Devops Engineer
Senior Infrastructure Engineer responsible for designing, deploying, and maintaining scalable cloud infrastructure on AWS, using Terraform, Kubernetes, and Docker, while implementing robust CI/CD pipelines and ensuring high availability, security, and performance for public‑impact digital services.
Job Title: Senior Infrastructure Engineer Location: 100% Remote - anywhere in the Continental U.S. Salary: $163,000/year Note: All advertised positions are salaried and full-time.
About us
We are Friends From The City , a design and technology company focused on public impact and equity. We believe that inclusive design and accessible technology are essential to a just society. Every person we hire brings a distinct perspective, and we celebrate that.
Our mission is to make digital interactions with the government simple, intuitive, and accessible. That means removing barriers like confusing user flows, inaccessible content, or language limitations that prevent people from getting what they need.
We use human-centered design, thoughtful research, and well-crafted, reliable code to build digital products that work for everyone.
Why this role exists
A state government agency is moving the systems that process financial aid for hundreds of thousands of students onto a modern cloud platform. Today, that work runs on aging on-premises systems: a DB2 mainframe, SQL Server, file servers, and an identity service staff log into every day. The new cloud platform does not yet exist in a form anyone can trust with citizens' financial data. Building it, securing it, and proving it is safe is this job.
You'll build the foundation the application teams rely on. When a developer ships a service, it runs on infrastructure you designed. When an auditor asks how this system is allowed to hold sensitive data at all, the answer is the security work you did.
Requirements
The work you'll actually do
You'll design and run the agency's cloud environment in a government cloud tenant, with separate Dev, Test, Staging, and Production setups. You'll build them as code with Terraform or OpenTofu, so they stay consistent and reproducible.
The hardest part is the seam between the new cloud and the old on-premises world. The cloud has to reach back to systems that still run on-premises, like the mainframe and the agency's identity provider, over a private network link. That connection has to be encrypted, locked down, and routed correctly. A real part of the job is the day a new service can't reach something on-premises, and you have to trace the whole path to find where the traffic is dying.
You'll own the cloud directory, user accounts, and role-based access (Active Directory and Entra ID), which connect to the agency's identity provider. You'll build the CI/CD pipelines in GitHub Actions that let teams deploy safely, integrated with the Azure environment. You'll run containerized workloads with Docker, handle encryption in transit and at rest, and configure firewalls across the cloud and on-premises boundary. You'll keep the monitoring and disaster-recovery posture that holds a public-facing system up.
This system needs a documen
Posted June 21, 2026