Reports To: Director of Platform Engineering

Location: Remote (US)

Type: Full-Time

Min. Experience: 4+ Years

Department: Engineering / Infrastructure

Role Overview

The DevOps Engineer is responsible for the design, reliability, and continuous improvement of Lynk's AWS cloud infrastructure. This role owns the full lifecycle of cloud environments - from infrastructure provisioning and CI/CD pipelines to security, compliance, and operational support. The position operates within a fast-paced, compliance-driven environment and requires both steady operational execution and proactive infrastructure improvement. CMMC Level 2 compliance is non-negotiable in everything you build.

Key Responsibilities

Infrastructure & Terraform
• Design, build, and maintain AWS infrastructure using Terraform as the IaC standard across all environments (dev, staging, production)
• Manage Terraform modules, state management, remote backends, and workspace strategy • Participate in architecture reviews and drive infrastructure optimization and cost management
• Maintain AWS Organizations or multi-account architecture as the environment scales

CI/CD & Automation
• Own and evolve CI/CD pipelines (GitLab CI or GitHub Actions) - from code commit to production deployment
• Identify and implement automation opportunities to reduce manual operational overhead
• Support and maintain deployment workflows for application and platform teams

AWS Platform Operations
• Manage core AWS services: EC2, ECS, S3, RDS, Lambda, SQS, SNS, CloudWatch, KMS, IAM, VPC, Route53, CloudFront
• Design, deploy, and maintain serverless workloads using AWS Lambda - including function lifecycle management, concurrency, event source mappings, and cold-start optimization
• Operate and support AWS Ground Station for satellite communication scheduling, antenna management, and data downlink pipelines
• Monitor infrastructure health using Tenable for vulnerability and compliance scanning, CloudWatch for operational metrics, and PagerDuty or equivalent for alerting and incident response

Security & Compliance
• Enforce infrastructure security posture aligned with CMMC Level 2 - IAM least privilege, encryption at rest/in transit, secrets management (AWS Secrets Manager, Parameter Store) • Manage team-based IAM access using AWS IAM Identity Center - permission sets, group assignments, account entitlements, and SCIM-based provisioning across the multi-account org
• Use Tenable to continuously assess infrastructure for vulnerabilities and maintain CMMC Level 2 compliance evidence
• Manage certificate lifecycles, KMS key policies, and privileged access controls
• Support audit activities with accurate, current documentation and evidence

Documentation & Cross-Functional Support
• Maintain SOPs, runbooks, and architecture diagrams
• Collaborate with engineering teams on capacity planning and platform reliability

Required Qualifications
• 4+ years of DevOps/infrastructure engineering experience in AWS-native environments
• Deep hands-on Terraform experience - modules, state management, remote backends, workspace strategy
• Proficient with AWS core services: EC2, ECS, S3, RDS, Lambda, SQS/SNS, IAM, VPC, CloudWatch, KMS
• Strong Linux/Unix administration and scripting (Bash, Python)
• CI/CD pipeline ownership - GitLab CI, GitHub Actions, or Jenkins
• Serverless architecture and AWS Lambda - function design, event-driven patterns, IAM execution roles, and observability
• Experience with AWS Ground Station or other satellite ground segment infrastructure
• AWS IAM Identity Center - permission sets, group-to-account assignments, SCIM provisioning, and SSO integration
• Experience operating in CMMC Level 2 or equivalent DoD/regulated compliance environments
• Solid understanding of network fundamentals: VPC design, security groups, NACLs, peering, Transit Gateway
• Comfortable working asynchronously and remotely without daily check-ins

Preferred Qualifications
• AWS certifications (Solutions Architect, DevOps Engineer Professional, or Security Specialty)
• Familiarity with Datadog, Grafana, or similar observability stacks
• Experience with database platforms: PostgreSQL, Aurora, or DynamoDB
• Prior work in defense, federal, or regulated industries (DoD, FedRAMP, CMMC, ITAR)
• Experience with AWS Organizations, Control Tower, or multi-account architectures
• Infrastructure cost optimization - Reserved Instances, Savings Plans, right-sizing
• Experience in a startup or small-team environment where ownership breadth is high
• Bachelor's degree in Computer Science, Engineering, or equivalent practical experience

What "Works Independently" means here at Lynk

Independent operation is a core requirement, not a preference.

Specifically, this means:
• You receive an objective, not a step-by-step plan. You define the approach.
• You triage and prioritize your own backlog with limited daily oversight.
• When you hit a blocker, you exhaust reasonable paths before escalating.
• You produce documentation and runbooks as a matter of habit, not when asked.
• You proactively flag risks, degraded performance, and technical debt before they become incidents.
• You deliver on commitments and communicate early when scope or timelines shift.

Benefits
• Competitive compensation benchmarked to US market rates
• Medical, dental, and vision coverage
• Paid Time Off and federal holidays
• Opportunity for growth within a fast-moving, mission-driven technology company