Apprecode

AppRecode is a DevSecOps consulting firm with 30+ professionals serving clients across Europe and the United States. We specialize in PCI DSS Level 1 compliance implementations for payment processing platforms, delivering production-grade secure infrastructure that meets stringent regulatory requirements.

We are seeking a Senior DevOps Engineer to lead PCI DSS Level 1 compliance implementations for payment processing clients. You will architect and implement secure AWS-based Kubernetes environments for systems handling cardholder data (CHD), working directly with clients to ensure all infrastructure meets PCI DSS v4.0.1 requirements while optimizing for cost and performance.

Key Responsibilities

PCI DSS Compliance Implementation

• Design and implement PCI DSS v4.0.1 Level 1 compliant AWS infrastructure for payment processing platforms
• Define and secure Cardholder Data Environment (CDE) boundaries with proper network segmentation
• Implement centralized logging infrastructure with 1-year retention and immutable audit trails (S3, CloudWatch, CloudTrail)
• Configure encryption at rest and in transit (TLS 1.2+, mTLS, KMS encryption, certificate management)
• Deploy File Integrity Monitoring solutions (Wazuh) and configure security alerting
• Implement vulnerability management programs (Amazon Inspector, ASV scanning coordination)
• Configure AWS security services: GuardDuty, Security Hub, Config with PCI DSS Conformance Pack
• Coordinate penetration testing activities and remediate security findings
• Create and maintain security policies, procedures, and compliance documentation

AWS Infrastructure & Security

• Design multi-AZ VPC architectures with CDE isolation and network segmentation
• Implement IAM roles, policies, and MFA enforcement following least-privilege principles
• Manage KMS encryption keys with automatic rotation
• Configure security groups, NACLs, VPN access, and bastion hosts
• Optimize AWS costs and implement cost monitoring dashboards
• Design backup and disaster recovery solutions meeting PCI requirements
• Deploy and optimize RDS PostgreSQL, Redis, and RabbitMQ with encryption

Kubernetes & Microservices Security

• Deploy production EKS clusters with security hardening (private API, envelope encryption)
• Implement RBAC, Pod Security Standards, and Network Policies for CDE workloads
• Configure Istio service mesh for mTLS enforcement between microservices
• Set up automated certificate management with cert-manager
• Deploy microservices across multiple environments (dev, staging, production)
• Configure EKS control plane logging and security monitoring

CI/CD & Automation

• Build secure CI/CD pipelines (GitHub Actions) with security gates and scanning
• Integrate SAST tools (SonarQube/SonarCloud), dependency scanning, and container image scanning
• Implement HashiCorp Vault for secrets management (no secrets in code)
• Develop Infrastructure as Code using Terraform for entire AWS stack
• Create Helm charts for application deployments
• Automate compliance validation and drift detection

Monitoring & Observability

• Deploy Prometheus and Grafana for infrastructure and security monitoring
• Integrate Sentry for application error tracking and telemetry
• Configure AlertManager with PagerDuty for 24/7 security alerting
• Create dashboards for security events, cost monitoring, and compliance metrics
• Implement security event monitoring and anomaly detection

Required Qualifications

Mandatory Requirements

• 5+ years of hands-on DevOps/SRE experience with production systems
• Proven experience implementing PCI DSS Level 1 compliance (multiple projects strongly preferred)
• Deep understanding of PCI DSS v4.0.1 requirements, SAQ completion, and QSA audit processes
• Expert-level AWS knowledge (VPC, EC2, EKS, RDS, S3, KMS, IAM, CloudWatch, GuardDuty, Config, Security Hub)
• Production Kubernetes/EKS expertise (RBAC, Network Policies, Pod Security Standards, security hardening)
• Strong Terraform experience (3+ years) for infrastructure provisioning and management
• Helm charts for Kubernetes package management
• Experience with service mesh technologies (Istio preferred) for mTLS implementation
• CI/CD pipeline development (GitHub Actions, GitLab CI, or Jenkins)
• Strong Linux system administration skills (Ubuntu/Debian preferred)
• Deep understanding of encryption, network security, and authentication mechanisms
• Experience with security scanning tools (SAST, dependency scanning, container scanning)

Highly Desired

• Experience with HashiCorp Vault for secrets management
• Grafana and Prometheus for monitoring and observability
• Sentry integration for application monitoring
• Production experience with RabbitMQ, Redis, and PostgreSQL
• Python scripting for automation and tooling
• Wazuh or similar FIM solutions
• SonarQube/SonarCloud integration
• AWS cost optimization and FinOps practices
• Knowledge of other compliance frameworks (ISO 27001, SOC 2, HIPAA)

Professional Skills

• Excellent communication skills with ability to work directly with clients
• Experience in consulting or professional services environments
• Strong problem-solving and analytical abilities
• Self-motivated with ability to manage multiple projects simultaneously
• Proactive approach to identifying security and compliance issues
• Team player with collaborative mindset
• English fluency (written and verbal) required

What AppRecode offers

• 20 days of paid annual leave plus public holidays.
• 5 paid sick days per year.
• Remote-first work environment.
• Friendly and supportive team culture.
• Personal development plans and access to experienced mentors and technical leaders.
• Reimbursement for sports activities and professional certifications (after probation).
• Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
• Free English classes if you want to further improve your communication skills.

AppRecode is looking for a Middle DevOps Engineer to lead infrastructure modernization for a client transitioning from a hybrid setup to a fully cloud-native architecture.

This is a hands-on role with strategic impact — you'll be analyzing existing infrastructure, designing AWS migration paths, and building developer-enabling solutions from the ground up. The client operates a Node.js + Vue.js application with multi-tenant deployments on Kubernetes, and needs an experienced engineer to simplify complexity, complete the AWS transition, and establish self-service deployment workflows for their development teams.

Project Overview

Our client operates a hybrid infrastructure application (Node.js + Vue.js) split between AWS and on-premises environments. The current setup includes multiple development instances and separate deployments for each client (20+ instances) running on Kubernetes, with CI/CD pipelines in GitLab. We're looking for a Middle DevOps Engineer to lead the infrastructure modernization effort: analyzing the existing setup, designing a simplified cloud-native architecture, completing the AWS migration, and enabling developer self-service deployments.

Responsibilities

• Analyze current hybrid infrastructure (AWS + on-premises) and document the existing architecture, deployment patterns, and pain points
• Design and implement complete AWS migration strategy for all workloads currently running on-premises
• Build production-grade AWS infrastructure from scratch using Infrastructure as Code (Terraform)
• Optimize Kubernetes architecture to support multi-tenant deployments efficiently
• Implement ephemeral environments for PR testing to enable developers to validate changes before merging
• Redesign and optimize GitLab CI/CD pipelines for developer self-service deployments
• Create comprehensive documentation for development teams covering infrastructure components, deployment workflows, and critical integration points (including AI-powered features)
• Work with existing development team (including handover from previous infrastructure owner) to ensure smooth knowledge transfer
• Establish monitoring, logging, and alerting infrastructure for production and development environments

Nice to Have

• Experience with multi-tenant Kubernetes architectures
• Knowledge of cost optimization techniques for AWS workloads
• Familiarity with GitOps practices and tools (ArgoCD, Flux)
• Experience with Node.js and Vue.js application deployment patterns
• Background in migrating legacy systems to cloud-native architectures
• Experience creating developer-focused documentation and runbooks
• Experience with observability tools (Prometheus, Grafana, ELK stack)
• German language skills (for direct communication with existing dev team)

Candidate Profile

• 3-4 years of hands-on AWS experience (EC2, ECS/EKS, RDS, VPC, IAM, CloudWatch)
• 2-3 years of Kubernetes experience in production environments
• Proven track record of AWS migrations and building infrastructure from scratch
• Strong Infrastructure as Code skills (Terraform preferred)
• Experience with GitLab CI/CD or similar platforms
• Excellent documentation and communication skills
• Ability to work independently and drive technical decisions
• English: Upper-Intermediate or higher (for communication with German development team)
• Availability: 3+ months with high possibility of extension

What AppRecode offers

• 20 days of paid annual leave plus public holidays.
• 5 paid sick days per year.
• Remote-first work environment.
• Friendly and supportive team culture.
• Personal development plans and access to experienced mentors and technical leaders.
• Reimbursement for sports activities and professional certifications (after probation).
• Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
• Free English classes if you want to further improve your communication skills.