Which job is the best opportunity straight out of university

I have 3 job offers on the table and I am a bit torn right now. Pay is comparable for all of them. I hope this sub is the right one, as all of them are more platform than devops, but I guess there is a lot of overlap.

Job 1: Platform Engineer that develops toolings / SDKs for devs to provision their own infra. They also manage all cloud infra (that devs can just spin up themself if needed). Logging and monitoring is apparently included in these reusable modules so this is not a part of this job. Also everything seems to be built using managed services or at least hyperscalers versions of services (e.g AKS instead of native Kubernetes). Definetly cool challenges (e.g building one click deployments etc.) Don't know if I vibe with the team though and no one was able to really tell me what my tasks would and could be.

Job 2: Platform engineer at a technical consulting company. They build multi cloud Kubernetes platforms for customers, everything using open source tools and also ensured me work is only technical 0% powerpoint. Monitoring and Alerting solutions are also included. Compared to Job 1 it is more focused on Terraform, Yaml and Helm and no software is written.

Job 3: Building an IDP. This company has roughly 2000 devs and they want an IDP for all of them with Backstage. The project starts from scratch, which is a huge appeal. But I am not sure if that would move me away to far from infrastructure and related tooling?

Long term I want to move in a direction like Job 1, but the fact that no one was really able to communicate what I would do (e.g we build go sdks) and whether it is a lot of maintenance or development of new things concerns me a lot. Or do you think with Job 2 I can still move into a more writing "infrastructure software" and tooling direction later?

https://redd.it/1lw9050
@r_devops

Project ideas that recruiters like.

I am still a fresher and targeting devops field . I am making projects but they are simple af.

I want to know from a recruiter pov what they want to see in the projects.What kind of projects they wanna see (I also heard that homelab project is plus). Please help me and give me ideas I am tired of doing chatgpt for it

https://redd.it/1lw9kus
@r_devops

Why do I see AWS mentioned more than others when it comes to DevOps?

Every where I look, when DevOps is mentioned it seems to be tied to AWS over Azure or hybrid infrastructures. It can be used in all the above mentioned. What is it about AWS that makes it the most mentioned infrastructure when people bring up DevOps? My company is pushing for DevOps methodology and we use Azure/ Windows and we technically do not sell a product. We are more or less a huge global consulting enterprise.

https://redd.it/1lwc2f5
@r_devops

Best practice for handling user claims from ALB/Cognito in Fargate-deployed apps?

Hi all,

I'm working on a platform where multiple apps are deployed on AWS Fargate behind an Application Load Balancer (ALB). The ALB handles authentication using Cognito and forwards OIDC headers (such as x-amzn-oidc-data) to the app, which contain user and group information.

Access to each app is determined by the user's group membership.

I'm unsure of the best practice for handling these claims once they reach the app. I see two main options:

Option 1: Use a reverse proxy in front of each app to validate the claims and either allow or block access based on group membership. I’m not keen on this approach at the moment, as it adds complexity and requires managing additional infrastructure.

Option 2: Have each app validate the JWT and enforce access control based on the user's groups. This keeps things self-contained but raises questions for me around where and how best to handle this logic inside the app (e.g. middleware? decorators? external auth module?).

I’d really appreciate any advice on which approach is more common or secure, and how others have integrated this pattern into their apps.

Thanks in advance!

https://redd.it/1lwfrkn
@r_devops

How do you all deal with pipeline schedules in Gitlab?

Pipeline schedules are very convenient and I use them for a few things, but it runs under the user that created it. Meaning that if that user leaves the company those pipeline schedules all break. Last I knew you couldn't run them under a bot user. Short of making a pipeline schedule service account user, is there a good way to handle this?

https://redd.it/1lwi50p
@r_devops

Starting curv

How can I start learning in devops I mean the resources and all and if there are enough jobs for freshers in this ??? Please help

https://redd.it/1lwjf4b
@r_devops

How do you all manage records in your DNS providers for Kubernetes deployments?

I've been using external-dns for years. But recently I've been encountering a bug where it will sometimes delete all records it's managing for a cluster's Ingresses and then recreate them on the next pass. Causing 2-3 minutes of service disruption. I think I'm personally ready for a change on how I manage records in my DNS provider, so I'm curious what tools people are using, if any, or if you're just managing your records manually (sounds horrible, but I'd rather that than look like an idiot for causing an incident.)


I'll also mention I'm in the process of switching from Ingresses to Gateway API's HTTPRoutes. So if it's a tool that supports both, and doesn't accidentally delete all my records out from under me, bonus points.

https://redd.it/1lwl6wg
@r_devops

Hemmelig TUI

Hi,

I have, for a couple of years, been thinking of implementing the Diffie-Hellman key exchange for Hemmelig.app. This made me create a TUI that solves this for me.

The background for Hemmelig was to securely share PII, GDPR, and other sensitive data like passwords and API keys.

Built with Curve25519, AES-256-GCM, and TOFU fingerprinting to keep your comms secure. Bypasses firewalls with NAT traversal.

https://github.com/bjarneo/hemmelig

Let me know what you think. If usable, I'll move it to the Hemmelig organization.



https://redd.it/1lwmay6
@r_devops

Monitoring and Observability Intern



Hey everyone,

I’ve been lurking here for a while and honestly this community helped me land a monitoring and observability internship. I’m a college student and I’ve been working with the monitoring team, and I’ve learned a lot, but also feeling a little stuck right now. For context I’m based in the US

Here’s what I’ve done so far during the internship:
• Set up Grafana dashboards with memory, CPU, and custom Prometheus metrics
• Used PromQL with variables, filters, thresholds, and made panels that actually make sense
• Wrote alert rules in Prometheus with labels, severity levels, and messages
• Used Blackbox Exporter to monitor HTTP endpoints and vanity URLs for status codes, SSL certs, redirect chains, latency, etc
• Learned how Prometheus file-based service discovery works and tied it into redirect configs so things stay in sync
• Helped automate some of this using YAML playbooks and made sure alerts weren’t manually duplicated
• Got exposure to Docker (Blackbox Exporter and NGINX are running in containers), xMatters for alerting, and GitHub for versioning monitoring configs

It’s been really cool work, but I’ve also heard some people say observability and monitoring tends to be more senior work because it touches a lot of systems. So I’m wondering where to go from here and if this can allow me to apply for junior roles.

My questions:
Are tools like Blackbox exporter and whitebox exporter used everywhere or just specific teams?

Any advice, next steps, or real-world experiences would mean a lot. Appreciate any thoughts.

Thanks

https://redd.it/1lwoew7
@r_devops

Looking for advice: how do you typically gather input when writing performance reviews for your team/direct reports? Do you rely on tools, notes, past projects, or something else?

Looking for advice here — especially the process of gathering input across tools and channels. Curious how you do it and what works well (or doesn’t). How much time do you spend on it?

Happy to share back what I learn.

https://redd.it/1lwlwzx
@r_devops

🚨 Hiring for a Web3 NFT Marketplace – Remote (Europe timezones preferred)

Helping a team launch a decentralized NFT marketplace with features like wallet integration, staking, AI-driven personalization, and multi-chain support (Ethereum, Phantom).

We’re looking for experienced developers + leads across the stack for a quick MVP build.

📌 Open Roles:

– Technical Manager / PM (Web3/Blockchain experience)
– Senior Blockchain Lead (Solidity + Rust)
– Smart Contract Developer (NFT minting, royalties, staking)
– Blockchain Security Engineer (auditing, fraud detection)
– Senior Frontend Lead (React.js, TypeScript, Web3.js)
– Frontend Developer (Figma to code, scalable UI)
– Senior Backend Lead (Node.js, GraphQL, REST)
– Backend Developer (API integrations, microservices)
– AI/ML Engineer (recommendations, fraud detection, personalization)
– DevOps Engineer (CI/CD, Docker, cloud deploys)
– QA Engineer (manual + automated testing)

💼 All roles are remote, project-based or contract, and require strong ownership and fast turnaround.

DM me if you’re interested or know someone perfect for one of these roles — I’ll connect you directly with the founder.

https://redd.it/1lwqtlm
@r_devops

What does this mean in terms of DevSecOps

A job description mentions " Implement secure infrastructure with IaC tools ". What does this ACTUALLY mean and how can I understand it better. Is it just writing terraform in a CI/CD Pipeline to use secure scanning tools such as trivy, SCA, SAST, etc?

Apologies if this is an ignorant question.

https://redd.it/1lwsetw
@r_devops

I automated the compliance work I do for infrastructure teams. Then turned it into a startup.

I was the DevOps engineer who inevitably got assigned compliance tasks. You know the drill - sales promises SOC2 to close a deal, then suddenly it's "can you handle the technical implementation?" and you're reading control frameworks at midnight trying to understand what "logical access controls" actually means in practice.

Over several years, I probably spent 400+ hours manually documenting infrastructure configurations, taking screenshots of AWS console settings, and writing policies that felt disconnected from actual operational work. The entire process felt antithetical to everything we try to achieve in DevOps - it was manual, error-prone, and didn't scale.

The breaking point came when I had to implement both SOC2 and ISO 27001 simultaneously. That's roughly 160 controls across both frameworks with significant overlap, but still requiring individual verification and documentation. Three months of engineering time that could have been spent on infrastructure improvements or reliability work.

Instead of continuing to suffer through manual compliance, I started building automation scripts - first for evidence collection, then for configuration validation, then for continuous monitoring. Eventually I realized I was building a comprehensive platform just to avoid doing compliance work manually.

The core insight was that most compliance requirements are really just infrastructure configuration checks that can be queried programmatically. Instead of manually screenshotting AWS settings, you can query the API. Instead of manually tracking policy reviews, you can automate the workflow.

What's interesting is that automating compliance actually improved our infrastructure practices. To automate compliance checking, you need to deeply understand your infrastructure configuration, which forces better documentation and more consistent implementation patterns. The infrastructure-as-code practices that make compliance easier also make systems more reliable and maintainable.

The time savings were substantial. Manual compliance work for a typical startup takes 40-60 hours of engineering time per framework. With proper automation, I managed to drop to 10-15 hours - mostly spent on initial setup and reviewing automated findings rather than manual evidence collection.

I had a customer recently whose engineer said "this is the first time compliance didn't make me want to find a different job." Honestly, that felt so real to me. Compliance work used to be the worst part of being a DevOps engineer.

The broader principle here in my opinion - is that compliance requirements are increasingly becoming code problems rather than process problems. Most of what auditors want to verify can be checked automatically if you structure your infrastructure and tooling appropriately.

For those still stuck doing manual compliance work, I'd encourage thinking about it as an automation challenge rather than an administrative burden. The skills you develop automating compliance will probably make you better at infrastructure work anyways.

https://redd.it/1lwww4k
@r_devops

How do you decide which microservices need a message broker llike Kafka/RabbitMQ

Say you have many microservices, how do you personally decide that "hey microservice A and B needs a message broker, while C and D does not - even though C talks to D".

https://redd.it/1lwyq16
@r_devops

Trapped in a Middleware Role I Didn’t Sign Up For — Losing Motivation After 1 Year

Hi everyone,
I’m writing this because I feel stuck and confused in my career, and I don’t know what to do next. I joined a large IT company in October 2023 after interning with them. During training, I learned Java, HTML, CSS, and JavaScript, and hoped to work on Java-based projects.

Through contacts, I reached out to a manager and was told there was a Java opening, but when I joined, the only available work was in a support role using SDLC and Jira. I was advised to accept any available project quickly to avoid being benched, so I joined under pressure.

Later, I was moved to a new project introduced as DevOps/cloud-based, but in reality, the work was on IBM ACE and RIT—technologies I had never heard of. Training was limited, and even after a year, most of us are still unclear on the tools. Only a few seniors have real expertise.

Since I wasn’t interested in middleware, I used my free time to upskill. I completed the AWS Certified Solutions Architect - Associate Certification and took courses on Docker, Kubernetes, Terraform, and other DevOps tools. I also spent my weekends working on personal projects in these domains.

After a year, I was assigned an interface to develop without much experience. A senior helped me, but he was often impatient and would get angry. I tried to keep up, but the pressure and lack of interest made it hard to stay motivated. My health also took a hit—I started losing sleep, lost weight, and felt stressed most of the time.

When I expressed interest in moving toward DevOps, I was told that I wouldn’t be able to manage that either. That really affected my confidence and made me second-guess my choices.

I tried speaking to my manager, but didn’t get much support. I haven’t directly asked for a project release yet because others who asked haven’t been released. I’ve also applied outside, but I’m not getting calls due to limited DevOps experience.

Now I feel like I’m stuck. I don’t get enough time or energy to study, and weekends are often occupied with work. I’m forgetting what I’ve studied, and I’m starting to question whether I’m even moving in the right direction.

That said, I still believe I have potential. I graduated from a good college in Pune and got a Digital offer when I joined. I’ve worked hard to learn new skills—but I feel I’ve been stuck in a role that doesn’t match my interests or strengths.

Please share any advice. Should I push harder for a release? Should I try switching roles or learning something new? I can’t quit without another offer due to financial reasons, but I also can’t stay in this loop forever.

Any advice or referrals would be truly appreciated.
Thanks for reading.

Note: Posting this on behalf of my girlfriend as she doesn’t use reddit so doesn’t have enough karma to post here

https://redd.it/1lwyuuc
@r_devops

How much is your pride worth?

Bit of an inflammatory title, but it fits my current situation.

I work at a company that is almost quite literally hell-bent on killing me. I work anywhere from 14 to 16 hours a day almost every day of the week. If I try to only work 8 hours a day or not work weekends, projects go to shit because I'm not able to keep the US, UK, and India teams on the same page after a couple of weeks. It's a very disorganized company where the left hand never knows what the right is doing, teams are uncoordinated, etc.

Honestly, from this perspective, it sucks. However, I lead a team of 7 people tackling a crazy amount of cool projects across the organization. I have built a ton of respect, confidence, and trust from upper management and across teams. At this company, I've touched about everything you can touch when it comes to cloud providers, version control systems, tech stacks in general, etc. To the point from when I interview, it borderline sounds like I'm lying.

But again, I'm working too much and missing too much of my family's life and my own. Now for the dilemma.

I just got an offer from another company. I originally interviewed for one of their most senior devops positions but lost out to someone else. The recruiter, team, and management wanted to keep me in mind for future openings blah blah we've all heard it before. Maybe I'll hear back from them in a year, ya know? However, I recently got a call from them that they had a backfill opportunity, and while its not what they wanted to offer me, its a position they had open and want me to join the team. All the promises of advancement and promotion opportunities, etc.. were made on the call. Essentially, it's a less senior title with less senior responsibilities. And that's my issue.

So I feel that I'm stuck in this weird place. The potential employer sounds like an awesome place to work. They have a robust and well-built devops team, modern app and tech stack, well coordinated teams, and just general good work-life balance. But I wouldn't be leading a team anymore, making the decisions, working with upper management and the team(s) on solutions, etc.. but instead delegated work and given marching orders.

Career wise and even just general work type(?) I feel like I'm taking a hit to my pride. In my head, it makes absolutely no sense to say no but I'm also jaded about employer promises (literally never seen one follow through) and trust a company about as far as I can throw it. Where I'm at now, I'm the guy that solves issues, makes the calls, smooths over issues, and gets projects or things in general moving to where they need to be. And that feels great, but again, it's killing me, practically literally. The bags I have under my eyes are crazy.

So, I'm asking the community here. How much is your pride worth? Comp in this offer is fine in both salary and bonus, and there's an offer of equity (not a lot but not quite a little), but it's super crazy out of this world. If anyone feels like I'm just being an obtuse ass, call me out on it. That's pretty much what I'm asking for.

Edit: After typing all of this out and re-reading it. I realize I'm being an idiot. So I'm going to accept the job. I'll leave the post up rather than delete it for anyone who wants to call me an idiot. I think I just needed to just put it all out there to get my head on straight.

https://redd.it/1lwzhft
@r_devops

Can I get your honest thoughts on our Serpent DevOps tool website?

Hey everyone,

We've just launched the website for Serpent, our Salesforce DevOps automation tool, built to simplify releases, sync environments, and tackle all those familiar, recurring scripting challenges you face daily with Salesforce deployments.

 

Before we go into full promo mode, we'd genuinely appreciate your honest feedback on the website itself. Your insights are invaluable as we refine both the product and its messaging.

Is Serpent's functionality clear? (i.e., what it does, how it works, and how it helps?)
Does the site make you want to start the free trial?
Is anything unclear, unsettling, or missing?
For DevOps engineers: What factors would motivate you to use a tool like Serpent in your workflow and encourage you to sign up after visiting our website?

This is the link to our site: https://tekunda.com/serpent and If you have 2-3 minutes, we appreciate sharing more via our short survey: https://tally.so/r/3jqkya

 

We're still actively shaping Serpent. Getting real thoughts from the Salesforce and DevOps community means a lot. Our goal is a product that not only looks good but truly feels right in daily use.

 

Thanks in advance. Happy to swap feedback on your projects, too!

https://redd.it/1lx25sa
@r_devops

basic question about a backend + database setup for local development

Hello everyone,

I am not exactly great at architecturing and deploying software that has multiple modules, and therefore I have a quick/basic question about a project I am doing.

I am basically using Go Fiber as a backend and PostgreSQL as a database. For the sake of this project/exercise, I would like to try the following:

1) Use a monorepo

2) Have a docker compose that can run everything in one command.

Therefore, I thought of the following directory structure:

app/

├── backend/ # Go Fiber app

│ ├── main.go

│ ├── go.mod

│ └── ... (handlers, routes, etc.)

│

├── db/ # DB schema and seed scripts

│ ├── init.sql # Full init script (schema + seed)

│ └── migrations/ # Versioned SQL migrations

│ └── 001createtables.sql

│

├── docker/ # Docker-related setup

│ ├── backend.Dockerfile

│ └── db-init-check.sh # Entrypoint to initialize DB if empty

│

├── .env # Environment variables

├── docker-compose.yml

└── README.md


With this structure, I just have a few questions regarding running everything vs. local development:

1) If I am developing locally, do I just run everything manually or do I use the docker compose? I know that I will be using the docker compose to run and test everything, but what about actual development? Maybe I should just run everything manually?

2) The .env file holds PostgreSQL information for my Go server to access my database. Should it reside in the project root or in the /backend subdirectory? If it resides in the project root, it's easy to reference the .env file for the docker-compose. However, it's then more difficult to locally run, modify and test the Go server because that means that I will have to have the /app root folder open in my IDE instead of the /backend.

Thanks in advance for any help, this is indeed a bit confusing in the beginning!

https://redd.it/1lx227m
@r_devops

WIP DevOps-AI-Lab: Local GitOps playground with LLM-powered CI/CD automation and AI observability

Hi everyone,
I'm building a local lab to explore how LLMs can assist DevOps workflows. It’s called DevOps-AI-Lab, and it runs fully on a local Kubernetes cluster (Kind) with Jenkins, ArgoCD, and modular AI microservices.

The idea is to simulate modern CI/CD + GitOps setups where agents (via LangChain) help diagnose pipeline failures, validate Helm charts, generate Jenkinsfiles, and track reasoning via audit trails.

github.com/dorado-ai-devops/devops-ai-lab

# Key components:

`ai-log-analyzer`: log analysis for Jenkins/K8s with LLMs
ai-helm-linter: Helm chart validation (Chart.yaml, templates, values)
`ai-pipeline-gen`: Jenkinsfile generation from natural language specs
ai-gateway: Flask adapter that routes requests to AI microservices
`ai-ollama`: LLM server (e.g. LLaMA3, Phi-3) running locally
ai-mcp-server: FastAPI server to store MCP-style audit traces
`streamlit-dashboard`: WIP UI to visualize prompts, responses, and agent decisions

# Infra setup:

Kind + Helm + ArgoCD
Jenkins for CI
GitOps structure per service
LangChain agent + OpenAI fallback
Secrets managed via Kubernetes
SQLite used for trace persistence

Each service has its own Helm chart and Jenkins test pipeline (e.g. test a log input, validate Helm chart, etc.).

I’m looking for feedback, ideas, or references on:

LLM agent reliability in DevOps
AI observability best practices
Self-hosted LangChain use in ops

Happy to chat if someone else is exploring similar ideas!

https://redd.it/1lx2lc9
@r_devops

what could I improve about my resume to land a devops job?

Hey everyone,


I'm working on transitioning into a DevOps Engineer role and would really appreciate it if any of you could take a look at my resume. I'd love to hear your feedback—both critiques and suggestions—as well as your honest take on how likely you think I am to land a position in DevOps based on my current experience.

Just to note: I only put this resume together over the past few days and started applying with it yesterday, so I don’t have a sense yet of how it’s performing.

Thanks in advance :)

https://redd.it/1lx82ax
@r_devops

I've finally met my match... time to move on to a new job. (RANT)

Senior Developers that:

* Will not change..even when they agree that what you've shown them is a better way.
* Beaten attitudes.. "I'm here to fix bugs and adjust to regulatory changes... not fix this crappy code and make my job easier"
* Defer thinking to 'authorities'. I'm in a meeting now where a developer thinks that .NET Aspire is equivalent to Terraform, I keep trying to explain the difference and he'll say "yeah but it's the Microsoft way to deploy .NET applications in the cloud".. conveniently ignoring everything not .NET \*and\* that engineering has already decided TF is our goto IaC tool.

Director (my direct report) who:

* Actively moves me back to IC coding duties on legacy apps even though I'm the only engineer with IT/Cybersec/Devops experience (BS in Cybersecurity, CSSLP.. could be using those skills better)
* Ignores root problems when presented, "we don't have budget for that"... but we somehow have budget to waste on 30 engineering jobs that wouldn't exist if tech debt was cleaned up and software actually designed properly.
* Avoids inclusion of IT/Cybersec when discussing work they need to be involved in. He seems to be hoping engineering can push past IT/Cybersec which is maybe possible because we have no risk management and policy is not enforced in any case (not sure how they manage SOC audits).

VP (skip)

* Comes to me for advice on these and related subjects every few weeks, agrees with my assessment and ignores advice.
* Is a pushover... mostly due to very little technical knowledge, he's an accountant... and knows it.

I've come to the conclusion that these systemic problems are driven by our parent company. They in turn are owned by a huge capital firm (many many billions in assets). The parent is taking all profit and using that to convince the ownership that "everything is just fine.. see all this money coming in" while the technical debt and beaten down employees just shuffle along oblivious.

A couple of weeks ago I felt myself starting to give up, that was it for me. I'm not going to let my generally optimistic outlook be burned by this place.

I've got a new job in the pipeline (4th round on Monday). I've spent months researching the company and I know many current employees. As best I can tell (outside looking in always fuzzy) it'll be a much much better place, in any case it's time for change.

I know that a lot of people in this industry and related burn out, see posts about that pretty often. Try to recognize the signs early and start looking for a new job as soon as you can. Even better, don't stop looking for new opportunities at all, keep your resume up to date and put it out there. You never know what may happen.

https://redd.it/1lxak0g
@r_devops