Position Overview Help shape the heart of CiP by owning reliability, release engineering, and cloud infrastructure from the ground up. This is a hands‑on role designing secure, compliant‑by‑default environments on Azure, building robust CI/CD, and codifying everything with IaC. You’ll partner across teams to ship fast and safely, establishing observability, incident response, and strong SDLC guardrails as we launch Beta and scale to production. This is an opportunity to grow impact at an exciting startup from the start. You’ll work closely with the CTO and CEO to shape CiP’s platform and delivery strategy.

About StonesAI We’re revolutionizing compliance automation through our Compliance Intelligence Platform (CiP), which uses a multi-agent AI architecture to automate up to 70% of compliance tasks with human-in-the-loop controls and full audit trails. We are about to launch our Beta with an initial focus on government contractors and enterprises pursuing SOC 2, CMMC, and NIST CSF. CiP’s control-level mapping lets one piece of evidence satisfy multiple frameworks, and our usage-based pricing removes per‑framework friction.

Details About The Position

Responsibilities

• Design, provision, and operate Azure infrastructure for CiP (networking, compute, storage, secrets, messaging)
• Build CI/CD (GitHub Actions) for backend (FastAPI) and worker services (Docker images to Azure Container Registry, deploy to Azure Container Apps/AKS)
• Manage IaC with Terraform and Helm; implement environment strategies and secrets via Key Vault.
• Establish observability (logs/metrics/traces), cost controls, backup/restore, and runbooks; drive reliability (SLOs/alerts)
• Partner on data layer operations (Azure PostgreSQL, migrations via Alembic) and security-by-design
• Contribute to security controls aligned to SOC 2/NIST CSF (least privilege, encryption at rest/in transit, change management)

Must-Haves

• Strong Azure experience (at least several of: Azure Container Registry, Container Apps or AKS, Key Vault, Storage/Blob, Service Bus, Virtual Networks, Static Web Apps)
• CI/CD expertise with GitHub Actions (build, scan, push, deploy, rollout/rollback)
• Infrastructure as Code: Terraform (azurerm); comfortable with modularization, state, and policy guardrails
• Containers/Docker; image hardening and vulnerability scanning (e.g., Trivy) and supply-chain basics (SBOMs, provenance)
• Relational databases (PostgreSQL): connection management, migration workflows (Alembic), and operational hygiene
• Solid scripting (Bash/Python) and systems fundamentals; incident response and on-call practices

Nice-to-Haves

• Experience preparing for or operating under SOC 2, ISO 27001, or similar frameworks
• Encryption and key management patterns (KMS, envelope encryption, secrets rotation)
• Observability stacks (Azure Monitor/App Insights/Log Analytics, OpenTelemetry) and cost optimization
• Zero-downtime deploys, blue/green or canary strategies; traffic management
• Startup experience; comfort with ambiguity and bias for action