Lead DevOps Engineer

At David Zwirner we look to be an industry leader in our field with our artists at the center of what we do. Our global exhibition program expands beyond our locations in New York London Los Angeles Hong Kong and Paris representing seventy artists and estates. Home to innovative singular and pioneering exhibitions across a variety of media and genres. Active in both the primary and secondary markets David Zwirner has helped foster the careers of some of the most influential artists today.

About the Opportunity

Lead DevOps Engineer

David Zwirner seeks an experienced and strategic Lead DevOps Engineer to guide the maturation of our infrastructure and provide coverage across European time zones (UTC to UTC 3). This role emphasizes technical leadership strategic planning and team mentorship. You will be responsible for enhancing the security reliability and resilience of our cloud footprint: primarily AWS with additional environments including Azure GCP Alibaba Cloud Databricks and Vercel.

As the leader of the DevOps function you will define and execute the strategic roadmap while remaining handson with your team. Were seeking a pragmatic leader who will take full ownership of our infrastructure systematically address technical debt and champion a culture of operational excellence and security. Candidates must be diligent extremely organized and possess excellent prioritization and communication core engineering team operates on New York hours so this position will play a key leadership and coverage role for EMEA.

What youll do:

• Leadership: Lead direction and mentor for the DevOps team; set technical direction for infrastructure and security; foster a culture of ownership reliability and continuous improvement.
• Roadmap Ownership & Strategy: Define own and drive the Infrastructure & Security Roadmap prioritizing infrastructure ownership profound monitoring disaster recovery developer experience and security hardening.
• Infrastructure as Code (IaC): Inventory and capture unmanaged resources in Terraform (and CDK/SST where required); create reusable modules and guardrails; institute code reviews and change management.
• Platform Operations (AWSfirst): Design and operate services built on ECS (Fargate) ECR RDS ElastiCache S3 ALB/CloudFront WAF Lambda EventBridge CloudWatch; improve networking IAM and resilience.
• Resilience & Reliability: Modernize critical workloads; design and run disaster recovery drills; automate backups/restore; codify RPO/RTO targets and runbooks; lead incident response and postmortems.
• Observability & OnCall: Standardize monitoring/alerting with Datadog CloudWatch Sentry PagerDuty; implement SLOs and noisereduction baselines; maintain a humane oncall rotation.
• Security Hardening: Mature the configuration and rollout of tools like Jit and CrowdStrike; improve firewall/WAF rules; enforce secrets management and leastprivilege access; champion threat modeling and automated scanning.
• Collaboration & Governance: Serve as a key technical voice on the Architecture Review Board; partner with Product and Engineering to align solutions with operational standards and business goals.

What you need to have:

• Legal authorization to work in the UK.
• Track record in a senior/lead DevOps SRE or Platform role including mentorship of engineers.
• Expertlevel Terraform (including importing existing resources and taming legacy estates).
• Deep handson experience with AWS (ECS RDS ElastiCache Lambda ALB WAF S3 CloudFront EventBridge CloudWatch) and production networking/IAM.
• Proven design and maintenance of CI/CD pipelines (GitHub Actions) and container workflows (Docker ECS Fargate or Kubernetes).
• Proficiency with modern observability/monitoring (Datadog CloudWatch Sentry PagerDuty) incident response and incident retrospectives.
• Strong background in cloud security principles and practical hardening.
• Ability to define and execute a technical roadmap and communicate with both technical and nontechnical stakeholders.

What we would like you to have:

• Experience with GCP Azure Alibaba Cloud and managed platforms (Databricks Vercel).
• Familiarity with SST/CDK delivery flows and performance considerations for web platforms.
• VPN/zerotrust networking (e.g. Tailscale); perimeter hardening and WAF tuning.

Please submit a resume and cover letter and be prepared to provide three (3) professional references upon request.