Job Title

Azure Kubernetes Service (AKS) & Infrastructure Engineer Location: Toronto, ON (4 Days onsite per week) Term: Full Time Job Description Azure Kubernetes Service (AKS) & Infrastructure Cluster Management: Architect and manage secure AKS clusters, handling upgrades, node scaling, and networking (VNet integration, Azure CNI). Deployment Automation: Design and maintain Helm charts to deploy the vendors JBoss-based application. Manage different environments (Dev, QA, Prod) using Helm values and versioning. Ingress & Networking: Configure Azure Application Gateway (AGIC) or NGINX ingress controllers to securely expose AML services, managing WAF policies to protect against web vulnerabilities. 2. Application Runtimes (JBoss/Java) JBoss Administration: Tune JBoss Enterprise Application Platform (EAP) configuration for containerized environments. Optimize heap sizes, garbage collection, and thread pools for high-throughput transaction processing. Observability: Implement monitoring using Azure Monitor and Prometheus/Grafana to track JVM metrics (heap usage, active threads) and pod health. 3. Database Management (PostgreSQL) Database Deployment: Manage PostgreSQL instances (either Azure Database for PostgreSQL or containerized HA clusters like Patroni/Crunchy Data) to support the application. Performance Tuning: Analyze and optimize database performance, including connection pooling (PgBouncer), vacuum settings, and query analysis for high-volume AML datasets. Resiliency: Design and test Backup/Restore procedures and Disaster Recovery (DR) strategies to ensure zero data loss. 4. Security & Compliance Secrets Management: Eliminate hardcoded credentials by integrating Azure Key Vault with AKS (using CSI drivers or Workload Identity) to manage JBoss data sources and database passwords. Network Security: Implement strict Network Policies within Kubernetes to isolate the AML workload and restrict pod-to-pod communication. Compliance: Ensure the infrastructure meets banking regulatory standards (encryption at rest/transit, role-based access control, and audit logging).