Cloud Infrastructure Engineer

Company Description

NXL Technologies is an innovative IT company specializing in website development, service support, and gaming development. Committed to advancing the digital landscape, we prioritize creating groundbreaking solutions that push the boundaries of technology. Our emphasis on revolutionizing the gaming industry underscores our dedication to innovation. At NXL Technologies, we thrive on collaboration and creativity, aiming to deliver exceptional value to our clients and users.

About the Role We're building an automated trading platform on AWS. We're looking for a hands-on DevOps engineer who can own the entire infrastructure — from network architecture and security to deployment pipelines and monitoring. You won't just maintain what exists; you'll help design and build it. This role is ideal for someone who has worked in a small team before, is comfortable making decisions independently, and understands that in a startup, ownership means everything. What You'll Own Cloud Infrastructure Design, build, and maintain our AWS environment (VPC, subnets, EC2, ECS, RDS, DynamoDB) Manage all networking — Security Groups, NAT Gateway, route tables, VPN endpoints Write and maintain infrastructure-as-code using Terraform or AWS CDK Handle environment separation (dev, staging, production) and ensure they don't bleed into each other Security Implement and manage AWS Client VPN with certificate-based authentication and MFA Configure and enforce least-privilege IAM roles across all services Manage AWS Secrets Manager — API keys, credentials, rotation schedules Set up and maintain AWS GuardDuty for threat detection Enforce Security Group rules so internal services only talk to exactly what they need Coordinate or conduct basic vulnerability scans (AWS Inspector, Dependabot/Snyk) Work with an external pen tester before major releases CI/CD & Deployments Build and maintain deployment pipelines (GitHub Actions, AWS CodePipeline, or similar) Containerize services using Docker and manage them via ECS or EKS Implement blue/green or rolling deployments to minimize downtime Manage Docker image security scanning as part of the pipeline Monitoring & Alerting Set up and maintain CloudWatch dashboards, log groups, and metric alarms Configure SNS alerts for critical events: failed logins, trade anomalies, API key misuse, infrastructure health Build runbooks for common incidents so the team can respond without you being on call 24/7 Maintain audit logs in a tamper-evident, compliance-friendly way Reliability & Performance Implement auto-scaling for EC2 and ECS services Monitor and optimize AWS costs — reserved instances, right-sizing, unused resources Ensure RDS backups, snapshots, and point-in-time recovery are configured and tested Define and work toward uptime SLAs appropriate for a trading platform Collaboration Work closely with the backend developer to make secret injection, IAM permissions, and environment config seamless Work with the bot/quant developer to ensure the bot engine has the right network access — and only that Document everything: architecture diagrams, runbooks, deployment procedures, incident post-mortems What We're Looking For Must Have 2+ years of hands-on AWS experience (not just familiarity — you've built production systems on it) Strong networking fundamentals — VPCs, subnets, routing, Security Groups, NACLs Solid experience with Terraform or AWS CDK — infrastructure-as-code is non-negotiable for us Docker and container orchestration (ECS at minimum; EKS is a bonus) Experience with secrets management — AWS Secrets Manager or equivalent Working knowledge of IAM — you can write a least-privilege policy from scratch, not just copy one CI/CD pipeline experience — you've built pipelines, not just used them Linux administration — you're comfortable on the command line under pressure Strong Plus Prior experience in fintech, trading platforms, or any regulated industry Familiarity with Binance or exchange API integrations Experience with AWS GuardDuty, Inspector, or Security Hub Knowledge of compliance basics — audit logging, data retention, access controls Experience with Python or Bash for automation scripting Exposure to pen testing tools or vulnerability scanning workflows Mindset (This Matters as Much as the Skills) You think in threat models — not just "does it work" but "what happens when it breaks or gets attacked" You're comfortable making judgment calls without a committee You document as you go, not as an afterthought You flag risks early and clearly, even when it's inconvenient You understand that in a small team, a mistake you don't catch becomes everyone's emergency What You'll Be Working With AWS (VPC, EC2, ECS, RDS, DynamoDB, Secrets Manager, CloudWatch, GuardDuty, Client VPN) Terraform or AWS CDK Docker / ECS GitHub Actions or AWS CodePipeline Python/Bash for scripting Binance.US API (trading platform integration) PostgreSQL / DynamoDB