flexible working format - remote, office-based or flexible
- A competitive salary and good compensation package
- Personalized career growth
- Professional development tools (mentorship program, tech talks and trainings, centers of excellence, and more)
- Active tech communities with regular knowledge sharing
- Education reimbursement
- Memorable anniversary presents
- Corporate events and team buildings
- Other location-specific benefits
*not applicable for freelancers