About the Role

The CTO Intelligence Hub is OPSWAT’s internal data platform; a fleet of 20+ containerised applications running on AWS EC2 that deliver AI adoption analytics, financial intelligence, customer health scoring, sales leaderboards, and content generation to OPSWAT leadership and 590+ engineers worldwide. You will own the infrastructure layer that keeps this platform reliable, secure, and scalable.

This is a hands-on individual-contributor role. You will be the sole infrastructure owner on day one, working closely with the CTO and one AI Platform Architect to operationalise and evolve the system.

What You Will Own

• AWS infrastructure: EC2 instances (eu-north-1), S3 buckets, IAM roles, SSM-based remote access (no SSH), security group allowlists across 8 global offices
• Container orchestration: Docker Compose fleet of 20+ services with sequential startup chains, health monitoring, auto-rollback, and OOM prevention on memory-constrained instances
• CI/CD pipeline: GitHub Actions workflows (centralized deploy-app.yml), S3 artifact rotation, per-service smart change detection, post-deploy health checks
• Reverse proxy & SSO: nginx routing, Cloudflare SSL termination, OAuth2 Proxy backed by Azure AD for single sign-on across all internal apps
• Credential & secrets management: OAuth token lifecycle (token-proxy auto-refresh), GitHub org secrets, PAT rotation, SSM Parameter Store, per-app .env files
• Data pipeline operations: EC2 #3 (Fabric → Parquet → S3), daily cron jobs, MSAL token refresh, lockfile and resume logic
• Observability & incident response: health monitor (15-min cron), watchdog deep-checks, Telegram alerting, EC2 reboot recovery, Docker mount-corruption recovery
• Security posture: network-level access controls, credential hygiene, OPSEC between corporate and personal identities

You Will Be a Strong Fit If You Have

• 3–6 years hands-on AWS experience (EC2, S3, IAM, SSM — not just console clicks)
• Solid Docker and Docker Compose skills; you debug failed container starts at 2 am without fear
• GitHub Actions: writing and maintaining multi-job workflows with secrets, artifacts, and matrix builds
• Linux system administration (Ubuntu): cron, systemd, disk management, process investigation
• Python scripting for ops tasks (deployment scripts, health checks, API automation)
• nginx configuration: upstream proxying, path-based routing, SSL
• A security-first mindset: you default to least-privilege and always ask “what happens if this leaks?”

Nice to Have

• Experience with Cloudflare (proxying, SSL, DNS management)
• Azure AD or OAuth2 Proxy familiarity
• PostgreSQL administration
• Experience operating ML/AI inference workloads
• GitHub App development (JWT-based installation tokens)
• Familiarity with Microsoft Fabric or Azure data services