Senior DevOps Engineer

About Trio

Triosoft is redefining how modern businesses manage endpoints, enforce compliance, and automate IT infrastructure. Our cloud-native and hybrid solutions span UEM, device security, and compliance automation—serving customers across AWS, Azure, GCP, DigitalOcean, and on-premises environments.

As we scale rapidly, we’re looking for an experienced, security-minded, and automation-driven Senior DevOps / Platform Automation Engineer to join our core platform team.

As a Senior DevOps / Platform Automation Engineer at Trio, you will own end-to-end automation of infrastructure provisioning, secure deployments, CI/CD pipelines, and observability—across multi-cloud and customer on-prem environments.

You will design and implement repeatable, auditable, and secure deployment workflows, embed security scanning (SAST/DAST/SCA) into pipelines, and enable engineering teams to ship safely and fast. This role requires deep experience in Ansible-driven automation, cloud networking/security, container infrastructure (Docker/Kubernetes), and production-grade monitoring/logging.

1) Automation & On-Prem Deployment Enablement

• Design and maintain automation frameworks to deploy Trio services in customer on-prem environments (air-gapped/restricted networks/custom policies).
• Build and maintain Ansible playbooks/roles for provisioning, configuration, hardening, and lifecycle operations (install/upgrade/rollback).
• Create standardized deployment blueprints for cloud, hybrid, and on-prem setups: pre-flight checks, health checks, and post-deploy validation.
• Implement robust upgrade orchestration, rollback flows, and dependency management for distributed services.

2) CI/CD & GitHub-based Delivery

• Architect and maintain CI/CD pipelines using GitHub Actions (or equivalent) with strong release governance.
• Implement release strategies: blue/green, canary, staged rollout, and automated rollback triggers.
• Build internal tooling for dev/staging/prod workflows, versioning, artifact publishing, and environment promotion.

3) DevSecOps & Security Automation (Mandatory)

• Embed SAST/DAST/SCA into CI/CD pipelines with gating policies and actionable reporting.
• Enforce secure SDLC controls: secrets management, dependency control, signed artifacts, and least-privilege access.
• Implement infrastructure security best practices: IAM, TLS, segmentation, bastion/VPN access, key rotation, and hardening baselines.
• Partner with engineering teams to define threat-aware deployment models for hybrid/endpoint-centric environments.

4) Observability & Reliability Engineering

• Build and operate monitoring/alerting: Prometheus, Grafana (plus endpoint/agent monitoring where needed).
• Operate logging/analytics using Elastic Stack (ELK) or compatible pipelines; define retention, indexing, and correlation standards.
• Improve platform reliability: SLO/SLI definition, incident runbooks, postmortems, and capacity planning.

5) Container & Platform Infrastructure

• Design and maintain container platforms using Docker and Kubernetes (or lightweight options like K3s where appropriate).
• Standardize deployment patterns (Helm/Kustomize where applicable), manage cluster security, and oversee upgrades.
• Maintain secure networking: DNS, reverse proxies, ingress, service discovery, and traffic policies.

• 6+ years in DevOps / SRE / Platform Engineering
• Strong Ansible automation experience (roles, inventories, hardening, lifecycle ops)
• Kubernetes & Docker (production deployments, security, upgrades)
• CI/CD & GitOps: GitHub Actions, ArgoCD
• Cloud platforms: AWS, GCP (Azure & DigitalOcean a plus)
• Monitoring & Logging: Prometheus, Grafana, Loki, ELK
• Scripting: Bash, Python (Go familiarity preferred)
• Strong understanding of networking, security, and microservices
• Fluent in English (written & spoken), strong documentation skills

• Air-gapped deployments & artifact mirroring strategies
• HashiCorp Vault (or equivalent) + PKI automation
• Supply chain security: SBOM, cosign signing, provenance (SLSA concepts)
• Policy-as-code (OPA/Gatekeeper) and Kubernetes security tooling