AWS Cloud Engineer (DevOps, Networking)

Top 3 reasons to join us

• International fintech & digital banking firm
• Top salary, bonus & stock options
• Work & travel globally with innovation teams

Job description

• Company: VIETPAY TECHNOLOGY CO. LTD
• Department: Technology & Innovation
• Location: Ho Chi Minh City or Hanoi, Vietnam
• Reports to: CTO, Head of Engineering, or CEO (as applicable)
• Employment type: Full time
• Level: Mid to Senior IC, Cloud and Infrastructure track
• Scope: End to end ownership of all AWS cloud infrastructure for Vietpay, covering networking, compute, databases, security, automation, monitoring, and production support, working closely with the technology team.
• Primary goals: Build and operate a secure, scalable, highly available, and cost efficient AWS platform that powers Vietpay mobile apps, web systems, and partner integrations, with strong automation and observability.

Role summary

Vietpay is hiring an AWS Cloud Engineer to own and operate the cloud infrastructure that powers our fintech platform. This is a hands on role responsible for the full lifecycle of our AWS environment, from networking and virtual server provisioning to database setup, security hardening, deployment automation, monitoring, and day to day production support. You will work very closely with the technology team, including backend, mobile, web, QA, and security, to deliver infrastructure that is secure, scalable, highly available, and cost efficient. Prior experience operating cloud infrastructure for banking, payments, or other regulated financial services is a strong advantage.

Key responsibilities

1) Cloud networking and connectivity

• Design, build, and maintain AWS networking, including VPCs, subnets, route tables, internet and NAT gateways, and security groups.
• Configure and operate secure connectivity between environments and partners, including VPC peering, Transit Gateway, VPN, and PrivateLink where required.
• Manage DNS with Route 53, load balancing with Application and Network Load Balancers, and content delivery and edge protection with CloudFront and AWS WAF.
• Enforce network segmentation, least privilege access paths, and traffic controls aligned to fintech security and compliance requirements.

2) Virtual servers and compute

• Provision, configure, and maintain EC2 instances, including sizing, AMI management, patching, and lifecycle automation.
• Operate containerized workloads on ECS or EKS, including cluster setup, scaling, node management, and deployment pipelines.
• Implement auto scaling, load balancing, and high availability across multiple availability zones to meet reliability targets.
• Evaluate and use serverless compute such as Lambda where it improves cost, speed, or operational simplicity.

3) Database setup, implementation, and support

• Provision and manage relational databases on Amazon RDS and Aurora, including engine configuration, parameter groups, and version upgrades.
• Set up and operate NoSQL and caching services such as DynamoDB, ElastiCache, and other managed data stores as needed by the technology team.
• Own backups, snapshots, point in time recovery, replication, and failover, with tested recovery time and recovery point objectives.
• Monitor and tune database performance, capacity, and cost, and support engineers with secure access, migrations, and schema deployment processes.

4) Infrastructure as code and automation

• Define and manage all infrastructure as code using Terraform, AWS CloudFormation, or CDK, with version control and peer review.
• Build and maintain CI and CD pipelines for safe, repeatable deployments of infrastructure and application services.
• Automate routine operations such as provisioning, patching, scaling, and configuration management to reduce manual work and human error.
• Maintain reusable modules, templates, and standards that speed up delivery and keep environments consistent.

5) Security, identity, and compliance

• Manage identity and access with IAM, including roles, policies, least privilege design, and federation, in partnership with the security team.
• Implement encryption at rest and in transit using KMS, certificate management, and secure secrets handling with Secrets Manager or Parameter Store.
• Operate security and governance tooling such as GuardDuty, Security Hub, Config, CloudTrail, and Inspector, and remediate findings within agreed timelines.
• Support compliance and audit needs relevant to payments and financial services, including evidence collection, access reviews, and control documentation.

6) Monitoring, observability, and reliability

• Build monitoring, logging, tracing, dashboards, and alerting using CloudWatch and complementary tooling such as Prometheus, Grafana, or ELK.
• Define and track service level objectives, and ensure systems meet agreed availability and performance targets.
• Participate in on call rotation, incident response, root cause analysis, and post incident improvements.
• Maintain runbooks, escalation paths, and disaster recovery plans, and run periodic recovery and failover tests.

7) Cost management and optimization

• Monitor and report AWS spend, enforce consistent tagging, and identify and act on cost optimization opportunities.
• Right size resources, manage reserved capacity and savings plans, and remove idle or orphaned infrastructure.
• Provide clear cost visibility to engineering and leadership, including cost per environment and cost per workload.

8) Collaboration with the technology team

• Work closely with backend, mobile, web, QA, and security engineers to translate application needs into reliable infrastructure.
• Support development and staging environments, build pipelines, and release readiness for new features and partner integrations.
• Document architecture, network diagrams, configurations, and standard operating procedures so the team can operate with confidence.
• Promote a professional, calm, and accountable engineering culture, and mentor others on cloud best practices.

Key performance indicators
The KPIs below are examples. Final targets should be set based on current baseline performance and growth plans.
Area                            KPI                                                                                                  Typical target direction
Availability                   Production uptime against agreed service levels                             Increase
Reliability                     Critical incidents, mean time to detect, mean time to recover         Decrease
Deployment                Deployment frequency and lead time for changes                          Increase, Decrease
Deployment                Change failure rate and rollback rate                                               Decrease
Security                       Critical and high severity findings open beyond SLA                       Decrease
Automation                 Share of infrastructure managed as code                                         Increase
Cost                             AWS cost per transaction and unallocated or untagged spend        Decrease
Recovery                      Backup success rate and tested recovery time objective                  Increase, Decrease

Your skills and experience

Required qualifications

• 4 or more years of hands on experience operating cloud infrastructure, with strong, demonstrable AWS experience.
• Solid experience with AWS networking, including VPC design, subnets, security groups, routing, DNS, and load balancing.
• Practical experience provisioning and operating compute, including EC2 and containers on ECS or EKS.
• Hands on experience with managed databases such as RDS or Aurora, including backups, recovery, and performance tuning.
• Experience with infrastructure as code using Terraform or CloudFormation, and with CI and CD pipelines.
• Good working knowledge of cloud security fundamentals, including IAM, encryption, and secrets management.
• Comfortable with Linux administration and at least one scripting language such as Bash or Python.
• Strong troubleshooting skills, ownership mindset, and clear written and spoken English to work across teams.

Preferred qualifications

• AWS certification such as Solutions Architect Associate or Professional, SysOps Administrator, or DevOps Engineer Professional.
• Experience operating infrastructure in fintech, banking, payments, or other regulated environments.
• Familiarity with payment and scheme ecosystems such as NAPAS, Visa, or Mastercard, and related compliance such as PCI DSS.
• Experience with Kubernetes in depth, service mesh, or advanced container orchestration.
• Experience with observability tooling such as OpenTelemetry, Prometheus, Grafana, or ELK.
• Experience supporting multi region or disaster recovery architectures for high availability systems.

Tools and working methods

• Cloud: AWS services for networking, compute, storage, databases, security, and monitoring.
• Automation: Terraform or CloudFormation, CI and CD pipelines, and configuration management.
• Containers: Docker, ECS or EKS, with structured deployment and rollback practices.
• Observability: CloudWatch plus tooling such as Prometheus, Grafana, or ELK, with dashboards and alerting.
• Collaboration: Jira or equivalent, documentation in Confluence or Notion, and clear written updates with decision logs.

Compensation

Depends on Experience.

Why you'll love working here

• International fintech & digital banking firm
• Top salary, bonus & stock options
• Work & travel globally with innovation teams
• Social insurance based on full salary 
• Full Training will be provided to Candidate