Apprecode

AppRecode is looking for a Staff Engineer to join a client building a cloud-native testing platform that has evolved from an open-source core into a complex, enterprise-grade solution.

The role is focused on architectural leadership, technical decision-making, and driving product evolution in a fast-paced, resource-constrained environment. You will not be responsible for test creation or QA processes day-to-day – your mission is to guide technical strategy, reduce technical debt, and ensure the platform scales reliably as commercial traction accelerates.

Project overview

The client is evolving a Kubernetes-native testing platform with a strong focus on: 

• Architectural evolution and technical debt management
• Scalability and performance under growing commercial demand
• Distributed systems running on Kubernetes with Go at the core
• API design, security, and performance optimization
• Integration with cloud infrastructure (GCP preferred), databases (MongoDB, PostgreSQL), and messaging systems (NATS)

You will join a long-term initiative working closely with senior engineers, product teams, where architectural clarity and technical leadership are key success factors.

Responsibilities

• Drive architectural decisions for a complex, distributed Cloud Native platform built on Kubernetes.
• Balance technical debt, new features, and quality improvements in a high-pressure, resource-constrained environment.
• Design and evolve scalable, secure, and performant APIs and backend services in Go.
• Collaborate with product and engineering teams to translate customer and business needs into sound technical solutions.
• Mentor and lead senior engineers, fostering best practices in:
  • Cloud Native architecture
  • DevOps (CI/CD, networking, security)
  • Kubernetes operations and development
• Support the evolution of both core platform capabilities and enterprise features, ensuring consistency and maintainability.
• Continuously improve system reliability, observability, and operational excellence across the stack.

Required experience

• 10+ years of software engineering experience across a variety of companies, architectures, and technical contexts.
• Excellence in Kubernetes – both operational (cluster management, networking, security) and development (operators, controllers, CRDs).
• Excellence in Go – deep hands-on experience building production-grade distributed systems.
• Strong Cloud Native / distributed architecture experience – designing and scaling systems on Kubernetes.
• Strong DevOps skills:
  • Networking, security, CI/CD pipelines
  • Experience with GCP (or other major cloud providers, with a preference for GCP).
• Solid API design and implementation skills with a focus on performance and security.
• Experience with MongoDB and PostgreSQL in production environments.
• Product mindset – ability to balance technical excellence with customer and business needs.
• Fluent English – comfortable with daily communication with the client, team, and stakeholders.

Nice to have

• Experience with performance and functional testing at scale.
• Familiarity with NATS or similar messaging/event systems.
• Frontend development or architecture experience – React, Node.js.
• Experience contributing to or managing open-source projects from a technical/engineering perspective.

Candidate profile

• You come from a strong engineering background with exposure to diverse architectures and complex systems.
• You have real-world experience leading technical decisions and guiding platform evolution.
• You are comfortable in a role that focuses on:
  • architecture and system design,
  • mentoring senior engineers,
  • balancing quality, speed, and resource constraints,
    rather than hands-on feature implementation only.
• You thrive in high-pressure environments and can support teams rapid growth and change.

Role: Staff Engineer (Cloud Native / Kubernetes + Go)
Start: ASAP
Type: Long-term project
Language: English (working language)

What AppRecode offers

• 20 days of paid annual leave plus public holidays.
• 5 paid sick days per year.
• Remote-first work environment.
• Friendly and supportive team culture.
• Personal development plans and access to experienced mentors and technical leaders.
• Reimbursement for sports activities and professional certifications (after probation).
• Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
• Free English classes if you want to further improve your communication skills.

AppRecode is a DevSecOps consulting firm with 30+ professionals serving clients across Europe and the United States. We specialize in PCI DSS Level 1 compliance implementations for payment processing platforms, delivering production-grade secure infrastructure that meets stringent regulatory requirements.

We are seeking a Senior DevOps Engineer to lead PCI DSS Level 1 compliance implementations for payment processing clients. You will architect and implement secure AWS-based Kubernetes environments for systems handling cardholder data (CHD), working directly with clients to ensure all infrastructure meets PCI DSS v4.0.1 requirements while optimizing for cost and performance.

Key Responsibilities

PCI DSS Compliance Implementation

• Design and implement PCI DSS v4.0.1 Level 1 compliant AWS infrastructure for payment processing platforms
• Define and secure Cardholder Data Environment (CDE) boundaries with proper network segmentation
• Implement centralized logging infrastructure with 1-year retention and immutable audit trails (S3, CloudWatch, CloudTrail)
• Configure encryption at rest and in transit (TLS 1.2+, mTLS, KMS encryption, certificate management)
• Deploy File Integrity Monitoring solutions (Wazuh) and configure security alerting
• Implement vulnerability management programs (Amazon Inspector, ASV scanning coordination)
• Configure AWS security services: GuardDuty, Security Hub, Config with PCI DSS Conformance Pack
• Coordinate penetration testing activities and remediate security findings
• Create and maintain security policies, procedures, and compliance documentation

AWS Infrastructure & Security

• Design multi-AZ VPC architectures with CDE isolation and network segmentation
• Implement IAM roles, policies, and MFA enforcement following least-privilege principles
• Manage KMS encryption keys with automatic rotation
• Configure security groups, NACLs, VPN access, and bastion hosts
• Optimize AWS costs and implement cost monitoring dashboards
• Design backup and disaster recovery solutions meeting PCI requirements
• Deploy and optimize RDS PostgreSQL, Redis, and RabbitMQ with encryption

Kubernetes & Microservices Security

• Deploy production EKS clusters with security hardening (private API, envelope encryption)
• Implement RBAC, Pod Security Standards, and Network Policies for CDE workloads
• Configure Istio service mesh for mTLS enforcement between microservices
• Set up automated certificate management with cert-manager
• Deploy microservices across multiple environments (dev, staging, production)
• Configure EKS control plane logging and security monitoring

CI/CD & Automation

• Build secure CI/CD pipelines (GitHub Actions) with security gates and scanning
• Integrate SAST tools (SonarQube/SonarCloud), dependency scanning, and container image scanning
• Implement HashiCorp Vault for secrets management (no secrets in code)
• Develop Infrastructure as Code using Terraform for entire AWS stack
• Create Helm charts for application deployments
• Automate compliance validation and drift detection

Monitoring & Observability

• Deploy Prometheus and Grafana for infrastructure and security monitoring
• Integrate Sentry for application error tracking and telemetry
• Configure AlertManager with PagerDuty for 24/7 security alerting
• Create dashboards for security events, cost monitoring, and compliance metrics
• Implement security event monitoring and anomaly detection

Required Qualifications

Mandatory Requirements

• 5+ years of hands-on DevOps/SRE experience with production systems
• Proven experience implementing PCI DSS Level 1 compliance (multiple projects strongly preferred)
• Deep understanding of PCI DSS v4.0.1 requirements, SAQ completion, and QSA audit processes
• Expert-level AWS knowledge (VPC, EC2, EKS, RDS, S3, KMS, IAM, CloudWatch, GuardDuty, Config, Security Hub)
• Production Kubernetes/EKS expertise (RBAC, Network Policies, Pod Security Standards, security hardening)
• Strong Terraform experience (3+ years) for infrastructure provisioning and management
• Helm charts for Kubernetes package management
• Experience with service mesh technologies (Istio preferred) for mTLS implementation
• CI/CD pipeline development (GitHub Actions, GitLab CI, or Jenkins)
• Strong Linux system administration skills (Ubuntu/Debian preferred)
• Deep understanding of encryption, network security, and authentication mechanisms
• Experience with security scanning tools (SAST, dependency scanning, container scanning)

Highly Desired

• Experience with HashiCorp Vault for secrets management
• Grafana and Prometheus for monitoring and observability
• Sentry integration for application monitoring
• Production experience with RabbitMQ, Redis, and PostgreSQL
• Python scripting for automation and tooling
• Wazuh or similar FIM solutions
• SonarQube/SonarCloud integration
• AWS cost optimization and FinOps practices
• Knowledge of other compliance frameworks (ISO 27001, SOC 2, HIPAA)

Professional Skills

• Excellent communication skills with ability to work directly with clients
• Experience in consulting or professional services environments
• Strong problem-solving and analytical abilities
• Self-motivated with ability to manage multiple projects simultaneously
• Proactive approach to identifying security and compliance issues
• Team player with collaborative mindset
• English fluency (written and verbal) required

What AppRecode offers

• 20 days of paid annual leave plus public holidays.
• 5 paid sick days per year.
• Remote-first work environment.
• Friendly and supportive team culture.
• Personal development plans and access to experienced mentors and technical leaders.
• Reimbursement for sports activities and professional certifications (after probation).
• Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
• Free English classes if you want to further improve your communication skills.