Job Details

About Bastion Bastion enables financial institutions and enterprises to issue regulated stablecoins, generate revenue on reserves, and expand their ecosystems. Bastion's platform combines stablecoin issuance, secure custody, and seamless orchestration for cross-border transfers, on/off-ramps, and stablecoin conversions. With Bastion's platform and APIs, businesses can create and scale their stablecoin network, while optimizing revenue, compliance, and control.You can check out our Guide for Candidates here to learn more about our work.Work to Be Done Instead of a list of requirements, we want to give you a directional look into the first 30, 90, and 180 days on the job.We are a startup, so the pace is fast and the specific work will change. You need to be okay with that.If you think this is something you can handle, we will be excited to speak with you.We are open to US remote and have an office in New York City.First 30 days: Learn the infrastructure, ship confidently Ramp on AWS architecture, Terraform patterns, Kubernetes setup, CI/CD pipelines, and observability stackShip a small infrastructure improvement: Terraform module refactor, monitoring enhancement, or CI/CD optimizationAdd runbooks, alerts, or documentation for the infrastructure areas you touchOutcomesMultiple safe infrastructure changes deployed with verificationYou understand our core infrastructure patterns and can navigate Terraform, K8s, and AWS resourcesUpdated documentation and/or infrastructure-as-code improvements that help the teamBy 90 days: Own an infrastructure domain and raise the bar Take ownership of an infrastructure area: CI/CD pipelines, observability stack, Kubernetes platform, or AWS security/networkingLead a medium-scope project: implementing a reusable Terraform module, right-sizing service resources, or improving deployment reliabilityStrengthen system reliability with better metrics, alerts, autoscaling policies, and failure recovery mechanismsOutcomesA delivered infrastructure improvement that enhances reliability, reduces cost, or improves developer velocityYou're a go-to person for your infrastructure domainBy 180 days: Drive platform-wide impact Lead a platform-wide initiative: single immutable image pipeline, infrastructure standardization, database performance optimization, or security hardeningShape infrastructure direction with design docs, RFC proposals, and mentoring engineering teamsPartner with engineering, security, and compliance teams to make pragmatic tradeoffs on reliability, cost, and regulatory requirementsOutcomesA multi-sprint infrastructure delivery that improves system-wide reliability, security, or developer experienceClear before/after improvements in deployment speed, cost efficiency, or operational stabilityPatterns and tooling that enable engineers to ship faster and saferSome problems you might work on Building reusable Terraform modules that standardize service deployment patterns across dev, sandbox, and prodImplementing single immutable image pipelines with built-in security scanning and promotion workflowsRight-sizing Kubernetes workloads and autoscaling policies to reduce cost while maintaining reliabilityDesigning and implementing database monitoring and performance optimization strategiesHardening AWS infrastructure with security best practices: IAM policies, network segmentation, secrets management, and audit loggingBuilding observability infrastructure that gives engineers fast feedback on system health and performanceImproving CI/CD reliability and speed through better caching, parallelization, and failure handlingOur typical stack Languages: Go and TypeScript/Node.js; some services in Rust as neededInfrastructure-as-Code: TerraformCloud & Compute: AWS (ECS, EKS, Lambda, EC2), Kubernetes, DockerCI/CD: GitHub Actions, container registries, automated testing and deployment pipelinesData: Postgres (RDS), Redis, Kafka, SnowflakeWorkflow Management: TemporalSecurity: AWS Nitro Enclaves for hardware-backed key isolation, IAM policies, secrets managementObservability: Datadog, Grafana, Sentry, CloudWatchIncident Management: Incident.ioBastion provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, and placement. Bastion participates in E-Verify to authorize eligibility of employment in the United States.