IT and DevOps Engineer

About The Role:

Codup is a software product and technology company delivering solutions across e-commerce SaaS and enterprise verticals. We are ISO 27001 and ISO 27701 certified and work with clients ranging from Shopify merchants to enterprise platforms.

We are looking for a Senior IT & DevOps Engineer who takes end-to-end ownership of our infrastructure and IT operations. You will manage cloud and server environments including client-facing infrastructure across multiple hosting platforms while also keeping our internal network IT assets and SaaS tools running cleanly and securely.

This role is for someone who builds proper systems catches problems before anyone else does and treats every environment they manage with the same level of care. You will work closely with the delivery and leadership teams and have direct visibility into how the organisation operates.

It is a senior individual contributor position today with a natural path toward leading an IT & DevOps team as Codup grows.

Core Responsibility:

1. Network & Firewall Management

You will own the internal network infrastructure end-to-end configuration monitoring and security.

• Configure manage and monitor pfSense firewall rules VLANs NAT and VPN to maintain at least 95% network uptime.
• Administer and troubleshoot WAN/LAN network infrastructure including routing and switching.
• Manage Unifi Access Points and wireless environments across the organisation.
• Monitor network health proactively diagnose and resolve connectivity issues before they impact teams.
• Enforce network security policies and conduct regular access audits and reviews.
• Implement and maintain early detection systems for connectivity issues and network anomalies.

2. Server & Cloud Infrastructure

You will manage Codups Cloud as well as On-prem server infrastructure alongside client environments a mix of cloud accounts and direct server access across multiple hosting platforms.

• Manage Linux server infrastructure provisioning hardening performance tuning and ongoing maintenance.
• Manage AWS cloud services including EC2 S3 Route 53 and related resources for internal workloads.
• Administer client hosting environments across platforms including cPanel/WHM WP Engine Liquid Web and others depending on client stack.
• Ensure all servers are patched updated and hardened on a consistent defined schedule 100% compliance each patch cycle.
• Handle website migrations between hosting environments with minimal downtime and zero data loss.
• Troubleshoot and resolve email delivery issues including SPF DKIM DMARC and blacklisting.
• Manage DNS configurations SSL certificates and domain-level settings across internal and client environments.
• Maintain server documentation access logs and environment records for all managed infrastructure.

3. Monitoring Alerting & Incident Response

Incidents should be caught and resolved internally before clients or teams feel the impact. That is the standard here.

• Set up configure and maintain Zabbix for real-time infrastructure monitoring and alerting across all environments.
• Build dashboards and alert thresholds that surface issues early not after they become outages.
• Own incident response end-to-end: detect investigate resolve document root cause and prevent recurrence.
• Maintain an incident log with clear resolution timelines and post-incident summaries.
• Respond to critical infrastructure issues within 2 hours with clear internal communication throughout.
• Ensure 90% of incidents are caught and actioned internally before any client escalation.

4. CI/CD Pipelines & Delivery Support

Implement and maintain the Jenkins CI/CD pipelines GitHub & Bitbucket for version control. You will own the pipeline infrastructure that keeps delivery teams unblocked.

• Build maintain and continuously improve Jenkins CI/CD pipelines for automated builds testing and deployments.
• Manage Bitbucket repositories branching configurations access controls and integration with Jenkins.
• Ensure pipelines run reliably 99% availability with fast resolution when failures occur.
• Automate build test and deployment steps to reduce manual effort and lower deployment risk.
• Work with engineering leads on environment management release processes and deployment standards.
• Manage production deployments with a target of 95% success rate without rollback or emergency fixes.

5. Security & ISO Compliance

Security is a continuous responsibility here not a quarterly task. Codup is ISO 27001 and ISO 27701 certified and that standard needs to be maintained year-round.

• Standardize access request and permissions management; all provisioning must follow a documented approved workflow with zero ad-hoc access grants.
• Implement and maintain standardised secrets and credentials management; no API keys or passwords shared via chat email or informal channels.
• Maintain ISO 27001 and ISO 27701 compliance evidence every quarter 100% of applicable controls updated each quarter without exception.
• Proactively identify and close security gaps; the goal is continuous readiness not last-minute audit preparation.
• Support internal and external ISO audits with complete accurate and up-to-date documentation.
• Enforce network security policies conduct regular access reviews and manage role-based access controls across all systems.

6. IT Operations & Asset Management

You will run IT operations for the entire organization. These processes need to be structured trackable and consistent no workarounds no informal approvals.

• Design build and operate a centralized approval workflow for all internal IT requests.
• Ensure at least 90% of requests include complete data: approver action timestamps and final status.
• Maintain a real-time admin view covering submitted pending approved rejected overdue and completed requests.
• Manage the full hardware lifecycle procurement assignment tracking and retirement with a clearly maintained asset register.
• Reconcile the asset register quarterly with zero unresolved discrepancies.
• Identify outdated or underperforming hardware proactively and raise replacement recommendations before it impacts productivity.
• Handle endpoint setup and configuration for new joiners as part of the standard onboarding workflow.
• Maintain IT budgets efficiently for the fiscal year.

7. SaaS Tools & Google Workspace Administration

You will own the full internal tools stack from Google Workspace administration to subscription governance.

• Administer Google Workspace (Gmail Drive Meet Admin Console) for all organization users including provisioning permissions and group management.
• Manage Jira and Bitbucket administration alongside the wider SaaS subscriptions stack.
• Ensure subscriptions/tools are activated or renewed with prior documented business justification and budget sign-off.
• Maintain a live inventory of all software tools licenses costs and renewal dates no surprise renewals.
• Onboard and offboard users across all tools as part of the standard HR workflow no ghost accounts.

Requirments:

Must Have

• 7 years of hands-on experience in a role covering both DevOps/infrastructure and IT operations not purely one or the other.
• Proven experience with pfSense firewall configuration and management rules VLANs NAT and VPN.
• Linux server management experience provisioning hardening performance tuning and day-to-day maintenance.
• Experience managing servers across multiple hosting environments AWS cPanel/WHM WP Engine Liquid Web or similar platforms. You work with whatever stack the client has.
• Jenkins CI/CD experience building maintaining and troubleshooting pipelines for automated builds and deployments.
• Bitbucket for version control repository management and access configuration.
• Hands-on experience with Zabbix or equivalent monitoring tools setting up real-time alerting not just reading dashboards.
• Google Workspace administration user provisioning Admin Console Gmail Drive and group management.
• Email delivery troubleshooting SPF DKIM DMARC configuration and blacklisting resolution.
• Network management WAN/LAN routing switching VPN and Unifi Access Points.
• Good working knowledge of ISO 27001 requirements you understand what maintaining compliance actually involves in practice.
• IT asset management hardware lifecycle tracking reconciliation and procurement processes.
• Identity and access management standardised provisioning role-based access control and clean offboarding.
• Strong documentation habits SOPs runbooks and incident reports that other people can follow without asking you questions.

Nice to Have

• ISO 27001 Lead Implementer or Auditor certification.
• Experience with secrets management tools such as HashiCorp Vault or AWS Secrets Manager.
• Familiarity with infrastructure as code tools Terraform or Ansible.
• Experience with code quality scanning tools like SonarQube in CI pipelines.
• AWS Solutions Architect or equivalent cloud certification.
• Scripting skills in Bash or Python for automation and operational tasks.
• Background in a software services company managing both internal and client infrastructure simultaneously.