DevOps Engineer

DeepLight AI is a specialist AI and data consultancy with extensive experience implementing intelligent enterprise systems across multiple industries, with particular depth in financial services and banking. Our team combines deep expertise in data science, statistical modeling, AI/ML technologies, workflow automation, and systems integration with a practical understanding of complex business operations.

At DeepLight, we don't believe in "off-the-shelf" fixes. We deliver tailored AI solutions designed to integrate seamlessly into existing enterprise architectures, ensuring that innovation is both scalable and secure. From building robust data foundations to deploying sophisticated AI platforms, we empower our clients to lead in an increasingly automated world.

The DevOps Engineer owns the Agentic Workflow Automation (AWA) platform's deployment architecture, infrastructure-as-code (IaC), CI/CD pipelines, and continuous operational reliability. Operating within the AI Centre of Excellence (AICoE) at a Mid-level capacity, this position serves as the primary guardian of the cloud-native infrastructure within the bank's Azure UAE environment. The role ensures that every critical platform component—ranging from AKS namespaces and KEDA autoscalers to ADLS Gen2 storage lifecycles and firewall configurations—is entirely automated, secure, and reproducible strictly from code, eliminating manual interventions.

Your responsibilities as the DevOps Engineer include:

• Maintaining and governing all AWA Azure infrastructure utilizing Terraform or Bicep, covering multi-namespace AKS clusters, ADLS Gen2 accounts with WORM policies, API Management configurations, private endpoints, and Key Vault instances.
• Designing and optimising automated Azure DevOps pipelines managing the full lifecycle from container compilation, ACR pushing, and Notary v2 image signing, through to managed infrastructure deployments and validation testing gates.
• Managing multi-namespace AKS clusters, enforcing strict network policies, pod isolation, workload identities, and KEDA autoscaling rules based on active message queues or consumer lag.
• Overseeing container registries, enforce mandatory image signing, monitor vulnerability tracking outputs, and maintain admission control validation policies via OPA Gatekeeper.
• Administering access architectures, managed identity configurations, automated TLS certificate lifecycles, and cryptographic secret rotation schedules within Azure Key Vault.
• Constructing complex KQL queries and alerting conditions within Azure Monitor and Log Analytics to track service-level SLA breaches, runtime failures, and token utilization thresholds.
• Implementing platform security configurations, managing private connectivity endpoints, Azure Policy enforcement rules, and enterprise firewall architectures.
• Defining, implementing, and validating automated disaster recovery failover paths, maintaining target Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for storage accounts and model serving endpoints.

Requirements

We need you to have:

• A deep competence in building enterprise-grade, production-ready cloud architectures using infrastructure-as-code platforms (Terraform or Bicep).
• Technical mastery over Kubernetes (AKS) configuration, including Helm/Kustomize deployment engines, network policies, and cluster admission controls.
• Practical ability to implement automated horizontal scaling strategies using Kubernetes Event-Driven Autoscaling (KEDA) or equivalent streaming metrics.
• The capability to manage multi-stage, gated deployment pipelines across multi-environment setups using Azure DevOps or GitHub Actions.
• A solid understanding of enterprise network routing, including hub-and-spoke VNets, private link endpoints, network security groups, and cloud firewall boundaries.
• A minimum of 5 years of experience in dedicated DevOps, SRE, or Platform Engineering roles, with at least 2 years explicitly focused on Azure ecosystems.
• A documented history managing production Kubernetes deployments, implementing automated RBAC, policy layers, and namespace segmentation.
• Experience writing advanced KQL (Kusto Query Language) expressions to parse logs and feed operational dashboards.
• Hold a Bachelor's degree in Computer Science, Systems Engineering, or a related technical discipline.

It would also be great if you:

• Are proficient with Kubernetes Workload Identity, managed identity architectures, and Azure Key Vault access security profiles.
• Are familiar with Azure AI Foundry and API Management platforms, specifically controlling token consumption quotas, routing, and rate limits.
• Are familiar with Azure Event Hubs or Kafka consumer groups, alongside immutable ADLS Gen2 storage structure management.
• Hold an active Azure Administrator Associate (AZ-104), Azure DevOps Engineer Expert (AZ-400), or Certified Kubernetes Administrator (CKA) designations.

Benefits

The benefits you'll enjoy as part of this role include:

• Competitive salary
• Comprehensive personal health insurance
• Visa Sponsorship for the successful individual
• Professional development and certification support
• Subscription reimbursement relating to your role
• Opportunity to work on cutting-edge AI projects
• Monthly Employee Incentive program
• Career advancement opportunities in a rapidly growing AI company
  

This position offers a unique opportunity to shape the future of AI implementation while working with a talented team of professionals at the forefront of technological innovation. The successful candidate will play a crucial role in driving our company's success in delivering transformative AI solutions to our clients.

At DeepLight AI, we recognise that diversity drives innovation. We are committed to fostering an inclusive environment where individuals with different thinking styles can thrive and contribute their unique strengths to our specialised AI and data solutions.

Our goal is to ensure our application and interview process is accessible, predictable, and fair for all candidates.

If you require any specific adjustments to the application process, or if you require any reasonable adjustments should you be successful in being processed to the interview stage, please do let us know. This information will be kept strictly confidential and will not impact hiring decisions.