Key skills
AWSKubernetesGitLab CI/CDTerraformLinux administrationObservability toolingScripting BashScripting Python/GoDevOps culturePythonGo.NETBashAIK8sGitLab CIVaultEKSHelmCloudFormationEC2RDSRoute53IAMCloudWatchPrometheusGrafanaGitGitLabSaaSJiraCI/CDChange ManagementCommunicationCollaborationWAFFirewall
About this role
Unanet is a growing engineering company looking for a Senior Platform Release Engineer who will manage CI/CD, release automation, and the infrastructure platform for their AI-first solutions. The role involves designing GitLab-based CI/CD pipelines, operating AWS EKS clusters, and enhancing security and observability within the platform.
Responsibilities:
- Own end-to-end GitLab CI/CD pipelines for key services, ensuring they build, test, and deploy reliably using K8s runners
- Standardize pipeline patterns (templates/components) for multiple tech stacks (.NET, Go, Node, etc.) and environments, emphasizing build reproducibility and security
- Implement and maintain multi-stage deployment workflows (dev → lower → upper → stage → prod) with automated checks, approvals, and rollbacks, aligned to our change management practices in Jira
- Collaborate with engineering teams to simplify release processes
- Operate and evolve AWS EKS clusters in multiple accounts/regions (including GovCloud) using Terraform and shared infra modules (VPC, subnets, security groups, EKS, Route53, ALBs/NLBs, Network Firewall, etc.)
- Manage cluster add-ons and platform workloads (e.g., monitoring stack, ingress/proxy, build runners, shared services) via Helm / Helm-based tooling and Git-based workflows
- Implement and support infrastructure-as-code for new environments and services (VPCs, EKS clusters, DNS zones, IAM roles, IRSA, Route53 resolver rules, VPC endpoints, etc.)
- Deploy and tune observability tooling (e.g., Grafana Alloy, Prometheus-compatible metrics, CloudWatch logs, Loki/Victoria Metrics) to ensure platforms and pipelines are well-instrumented
- Define and monitor SLOs/SLAs for critical services and CI/CD components; build alerts using CloudWatch, Grafana, and related tools
- Participate in operational reviews, incident response, and post-incident retrospectives, driving reduction of toil via automation, playbooks, and pipeline improvements
- Apply our container hardening and FIPS 140-2 guidelines across images and pipelines, including use of Chainguard base images and vault-init-fips entry points where required
- Partner with Cloud Platform and Security teams to maintain Network Firewall rules, VPC endpoint policies, and WAF rules that restrict egress/ingress to approved domains and ports
- Ensure CI/CD, infra, and release processes support FedRAMP Moderate and related controls (e.g., SA-4(9) functions/ports/services documentation, image provenance in ECR)
- Act as a bridge between product development and CloudOps, helping teams adopt best practices in CI/CD, infrastructure-as-code, and Kubernetes deployment patterns
- Provide guidance and documentation on using shared components (build runners, Helm charts, Eve manifests, ECR repos, secrets management patterns)
- Champion DevOps culture and continuous improvement using metrics, incident learnings, and developer feedback to drive change
Requirements:
- 5+ years in a DevOps, SRE, or Release Engineering role supporting production SaaS
- Strong hands-on experience with AWS (networking, IAM, EKS, ECR, EC2, RDS, CloudWatch, Route53)
- Deep experience operating Kubernetes in production (workloads, networking, ingress, RBAC, upgrades, troubleshooting)
- Proficiency with Git-based CI/CD (e.g., GitLab) and building robust pipelines for multi-stage deployments
- Solid infrastructure-as-code skills with Terraform (or CloudFormation) for AWS and Kubernetes resources
- Strong Linux administration and scripting skills (Bash and either Python or Go)
- Familiarity with observability tooling (Grafana/Prometheus/CloudWatch or equivalent) and building actionable alerts
- Excellent communication and collaboration skills; proven ability to partner with developers, QA, and Ops to ship software quickly and safely
- Experience working in regulated environments including evidence collection and change control practices
- Prior exposure to container hardening, and secure supply chain practices
- Hands-on with Vault, AWS Secrets Manager, and secret distribution patterns in Kubernetes
- Familiarity with AWS services and integrating them into application CI/CD and IAC patterns
- Experience contributing to or maintaining shared infrastructure modules and platform tools (Terraform modules, Helm charts, operators, GitLab pipeline components)