Senior DevOps Engineer — sanctions.io (Spain / Remote-Friendly)
---
We're hiring a Senior DevOps — a compliance SaaS company with ~300 customers in the financial sector. If Kubernetes, AWS, and security are your home turf, and you like real ownership over infrastructure, let's talk.
---
About the Role
At sanctions.io, our infrastructure is the product. When screening latency spikes or a pipeline stalls, our customers notice — and in compliance, reliability isn't a nice-to-have.
We're looking for a **Senior DevOps Engineer** to own our cloud infrastructure end-to-end. You'll lead the migration from AWS ECS to Kubernetes, harden our security posture, and make sure our platform scales cleanly as we grow. This is a **high-autonomy, high-ownership role** — you'll make real decisions, not implement tickets.
You'll be the primary infrastructure owner, working closely with the Head of Engineering and development team, with occasional collaboration with external support.
---
What You'll Do
Kubernetes Migration (near-term priority)
- Architect and execute the full migration of services from AWS ECS to Kubernetes (EKS)
- Design cluster topology, namespace strategy, network policies, and secrets management
- Validate rollout with proper testing, rollback planning, and documentation
- Set up GitOps workflows (ArgoCD or Flux preferred)
Infrastructure Ownership
- Own all AWS infrastructure: networking (VPC, subnets, SGs), compute, storage (S3, RDS), IAM, ECR
- Manage Terraform configurations across staging and production environments
- Improve Docker image builds, optimise for size and scan for vulnerabilities
- Collaborate with engineers on infrastructure needs for new features (e.g. AI workloads, vector search, batch processing)
CI/CD & Automation
- Maintain and improve GitHub Actions workflows and deployment pipelines
- Implement blue/green or canary deployments where appropriate
- Introduce automation that reduces toil and human error
Monitoring & Reliability
- Own observability: Prometheus, Grafana, structured logging, and alerting strategy
- Ensure Sentry is properly integrated and actionable
- Define and own incident response procedures and on-call processes
- Think proactively about failure modes and disaster recovery
Security
- Container security scanning and hardening
- Secrets management (external-secrets, sealed-secrets, or equivalent)
- Network segmentation, SSL/TLS, access controls, and IAM hygiene
- Stay current on AWS security best practices and act on them
---
What We're Looking For
Must-Have
- **5+ years of DevOps/infrastructure engineering** in production cloud environments
- **Kubernetes (3+ years, production-grade)** — EKS strongly preferred
- Helm, Kustomize or equivalent
- Ingress, network policies, HPA/VPA
- Experience migrating workloads *to* Kubernetes (from ECS or Docker Compose)
- Real debugging and troubleshooting experience
- **Strong AWS** — ECS, EC2, S3, SQS, RDS (PostgreSQL), VPC, IAM, ECR
- **Terraform** — managing real multi-environment codebases, not just tutorials
- **GitHub Actions** and solid CI/CD fundamentals
- Docker image optimisation and container security awareness
- **Spanish native or fluent (C1+), excellent English** — our tech team is in Spain; our product and customers are international
- Based in Spain or willing to relocate — **Tenerife preferred**, but strong candidates in CET timezone are considered for remote
Strong Plus
- GitOps (ArgoCD or Flux) in production
- AWS DevOps Agent
- Elasticsearch cluster management and scaling
- PostgreSQL administration under load (tuning, backups, replication)
- Redis and Celery worker infrastructure
- Familiarity with infrastructure needs for AI/ML workloads (GPU instances, batch inference pipelines) — not required, but we're moving in this direction
Nice-to-Have
- Experience in fintech, compliance, or regulated industries where security posture matters
- Incident commander experience or structured on-call process ownership
---
Our Stack
AWS (ECS → EKS migration in progress) · Kubernetes · Terraform · Docker · GitHub Actions · Prometheus · Grafana · Sentry · PostgreSQL (RDS) · Elasticsearch · Redis · Celery · SQS · Python/Django backend
---
What We Value
- **Ownership**: The infrastructure is yours. If something is broken or could be better, you don't wait to be asked.
- **Pragmatism**: You choose the right tool, not the trendiest. You balance ideal with shippable.
- **Clear communication**: You write down what you did and why. Async-first team.
- **Reliability mindset**: You think about failure modes before they become incidents, not after.
- **Openness to new tech**: We're actively exploring AI capabilities — you should be comfortable adapting infrastructure to support new workload types.
---
About sanctions.io
sanctions.io provides API and portal services for sanctions screening, PEP data, and adverse media monitoring — used by ~300 customers and 500 users in the financial compliance space. We're a small, focused team building infrastructure that keeps the financial system clean.
Remote-friendly (Spain-based team, CET timezone)
Working language: Spanish (team) + English (product/customers)
HQ: Tenerife, Spain
---
*Interested? Apply via LinkedIn or reach out directly. We read every application.*