Job description

Aspire Software is looking for a DevOps Engineer to join our team in Lebanon.
Here is a little window into our company: Aspire Software operates and manages wholly owned software companies, providing mission-critical solutions across multiple verticals.
By implementing industry best practices, Aspire delivers a time sensitive integration process, and the operation of a decentralized model has allowed it to become a hub for creating rapid growth by reinvesting in its portfolio.
Key Responsibilities Cloud Infrastructure Operate and improve the AWS infrastructure including EC2, ECS, Lambda, RDS, ElastiCache, SQS, IAM, VPC, networking, Cloudflare, and Route 53.
Drive Infrastructure as Code maturity.
Terraform is in use today; bring it to a state where every change to production goes through reviewed, version-controlled IaC.
Right-size the environment.
AWS Reserved Instances and a heavy resource footprint mean there is real money on the table - identify, propose, and execute the savings.
Establish a defensible backup, restore, and disaster recovery posture.
Set and test RTO and RPO targets.
Run restore drills, not just backup jobs.
Move monitoring from reactive CloudWatch alarms to real observability - APM, structured logging, per-tenant performance visibility, and alerts that wake people up for the right reasons.
Manage the on-premise to cloud bridge that connects the Clubspeed client to the cloud via Amazon SQS - keep it healthy and look for ways to simplify it over time.
CI/CD and Developer Experience Own GitHub Actions across Clubspeed (.
NET, Node.js, React, Next.
js) and Resova (PHP / Laravel, Angular, MySQL).
Build pipelines that are fast, predictable, and trusted by the team.
Bake quality and security gates into the pipeline - unit and integration tests, SAST, DAST, dependency scanning, SBOM generation, license checks, container scanning, and secrets detection.
Lead the move away from long-lived credentials in repos.
Stand up real secrets management (AWS Secrets Manager, GitHub OIDC, or equivalent) and rotate everything that needs rotating.
Security and Compliance Lead the PCI DSS 4.
0.1 remediation program, in partnership with the CTO, the engineering leads, and the Manos Group security team.
Implement and maintain SBOMs and open-source license tracking across all repos.
Tighten IAM, network segmentation, and audit logging across AWS.
Make least privilege a default, not an aspiration.
Coordinate third-party penetration tests and own the remediation work that comes out of them.
Keep Vanta accurate and useful, not a check-the-box exercise.
Internal IT Own the day-to-day IT experience for the team - laptops, accounts, onboarding, offboarding, MFA, SSO, and the small things that compound into a good or bad working environment.
Manage endpoint hygiene - device management, antivirus or EDR, patching, and a sane response to lost or compromised devices.
Be the practical point person for vendor management on the IT side - licensing, renewals, and consolidation opportunities.
Working With Agentic AI Embrace and actively use agentic AI tools in your own work - infrastructure changes, pipeline maintenance, incident response, log analysis, and IT operations.
Build agentic workflows that automate repetitive DevOps and IT work - alert triage, runbook execution, access provisioning, vulnerability triage, and routine support requests.
Partner with the CTO and the broader Manos Group on cross-portfolio AI initiatives, and share what works back into the group.
Experience 5+ years in a hands-on DevOps, SRE, or platform engineering role, with at least 2 years as the senior or lead DevOps person on a meaningful production environment.
Direct, hands-on AWS experience across the services in scope - EC2, ECS, Lambda, RDS (SQL Server and MySQL), ElastiCache, SQS, IAM, VPC, CloudWatch.
Multi-region experience is a plus.
Strong Terraform background.
You have written and maintained real IaC, not just inherited it.
GitHub Actions experience at depth - reusable workflows, matrix builds, environments, OIDC to cloud, and the kind of pipeline design that scales beyond a single team.
Practical security background.
You have led or materially contributed to PCI DSS, SOC 2, or equivalent remediation work, and you can read a SAST or dependency report and prioritise it sensibly.
Technical Range Fluent in Linux, networking fundamentals, and at least one scripting language used in anger (Python or shell, Node.
js or PowerShell a bonus).
Container experience - Docker, ECS, image hygiene, and an opinion about base images and patching.
Database operations background sufficient to support engineering on MS SQL Server, MySQL, and Redis - backups, restores, performance triage, and migration support.
You do not need to be a DBA, but you should not be afraid of one.
Observability and monitoring experience - CloudWatch is the starting point; experience with an APM (Datadog, New Relic, Dynatrace, Honeycomb, or similar) is valuable.
Cloudflare or equivalent CDN / WAF experience.
Hands-on use of modern AI coding and ops tools - Claude Code, Cursor, GitHub Copilot, MCP based agents, or similar - in your own day-to-day work.
Operating Style Owner, not coordinator.
You take problems end to end, including the unglamorous parts.
Calm under pressure.
Incidents, audits, and migrations are part of the job - they should not be a personality test.
• Honest about trade-offs.
You do not oversell quick wins and you do not hide the cost of doing things properly.
Communicates well with engineers, executives, auditors, and end users.
The IT side of the job requires patience and clarity.
Bias to automate.
If you have done it three times, the fourth time should be a script, a workflow, or an agent.
Bonus Points Experience supporting a hybrid environment that includes on-premise components syncing to cloud.
Experience running a PCI DSS audit through to a clean report.
Familiarity with Vanta, Drata, or similar compliance tooling.
Track record of meaningful AWS cost reduction backed by data.
M365 administration depth - Entra ID, Intune, Conditional Access, cross-tenant scenarios.