Senior DevOps & Security Engineer

We’re hiring a Senior DevOps and Security Engineer for Ezra Climate - a fast-growing US-based startup that’s building tools to simplify and accelerate climate financing. Backed by top-tier investors, Ezra operates at the intersection of technology, finance, and climate action, with a mission to help individuals and businesses invest in projects that benefit the planet.

As the new Senior DevOps & Security Engineer, you’ll play a critical role in building secure, scalable infrastructure and ensuring development and deployment pipelines are robust, efficient, and compliant. You'll work closely with engineering, product, and security teams to lay the groundwork for reliable and auditable technical systems from day one.

⚠️ Please Note

We are hiring engineers located in Belarus only or those relocated to the LATAM region.

The team operates on a US time zone, so you’ll need to work approximately from 18:00 to 4:00 Minsk time (GMT+3),

Please make sure this schedule fits your availability before applying.

What You’ll Do:

• Design, build, and manage secure cloud infrastructure using Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible.
• Create and maintain secure CI/CD pipelines (e.g., GitHub Actions, GitLab CI) with integrated security gates and automated tooling (SAST, DAST, dependency scanning).
• Build comprehensive monitoring and logging systems using Prometheus, Grafana, Datadog, and integrate with SIEM platforms (e.g., Splunk, Elastic).
• Implement and automate compliance-focused controls aligned with SOC 2, ISO 27001, and other frameworks.
• Manage secrets securely throughout their lifecycle using tools like AWS KMS, HashiCorp Vault, or Supabase Vault.
• Enforce robust cryptographic standards, including TLS setup, encryption in transit, and vendor encryption verification.
• Design and apply fine-grained IAM and RBAC policies based on least privilege principles.
• Perform technical due diligence on third-party services to validate security alignment with company standards.
• Ensure cloud and network security across multi-account AWS/GCP environments, including services like VPCs, Security Groups, IAM, AWS WAF, and GuardDuty.
• Develop and maintain incident response and disaster recovery plans, including automated backups, restores, and failover strategies.
• Optimize infrastructure for performance, scalability, reliability, and cost, applying best practices for cloud architecture and resource management.

What We’re Looking For:

• 5+ years of hands-on DevOps or infrastructure engineering experience.
• Deep expertise in cloud environments (AWS, GCP) and modern security practices.
• Strong proficiency with IaC tools (Terraform, CloudFormation, Ansible).
• Proven track record of building secure, automated CI/CD pipelines.
• Experience implementing observability stacks (monitoring, logging, alerting).
• Hands-on experience with secrets management, cryptography, and IAM.
• Familiarity with compliance standards (SOC 2, ISO 27001) and automating related controls.
• Strong analytical mindset with a bias toward reliability, security, and performance.
• Excellent communication and collaboration skills in cross-functional teams.
• Ability to freely communicate in English - Upper-intermediate level at least.

What We Offer:

• Competitive compensation
• English-speaking environment
• Opportunities for rapid career development in a hyper-growth startup
• Sponsored career development
• English lessons
• Sport compensation
• Medical + Dental insurance
• Cool office in the city center
• Additional 3 paid sick days
• Flexible work start time
• Coffee, fruits, snacks, etc.
• Gifts on birthdays, holidays and special occasions
• Lots of unforgettable team-building events

____________________________________________________________