Tines - Senior Site Reliability Engineer - Government Cloud

• Building and operating the AWS GovCloud environment that will host Tines for federal customers — from foundational network architecture through to production-ready, assessment-ready infrastructure. • Designing and implementing repeatable infrastructure-as-code to provision dedicated customer environments. • Owning the container image pipeline for our government deployment — building, hardening, scanning, and promoting FIPS-compliant images through our CI/CD pipeline using AWS native tooling. • Identifying and fixing availability risks and monitoring gaps to ensure our government environments stay healthy, observable, and auditable. • Working closely with our assessment partners to produce the infrastructure documentation, architecture diagrams, and evidence needed for FedRAMP authorization — and being the person who can walk an assessor through every design decision. • Enabling product engineers to build new features that work seamlessly across our commercial and government environments: observability, logging, and simplifying deployments. • Defining how we separate compliance-restricted functions from day-to-day engineering operations so the team can ship code and respond to incidents without breaking the security boundary. • Supporting our self-hosted federal customers operating in our CMMC environment, including handling escalations and complex, long-running support cases as part of the team's on-call responsibilities. • Projects you might work on • Designing the infrastructure-as-code library for GovCloud customer provisioning — a repeatable process to stand up an isolated environment with all required AWS services pre-configured with FedRAMP-required encryption and logging. • Building the CI/CD pipeline that promotes container images from development through staging to GovCloud production, with vulnerability scanning gates and change control documentation baked into the workflow. • Creating operational runbooks for customer provisioning, incident response, patching, and disaster recovery that satisfy our assessment requirements. • Setting up monitoring dashboards and alarms that feed into a Tines tenant for automated incident triage — using our own product to operate our government infrastructure. • Building IAM structures and permission boundaries that let engineers deploy and debug in production while maintaining least-privilege access required for compliance. • Monitoring, scaling, and operating data services like OpenSearch in production — managing indexes and retention, tuning for performance, and building in-product tooling that surfaces cluster health and observability to the team. • Collaborating with our Product and Design teams to enable compliance-specific product features like smart card authentication and DNS security extensions. • Writing documentation that helps the broader engineering team understand how to build and test features in a compliance-regulated environment. • Is this the right role for you? • 5+ years in an infrastructure, DevOps, or cloud engineering role with meaningful time spent in AWS. Direct experience with AWS GovCloud is a strong plus, but deep AWS fluency with a willingness to navigate GovCloud's constraints is what matters most. • You have hands-on experience designing VPC architectures, configuring encryption at rest and in transit, and operating AWS native compute, database, and caching services in production under real workloads. • You've worked with infrastructure-as-code like CDK or Terraform in FedRAMP or CMMC environments, preferably supporting a customer-facing SaaS product. You'll be writing and maintaining the constructs that provision dedicated customer environments, so reusable IaC patterns for multi-account deployments are exactly the kind of thinking we need. • You understand what it takes to operate in a compliance-regulated environment. FedRAMP, FISMA, or similar experience is valuable — not because we need someone who's memorized NIST 800-53, but because you know what it means to build infrastructure where every design decision has to be documented, justified, and auditable. • You're comfortable with container image pipelines and hardening. You should be able to reason about base image provenance, vulnerability scanning, and what "hardened" actually means in practice. • You have good instincts for the boundary between "locked down for compliance" and "usable by engineering." A big part of this role is designing an environment where networking, certificates, and logging are restricted for compliance controls, while our engineering team can still deploy code, provision new customers, and respond to incidents without filing a ticket for every action. • You can write clearly. This role involves producing tech plans, runbooks, and operational documentation that will be reviewed during our FedRAMP assessment. If you've sat through a compliance assessment before and know how to answer assessor questions with evidence, that's a real advantage. • This role is broad, not specialized. While your main focus will be on our government cloud deployment, you'll work across our stack. You don't need expertise in every area, but you should be comfortable learning new technologies with the support of your teammates. We use Ruby, Rails, React, TypeScript, Postgres, Redis, and Kubernetes. • Target salary range: $210,000 - $220,000 + equity