Platform Engineer (DevOps + API + Security) | 8+ yrs | Remote

Job Title: Platform Engineer (DevOps + API + Security)

Location: Remote

Work Timings: 5:00 PM 2:00 AM IST (US Overlap)

Experience: 8+ Years

We are looking for a dedicated Platform Engineer to take ownership of our DevOps stack, own our security posture, and contribute to API development. This is a multi hat role. When DevOps or security work comes up, you are the person who picks it up immediately and unblocks the team. When it does not, you shift to the API side and contribute to building and maintaining our integrations.

The priority is simple: the team cannot afford to be blocked on DevOps, and security cannot be treated as an afterthought. When a pipeline breaks, a deployment fails, a database migration stalls, or a credential is exposed, we need someone who is already on it.

Responsibilities:

Devops

Own and improve CI/CD pipelines (GitHub Actions, deployments, rollbacks)

Manage AWS infrastructure (ECS, RDS/Aurora, S3, IAM, CloudWatch, cost monitoring)

Maintain and extend Terraform configurations for all infrastructure changes

Be the first responder on DevOps issues, outages, and deployment blockers

Monitor production systems and proactively address reliability and performance issues

Automate repeatable operations (deployments, provisioning, backups, access audits)

Keep documentation current for infrastructure, runbooks, and incident response

Security

Own the security posture across GitHub, AWS, Google Workspace, and all third party tooling

Enforce MFA and 2FA across every platform and audit compliance on a regular cadence

Manage IAM policies with least privilege as the default, including role based access and scoped service accounts

Lead incident response for security events (account compromise, leaked credentials, unauthorized access, suspicious activity)

Manage secrets end to end (rotation schedules, centralized storage, scanning for leaked secrets in repos and logs)

Run quarterly access audits across all systems and promptly revoke access when people leave or change roles

Enforce GitHub branch protection, signed commits, required reviews, and org level security policies

Monitor for anomalies (login patterns, unusual API calls, cost spikes, permission changes) and investigate

Maintain an up to date security runbook covering detection, containment, eradication, recovery, and postmortem steps

Partner with engineering on secure coding practices, dependency scanning, and vulnerability patching

Google Workspace Administration

Administer Google Workspace (users, groups, organizational units, shared drives, domain settings)

Enforce 2SV, context aware access, session controls, and device policies across the org

Manage SSO and SAML integrations between Google Workspace and third party tools

Own the onboarding and offboarding workflow (account provisioning, group membership, license assignment, timely access revocation)

Configure DLP rules, retention policies, and sharing controls for sensitive data

Monitor admin console alerts, audit logs, and login activity for suspicious behavior

Manage email security settings (SPF, DKIM, DMARC, spam and phishing controls)

Keep license usage clean

API Development

Lead the build of the new APIs

Maintain and optimize the existing API (performance, reliability, new features)

Support and improve other internal APIs as needed

Integrate APIs with external systems (partners, webhooks, data sources)

Write clean, tested, well documented code

Build authentication and authorization the right way (OAuth, JWT, scoped tokens, rate limiting)

Must Have

Strong hands on AWS experience (IAM, ECS, RDS/Aurora, S3, CloudWatch, VPC)

Terraform proficiency, comfortable working in an existing codebase

Solid CI/CD experience with GitHub Actions (or CircleCI, GitLab CI)

Experience administering GitHub at org level (branch protection, SSO, secrets, security policies)

Google Workspace admin experience (user management, SSO, security controls, DLP)

Strong security mindset with real incident response experience (account compromise, credential leaks, access audits)

Experience with secret management (AWS Secrets Manager, HashiCorp Vault, Doppler, or similar)

Strong Python for automation, scripting, and API work

Cloudflare (DNS, WAF, CDN) configuration

Proficiency with Node.js or TypeScript for backend and API development

Deep understanding of REST API design and implementation

Experience with Docker, containerization, and deployment workflows

Working knowledge of PostgreSQL / Aurora (schema, migrations, performance)

Writing GitHub Actions workflows from scratch

Monitoring and observability (Sentry, PostHog, CloudWatch, Datadog)

Takes ownership and drives issues to resolution without being prompted

Clear, proactive communication. Flags issues and status without being asked

Committed, dedicated, and full availability

Nice To Have

AWS cost optimization and FinOps experience

OAuth / JWT and API authentication best practices

Experience with SOC 2, ISO 27001, or similar compliance frameworks

Familiarity with SAST, DAST, SCA, and secret scanning tooling (Snyk, GitGuardian, Dependabot, TruffleHog)

Experience with endpoint security and device management (MDM)

Experience with Cursor, Claude Code, or other AI assisted development tooling

What you will be working on

Stabilizing and improving DevOps so the team never sits blocked

Hardening our security posture across AWS, GitHub, Google Workspace, and third party tools

Automating manual operational work across deployments, migrations, access audits, and permissions

Leading incident response and building the playbooks so the next incident is faster and cleaner

Building the new APIs end to end once requirements land

Keeping the internal APIs healthy and evolving them over time

Running a tight ship on access management (onboarding, offboarding, quarterly audits, MFA enforcement)

Being the go to person when a pipeline, deployment, migration, or security alert needs attention