Senior Postgresql Database Administrator CTC 18+LPA

Refer the Document

https://bankbenchers-my.sharepoint.com/:w:/p/ceo/IQCyQXYyXONMSKuUybdLgEpcAXuv1efgptA0hciFWHb902Y?e=egPmHe

A banking database DBA is not just a performance engineer they are the last line of defence between farmer financial data and a potential breach.

Role Overview

The Senior Database Administrator (DBA) is responsible for the health, performance, security, availability, and continuity of all database infrastructure supporting the eKCC application. This role is a mission-critical function and carries both technical and governance accountability.

1.1Core Purpose

Ensure the database is always available, performant, and secure for all operational users across six states

Protect farmer financial data including Aadhaar-linked KCC records in compliance with RBI and NABARD guidelines

Proactively prevent incidents through monitoring, maintenance, and capacity planning

Respond to incidents with defined RTO and RPO targets

Provide management with clear, timely visibility into database health

1.2Reporting Structure

Reports To

CTO / Head of Infrastructure

Functional Alignment

Application Delivery and Operations

Escalation Path

CTO CEO for P1 incidents beyond 1 hour

Collaboration

Application Team, Security Team, ITSM, Audit

2. Core Responsibilities2.1Database Administration Day-to-Day

Monitor database health every business day before 09:00 IST and publish morning dashboard

Review pg_stat_activity, pg_stat_statements, and pg_locks for anomalies each morning

Manage connections via PgBouncer ensure pool health and alert thresholds are set

Ensure autovacuum is running correctly and dead tuple ratios remain below 10%

Review and action slow query alerts within the same business day

Ensure all cron-based maintenance jobs (VACUUM, ANALYZE, log rotation) run successfully

Review disk usage trends daily escalate if projected to cross 70% within 30 days

2.2Performance Management

Maintain cache hit ratio above 99% at all times alert at 97%, escalate at 95%

Tune postgresql.conf parameters (shared_buffers, work_mem, effective_cache_size, checkpoint parameters) to match current workload and hardware

Conduct weekly review of top 10 slow queries from pg_stat_statements

Create and maintain indexes including partial, composite, and concurrent builds to eliminate sequential scans on tables exceeding 10,000 rows

Monitor and manage table bloat initiate manual VACUUM FULL during maintenance windows when bloat exceeds threshold

Conduct monthly performance baseline review and present trend report to management

Coordinate with application team on query design, connection management, and ORM configuration

2.3High Availability and Disaster Recovery

Maintain streaming replication to a geographically separate DR standby at all times

Monitor replication lag alert immediately if lag exceeds 60 seconds

Ensure automatic failover is configured via Patroni or equivalent manual failover is not acceptable for production

Conduct quarterly DR failover drill and submit written drill report to management within 48 hours

Maintain a documented DR runbook with step-by-step recovery procedures

Define, document, and validate RTO and RPO targets in consultation with management

Ensure DR site access controls are independent of primary site

2.4Backup and Recovery

Execute and verify daily full or incremental backups using pg_basebackup or equivalent

Maintain WAL archiving alert immediately on any archiving failure; do not allow archiving to be stopped without escalation

Test backup restoration every month not just backup creation but actual restoration to a test environment

Maintain backup retention schedule: daily 30 days, weekly 3 months, monthly 1 year as per RBI/NABARD data retention policy

Ensure all backups are encrypted before transfer to DR location

Document and update PITR recovery procedures with actual timing benchmarks

Submit monthly backup and recovery drill report to management

2.5Security and Compliance

Enable and maintain pgaudit for comprehensive audit logging of all DDL, DCL, and privileged activity

Ensure no application connects to PostgreSQL as the postgres superuser

Configure pg_hba.conf to allow connections only from known, approved IP addresses

Enforce SSL/TLS for all database connections reject unencrypted connections

Implement and maintain Role-Based Access Control (RBAC) principle of least privilege

Implement Row Level Security (RLS) where state-level data segregation is required

Ensure data masking is applied to all non-production copies of farmer data

Maintain audit trail for minimum 5 years as per RBI compliance requirements

Coordinate VAPT (Vulnerability Assessment and Penetration Testing) annually remediate all critical findings within 30 days

Apply PostgreSQL security patches within defined SLA critical patches within 7 days

Maintain compliance with RBI IT Framework, RBI Cyber Security Framework 2016, CERT-In Directions 2022, and IT Act 2000

2.6Monitoring and Alerting

Deploy and maintain monitoring stack: Grafana + Prometheus or similar tools + pg_exporter from day one of go-live

Configure real-time alerts for all critical database metrics with defined thresholds:

Cache hit ratio alert at < 97%

Dead tuple ratio alert at > 10%

Replication lag alert at > 60 seconds

Connection count alert at > 75% of max_connections

Disk usage alert at > 70%

WAL archiving alert immediately on failure

Long-running queries alert at > 5 minutes

Deadlock detection alert on every occurrence

Failed login attempts alert on 3+ consecutive failures

Review alerts and Grafana dashboards daily not just when incidents occur

Configure pgBadger for weekly log analysis and slow query reporting

Establish and maintain baseline behaviour profiles alert on deviations

2.7Maintenance and Change Management

Plan all maintenance activities during approved maintenance windows no production changes during business hours without explicit written approval

Every production change must include: change description, rollback plan, verification steps, and change approver

Apply minor version upgrades within 30 days of release test in staging first

Plan major version upgrades with a minimum 60-day preparation cycle including: staging validation, application team sign-off, zero-downtime strategy, and rollback plan

Maintain a change log all changes documented before and after execution

Manage ITSM requests related to database with defined SLA adherence

2.8Capacity Planning

Prepare and maintain a capacity planning document updated every quarter

Track data volume growth rate monthly project 6-month and 12-month storage requirements

Track user growth and concurrent connection trends project peak load scenarios

Recommend infrastructure procurement with minimum 3-month lead time before projected capacity breach

Present capacity plan to management every quarter with clear go/no-go recommendations.