Description
We are looking for a
DevOps Lead to own the infrastructure strategy, CI/CD standards, and release engineering for the
Agent Stream at Trintech’s AI Platform. The Agent Stream builds production-grade AI agents that power the Autonomous Financial Close. This is a
hands-on IC role with stream-level influence — you are not just executing pipelines, you are defining the standards that Senior DevOps Engineers and squad engineers follow, making infrastructure strategy decisions alongside the Software Architect, and owning the on-prem to Azure migration sequencing for the stream. The right person brings deep Kubernetes and CI/CD depth, can design pipelines that meet AI-specific deployment requirements, and raises the engineering bar of every engineer they work alongside.
What You’ll Do
Infrastructure Strategy & Ownership
- Own the cloud-native infrastructure strategy for the Agent Stream — Kubernetes cluster configuration, namespace design, resource management, and environment topology across development, staging, and production.
- Lead the on-prem to Azure migration for Agent Stream services — sequencing what moves first, designing the migration path using Terraform, and maintaining service continuity throughout. This is a stream-level strategic decision, not a task-level one.
- Define infrastructure-as-code standards for the Agent Stream — Terraform module design, Helm chart structure, Kubernetes manifest patterns, and configuration management practices that Senior DevOps Engineers implement and follow.
- Ensure infrastructure is designed for resilience — high availability, automated failover, resource isolation between agent services, and graceful degradation under load.
CI/CD Pipeline Standards & Ownership
- Define and own CI/CD pipeline standards across all Agent Stream squads — multi-stage pipeline design covering build, automated testing, security scanning (SAST/DAST), staging gates, and production deployment. Senior DevOps Engineers execute within the standards you set.
- Design pipelines for AI-specific deployment requirements — model version management, Langfuse trace routing, confidence threshold configuration deployments, and agent configuration change workflows that go beyond standard application deployment.
- Own release approval workflows and deployment gates — including rollback procedures and audit trail generation that meet compliance requirements.
- Implement and govern progressive delivery practices — blue-green deployments, canary releases, and feature flag integration. Define when each pattern is appropriate and ensure squads apply them correctly.
- Own pipeline observability as a stream-level signal — deployment frequency, lead time, failure rate, and MTTR as engineering health metrics reported to the Engineering Manager.
Influence Leadership & Technical Direction
- Provide technical direction for DevOps practice across the Agent Stream — tooling decisions, pipeline patterns, and infrastructure standards, working in close collaboration with the Software Architect and Engineering Manager.
- Support and mentor Senior DevOps Engineers — review infrastructure designs and pipeline choices, and share knowledge to raise the team’s technical level.
- Engage the Software Architect on infrastructure design decisions — translate architectural requirements into deployment configurations and challenge architectural proposals where they create infrastructure complexity or reliability risk.
- Identify and proactively address infrastructure debt — flag reliability risks, pipeline bottlenecks, and configuration drift before they affect squad delivery. Bring solutions, not just signals.
Observability & Security
- Own infrastructure observability for the Agent Stream — cluster metrics, service health dashboards, alerting thresholds, and on-call runbooks. Define what infrastructure healthy looks like.
- Own secrets management and access controls using Azure Key Vault — integrated into both pipeline and runtime contexts across all Agent Stream environments.
- Ensure every agent service ships with the infrastructure instrumentation required for platform-level audit and tracing — structured logging, distributed tracing, and health endpoints built in from the start.
Who You Are
Kubernetes & Cloud Native — Primary Gate
- Production-grade Kubernetes in depth — cluster management, networking, storage, RBAC, resource policies, and workload troubleshooting under real production conditions. Has operated Kubernetes at scale, not just deployed workloads onto it.
- Helm — chart authoring, versioning, and management for complex multi-service deployments at the standard that others in the stream follow.
- Docker image build pipelines and Azure Container Registry — defines image tagging strategy, vulnerability gate policies, and ACR lifecycle management practices for the stream. Owns the standards; Senior DevOps Engineers execute within them.
- Terraform — infrastructure-as-code at module design level, not just execution. Plan/apply automation with approval gates, state management, and module reuse patterns.
CI/CD & Release Engineering — Primary Gate
- End-to-end CI/CD pipeline design and ownership — has defined pipeline standards for multi-squad environments, not just built pipelines for one team. Azure DevOps strongly preferred; GitHub Actions as a secondary tool.
- AI-aware pipeline design — understands that agent deployments require model version management, LLM observability routing, and confidence threshold configuration as first-class pipeline concerns.
- Release approval workflows and rollback procedures — including audit trail generation for compliance-grade deployments.
Experience
- Azure production depth — AKS (node pools, Azure CNI networking), Azure Container Registry (image tagging strategy, vulnerability gate policies), Azure Key Vault for secrets management in pipeline and runtime contexts, Azure Monitor for alerting, and Azure DevOps at pipeline depth. Azure certification is not required.
- Observability tooling — Prometheus, Grafana, or equivalent for infrastructure monitoring. Structured logging pipelines and distributed tracing (OpenTelemetry or equivalent).
- Security controls at infrastructure level — network policies, RBAC, and image scanning. Defines security scanning standards and tooling choices (Snyk, Checkmarx, or equivalent) for the stream; Senior DevOps Engineers implement within those standards. SAST/DAST pipeline integration is a governance responsibility, not a hands-on execution gate.
- Scripting and automation — Python or Bash at production depth. Does not accept manual processes where automation is viable.
- Database infrastructure operations — PostgreSQL deployment, backup, and recovery in a Kubernetes context.
- Istio service mesh — configure and operate Istio for Agent Stream services within the mesh architecture defined and owned by the Platform Team. Production hands-on experience required; mesh architecture design is not in scope for this role.
Awareness
- Agent service architecture — sufficient understanding of how AI agent services are structured to make sound infrastructure decisions and design AI-aware deployment pipelines without requiring full application context.
Nice to Have
- GitOps tooling — ArgoCD or Flux for declarative, Git-driven deployment management.
- Azure certification — AZ-400 (DevOps Engineer Expert) or AZ-104.
- Financial close or R2R domain familiarity.
What You’ll Learn & Gain
- Stream-level infrastructure ownership on a live AI agent platform — setting the standards and strategy that Senior DevOps Engineers and squad teams follow, with direct visibility into how your decisions shape the stream’s delivery capability.
- Deep hands-on experience designing and operating CI/CD pipelines for AI agent deployments — a discipline that is still being defined across the industry, in a SOX-governed environment where release quality and audit compliance are both non-negotiable.
- Technical leadership experience as a senior IC — supporting Senior DevOps Engineers, collaborating with the Software Architect on infrastructure design, and contributing to tooling and standards decisions across the stream.
- Full exposure to on-prem to Azure cloud migration at stream level — owning the sequencing and execution of a live migration for production agent services.
If you are a DevOps engineer who sets the standard for others, designs for reliability and compliance from first principles, and is ready to own the infrastructure strategy and technical direction for an enterprise AI agent stream — we encourage you to apply.
At our core, Trintechers stand committed to fostering a culture rooted in our core values – Humble, Empowered, Reliable, and Open. Together, these values guide our actions, define our identity, and inspire us to continuously strive for excellence in everything we do.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin or disability.