About The Role:

Codup is a software product and technology company delivering solutions across e-commerce, SaaS, and enterprise verticals. We are ISO 27001 and ISO 27701 certified and work with clients ranging from Shopify merchants to enterprise platforms.

We are looking for a Senior IT & DevOps Engineer who takes end-to-end ownership of our infrastructure and IT operations. You will manage cloud and server environments, including client-facing infrastructure across multiple hosting platforms, while also keeping our internal network, IT assets, and SaaS tools running cleanly and securely.

This role is for someone who builds proper systems, catches problems before anyone else does, and treats every environment they manage with the same level of care. You will work closely with the delivery and leadership teams and have direct visibility into how the organisation operates.

It is a senior individual contributor position today, with a natural path toward leading an IT & DevOps team as Codup grows.

Core Responsibility: 

1. Network & Firewall Management

You will own the internal network infrastructure end-to-end, configuration, monitoring, and security.

• Configure, manage, and monitor pfSense firewall rules, VLANs, NAT, and VPN to maintain at least 95% network uptime.
• Administer and troubleshoot WAN/LAN network infrastructure, including routing and switching.
• Manage Unifi Access Points and wireless environments across the organisation.
• Monitor network health proactively, diagnose and resolve connectivity issues before they impact teams.
• Enforce network security policies and conduct regular access audits and reviews.
• Implement and maintain early detection systems for connectivity issues and network anomalies.

2. Server & Cloud Infrastructure

You will manage Codup's Cloud as well as On-prem server infrastructure alongside client environments, a mix of cloud accounts, and direct server access across multiple hosting platforms.

• Manage Linux server infrastructure, provisioning, hardening, performance tuning, and ongoing maintenance.
• Manage AWS cloud services, including EC2, S3, Route 53, and related resources for internal workloads.
• Administer client hosting environments across platforms, including cPanel/WHM, WP Engine, Liquid Web, and others, depending on client stack.
• Ensure all servers are patched, updated, and hardened on a consistent, defined schedule — 100% compliance each patch cycle.
• Handle website migrations between hosting environments with minimal downtime and zero data loss.
• Troubleshoot and resolve email delivery issues, including SPF, DKIM, DMARC, and blacklisting.
• Manage DNS configurations, SSL certificates, and domain-level settings across internal and client environments.
• Maintain server documentation, access logs, and environment records for all managed infrastructure.

3. Monitoring, Alerting & Incident Response

Incidents should be caught and resolved internally before clients or teams feel the impact. That is the standard here.

• Set up, configure, and maintain Zabbix for real-time infrastructure monitoring and alerting across all environments.
• Build dashboards and alert thresholds that surface issues early, not after they become outages.
• Own incident response end-to-end: detect, investigate, resolve, document root cause, and prevent recurrence.
• Maintain an incident log with clear resolution timelines and post-incident summaries.
• Respond to critical infrastructure issues within 2 hours, with clear internal communication throughout.
• Ensure 90%+ of incidents are caught and actioned internally before any client escalation.

4. CI/CD Pipelines & Delivery Support

Implement and maintain the Jenkins CI/CD pipelines, GitHub & Bitbucket for version control. You will own the pipeline infrastructure that keeps delivery teams unblocked.

• Build, maintain, and continuously improve Jenkins CI/CD pipelines for automated builds, testing, and deployments.
• Manage Bitbucket repositories, branching configurations, access controls, and integration with Jenkins.
• Ensure pipelines run reliably, 99%+ availability with fast resolution when failures occur.
• Automate build, test, and deployment steps to reduce manual effort and lower deployment risk.
• Work with engineering leads on environment management, release processes, and deployment standards.
• Manage production deployments with a target of 95%+ success rate without rollback or emergency fixes.

5. Security & ISO Compliance

Security is a continuous responsibility here, not a quarterly task. Codup is ISO 27001 and ISO 27701 certified, and that standard needs to be maintained year-round.

• Standardize access request and permissions management; all provisioning must follow a documented, approved workflow with zero ad-hoc access grants.
• Implement and maintain standardised secrets and credentials management; no API keys or passwords shared via chat, email, or informal channels.
• Maintain ISO 27001 and ISO 27701 compliance evidence every quarter, 100% of applicable controls updated each quarter without exception.
• Proactively identify and close security gaps; the goal is continuous readiness, not last-minute audit preparation.
• Support internal and external ISO audits with complete, accurate, and up-to-date documentation.
• Enforce network security policies, conduct regular access reviews, and manage role-based access controls across all systems.

6. IT Operations & Asset Management

You will run IT operations for the entire organization. These processes need to be structured, trackable, and consistent, no workarounds, no informal approvals.

• Design, build, and operate a centralized approval workflow for all internal IT requests.
• Ensure at least 90% of requests include complete data: approver action, timestamps, and final status.
• Maintain a real-time admin view covering submitted, pending, approved, rejected, overdue, and completed requests.
• Manage the full hardware lifecycle, procurement, assignment, tracking, and retirement, with a clearly maintained asset register.
• Reconcile the asset register quarterly with zero unresolved discrepancies.
• Identify outdated or underperforming hardware proactively and raise replacement recommendations before it impacts productivity.
• Handle endpoint setup and configuration for new joiners as part of the standard onboarding workflow.
• Maintain IT budgets efficiently for the fiscal year.

7. SaaS Tools & Google Workspace Administration

You will own the full internal tools stack, from Google Workspace administration to subscription governance.

• Administer Google Workspace (Gmail, Drive, Meet, Admin Console) for all organization users, including provisioning, permissions, and group management.
• Manage Jira and Bitbucket administration alongside the wider SaaS subscriptions stack.
• Ensure subscriptions/tools are activated or renewed with prior documented business justification and budget sign-off.
• Maintain a live inventory of all software tools, licenses, costs, and renewal dates, no surprise renewals.
• Onboard and offboard users across all tools as part of the standard HR workflow, no ghost accounts.

Requirments:

Must Have

• 7+ years of hands-on experience in a role covering both DevOps/infrastructure and IT operations, not purely one or the other.
• Proven experience with pfSense firewall configuration and management rules, VLANs, NAT, and VPN.
• Linux server management experience provisioning, hardening, performance tuning, and day-to-day maintenance.
• Experience managing servers across multiple hosting environments, AWS, cPanel/WHM, WP Engine, Liquid Web, or similar platforms. You work with whatever stack the client has.
• Jenkins CI/CD experience building, maintaining, and troubleshooting pipelines for automated builds and deployments.
• Bitbucket for version control, repository management, and access configuration.
• Hands-on experience with Zabbix or equivalent monitoring tools, setting up real-time alerting, not just reading dashboards.
• Google Workspace administration user provisioning, Admin Console, Gmail, Drive, and group management.
• Email delivery troubleshooting, SPF, DKIM, DMARC configuration, and blacklisting resolution.
• Network management WAN/LAN, routing, switching, VPN, and Unifi Access Points.
• Good working knowledge of ISO 27001 requirements, you understand what maintaining compliance actually involves in practice.
• IT asset management, hardware lifecycle tracking, reconciliation, and procurement processes.
• Identity and access management standardised provisioning, role-based access control, and clean offboarding.
• Strong documentation habits, SOPs, runbooks, and incident reports that other people can follow without asking you questions.

Nice to Have

• ISO 27001 Lead Implementer or Auditor certification.
• Experience with secrets management tools such as HashiCorp Vault or AWS Secrets Manager.
• Familiarity with infrastructure as code tools — Terraform or Ansible.
• Experience with code quality scanning tools like SonarQube in CI pipelines.
• AWS Solutions Architect or equivalent cloud certification.
• Scripting skills in Bash or Python for automation and operational tasks.
• Background in a software services company managing both internal and client infrastructure simultaneously.