🚨 Hiring for a Web3 NFT Marketplace – Remote (Europe timezones preferred)

Helping a team launch a decentralized NFT marketplace with features like wallet integration, staking, AI-driven personalization, and multi-chain support (Ethereum, Phantom).

We’re looking for experienced developers + leads across the stack for a quick MVP build.

📌 Open Roles:

– Technical Manager / PM (Web3/Blockchain experience)
– Senior Blockchain Lead (Solidity + Rust)
– Smart Contract Developer (NFT minting, royalties, staking)
– Blockchain Security Engineer (auditing, fraud detection)
– Senior Frontend Lead (React.js, TypeScript, Web3.js)
– Frontend Developer (Figma to code, scalable UI)
– Senior Backend Lead (Node.js, GraphQL, REST)
– Backend Developer (API integrations, microservices)
– AI/ML Engineer (recommendations, fraud detection, personalization)
– DevOps Engineer (CI/CD, Docker, cloud deploys)
– QA Engineer (manual + automated testing)

💼 All roles are remote, project-based or contract, and require strong ownership and fast turnaround.

DM me if you’re interested or know someone perfect for one of these roles — I’ll connect you directly with the founder.

https://redd.it/1lwqtlm
@r_devops

What does this mean in terms of DevSecOps

A job description mentions " Implement secure infrastructure with IaC tools ". What does this ACTUALLY mean and how can I understand it better. Is it just writing terraform in a CI/CD Pipeline to use secure scanning tools such as trivy, SCA, SAST, etc?

Apologies if this is an ignorant question.

https://redd.it/1lwsetw
@r_devops

I automated the compliance work I do for infrastructure teams. Then turned it into a startup.

I was the DevOps engineer who inevitably got assigned compliance tasks. You know the drill - sales promises SOC2 to close a deal, then suddenly it's "can you handle the technical implementation?" and you're reading control frameworks at midnight trying to understand what "logical access controls" actually means in practice.

Over several years, I probably spent 400+ hours manually documenting infrastructure configurations, taking screenshots of AWS console settings, and writing policies that felt disconnected from actual operational work. The entire process felt antithetical to everything we try to achieve in DevOps - it was manual, error-prone, and didn't scale.

The breaking point came when I had to implement both SOC2 and ISO 27001 simultaneously. That's roughly 160 controls across both frameworks with significant overlap, but still requiring individual verification and documentation. Three months of engineering time that could have been spent on infrastructure improvements or reliability work.

Instead of continuing to suffer through manual compliance, I started building automation scripts - first for evidence collection, then for configuration validation, then for continuous monitoring. Eventually I realized I was building a comprehensive platform just to avoid doing compliance work manually.

The core insight was that most compliance requirements are really just infrastructure configuration checks that can be queried programmatically. Instead of manually screenshotting AWS settings, you can query the API. Instead of manually tracking policy reviews, you can automate the workflow.

What's interesting is that automating compliance actually improved our infrastructure practices. To automate compliance checking, you need to deeply understand your infrastructure configuration, which forces better documentation and more consistent implementation patterns. The infrastructure-as-code practices that make compliance easier also make systems more reliable and maintainable.

The time savings were substantial. Manual compliance work for a typical startup takes 40-60 hours of engineering time per framework. With proper automation, I managed to drop to 10-15 hours - mostly spent on initial setup and reviewing automated findings rather than manual evidence collection.

I had a customer recently whose engineer said "this is the first time compliance didn't make me want to find a different job." Honestly, that felt so real to me. Compliance work used to be the worst part of being a DevOps engineer.

The broader principle here in my opinion - is that compliance requirements are increasingly becoming code problems rather than process problems. Most of what auditors want to verify can be checked automatically if you structure your infrastructure and tooling appropriately.

For those still stuck doing manual compliance work, I'd encourage thinking about it as an automation challenge rather than an administrative burden. The skills you develop automating compliance will probably make you better at infrastructure work anyways.

https://redd.it/1lwww4k
@r_devops

How do you decide which microservices need a message broker llike Kafka/RabbitMQ

Say you have many microservices, how do you personally decide that "hey microservice A and B needs a message broker, while C and D does not - even though C talks to D".

https://redd.it/1lwyq16
@r_devops

Trapped in a Middleware Role I Didn’t Sign Up For — Losing Motivation After 1 Year

Hi everyone,
I’m writing this because I feel stuck and confused in my career, and I don’t know what to do next. I joined a large IT company in October 2023 after interning with them. During training, I learned Java, HTML, CSS, and JavaScript, and hoped to work on Java-based projects.

Through contacts, I reached out to a manager and was told there was a Java opening, but when I joined, the only available work was in a support role using SDLC and Jira. I was advised to accept any available project quickly to avoid being benched, so I joined under pressure.

Later, I was moved to a new project introduced as DevOps/cloud-based, but in reality, the work was on IBM ACE and RIT—technologies I had never heard of. Training was limited, and even after a year, most of us are still unclear on the tools. Only a few seniors have real expertise.

Since I wasn’t interested in middleware, I used my free time to upskill. I completed the AWS Certified Solutions Architect - Associate Certification and took courses on Docker, Kubernetes, Terraform, and other DevOps tools. I also spent my weekends working on personal projects in these domains.

After a year, I was assigned an interface to develop without much experience. A senior helped me, but he was often impatient and would get angry. I tried to keep up, but the pressure and lack of interest made it hard to stay motivated. My health also took a hit—I started losing sleep, lost weight, and felt stressed most of the time.

When I expressed interest in moving toward DevOps, I was told that I wouldn’t be able to manage that either. That really affected my confidence and made me second-guess my choices.

I tried speaking to my manager, but didn’t get much support. I haven’t directly asked for a project release yet because others who asked haven’t been released. I’ve also applied outside, but I’m not getting calls due to limited DevOps experience.

Now I feel like I’m stuck. I don’t get enough time or energy to study, and weekends are often occupied with work. I’m forgetting what I’ve studied, and I’m starting to question whether I’m even moving in the right direction.

That said, I still believe I have potential. I graduated from a good college in Pune and got a Digital offer when I joined. I’ve worked hard to learn new skills—but I feel I’ve been stuck in a role that doesn’t match my interests or strengths.

Please share any advice. Should I push harder for a release? Should I try switching roles or learning something new? I can’t quit without another offer due to financial reasons, but I also can’t stay in this loop forever.

Any advice or referrals would be truly appreciated.
Thanks for reading.

Note: Posting this on behalf of my girlfriend as she doesn’t use reddit so doesn’t have enough karma to post here

https://redd.it/1lwyuuc
@r_devops

How much is your pride worth?

Bit of an inflammatory title, but it fits my current situation.

I work at a company that is almost quite literally hell-bent on killing me. I work anywhere from 14 to 16 hours a day almost every day of the week. If I try to only work 8 hours a day or not work weekends, projects go to shit because I'm not able to keep the US, UK, and India teams on the same page after a couple of weeks. It's a very disorganized company where the left hand never knows what the right is doing, teams are uncoordinated, etc.

Honestly, from this perspective, it sucks. However, I lead a team of 7 people tackling a crazy amount of cool projects across the organization. I have built a ton of respect, confidence, and trust from upper management and across teams. At this company, I've touched about everything you can touch when it comes to cloud providers, version control systems, tech stacks in general, etc. To the point from when I interview, it borderline sounds like I'm lying.

But again, I'm working too much and missing too much of my family's life and my own. Now for the dilemma.

I just got an offer from another company. I originally interviewed for one of their most senior devops positions but lost out to someone else. The recruiter, team, and management wanted to keep me in mind for future openings blah blah we've all heard it before. Maybe I'll hear back from them in a year, ya know? However, I recently got a call from them that they had a backfill opportunity, and while its not what they wanted to offer me, its a position they had open and want me to join the team. All the promises of advancement and promotion opportunities, etc.. were made on the call. Essentially, it's a less senior title with less senior responsibilities. And that's my issue.

So I feel that I'm stuck in this weird place. The potential employer sounds like an awesome place to work. They have a robust and well-built devops team, modern app and tech stack, well coordinated teams, and just general good work-life balance. But I wouldn't be leading a team anymore, making the decisions, working with upper management and the team(s) on solutions, etc.. but instead delegated work and given marching orders.

Career wise and even just general work type(?) I feel like I'm taking a hit to my pride. In my head, it makes absolutely no sense to say no but I'm also jaded about employer promises (literally never seen one follow through) and trust a company about as far as I can throw it. Where I'm at now, I'm the guy that solves issues, makes the calls, smooths over issues, and gets projects or things in general moving to where they need to be. And that feels great, but again, it's killing me, practically literally. The bags I have under my eyes are crazy.

So, I'm asking the community here. How much is your pride worth? Comp in this offer is fine in both salary and bonus, and there's an offer of equity (not a lot but not quite a little), but it's super crazy out of this world. If anyone feels like I'm just being an obtuse ass, call me out on it. That's pretty much what I'm asking for.

Edit: After typing all of this out and re-reading it. I realize I'm being an idiot. So I'm going to accept the job. I'll leave the post up rather than delete it for anyone who wants to call me an idiot. I think I just needed to just put it all out there to get my head on straight.

https://redd.it/1lwzhft
@r_devops

Can I get your honest thoughts on our Serpent DevOps tool website?

Hey everyone,

We've just launched the website for Serpent, our Salesforce DevOps automation tool, built to simplify releases, sync environments, and tackle all those familiar, recurring scripting challenges you face daily with Salesforce deployments.

 

Before we go into full promo mode, we'd genuinely appreciate your honest feedback on the website itself. Your insights are invaluable as we refine both the product and its messaging.

Is Serpent's functionality clear? (i.e., what it does, how it works, and how it helps?)
Does the site make you want to start the free trial?
Is anything unclear, unsettling, or missing?
For DevOps engineers: What factors would motivate you to use a tool like Serpent in your workflow and encourage you to sign up after visiting our website?

This is the link to our site: https://tekunda.com/serpent and If you have 2-3 minutes, we appreciate sharing more via our short survey: https://tally.so/r/3jqkya

 

We're still actively shaping Serpent. Getting real thoughts from the Salesforce and DevOps community means a lot. Our goal is a product that not only looks good but truly feels right in daily use.

 

Thanks in advance. Happy to swap feedback on your projects, too!

https://redd.it/1lx25sa
@r_devops

basic question about a backend + database setup for local development

Hello everyone,

I am not exactly great at architecturing and deploying software that has multiple modules, and therefore I have a quick/basic question about a project I am doing.

I am basically using Go Fiber as a backend and PostgreSQL as a database. For the sake of this project/exercise, I would like to try the following:

1) Use a monorepo

2) Have a docker compose that can run everything in one command.

Therefore, I thought of the following directory structure:

app/

├── backend/ # Go Fiber app

│ ├── main.go

│ ├── go.mod

│ └── ... (handlers, routes, etc.)

│

├── db/ # DB schema and seed scripts

│ ├── init.sql # Full init script (schema + seed)

│ └── migrations/ # Versioned SQL migrations

│ └── 001createtables.sql

│

├── docker/ # Docker-related setup

│ ├── backend.Dockerfile

│ └── db-init-check.sh # Entrypoint to initialize DB if empty

│

├── .env # Environment variables

├── docker-compose.yml

└── README.md


With this structure, I just have a few questions regarding running everything vs. local development:

1) If I am developing locally, do I just run everything manually or do I use the docker compose? I know that I will be using the docker compose to run and test everything, but what about actual development? Maybe I should just run everything manually?

2) The .env file holds PostgreSQL information for my Go server to access my database. Should it reside in the project root or in the /backend subdirectory? If it resides in the project root, it's easy to reference the .env file for the docker-compose. However, it's then more difficult to locally run, modify and test the Go server because that means that I will have to have the /app root folder open in my IDE instead of the /backend.

Thanks in advance for any help, this is indeed a bit confusing in the beginning!

https://redd.it/1lx227m
@r_devops

WIP DevOps-AI-Lab: Local GitOps playground with LLM-powered CI/CD automation and AI observability

Hi everyone,
I'm building a local lab to explore how LLMs can assist DevOps workflows. It’s called DevOps-AI-Lab, and it runs fully on a local Kubernetes cluster (Kind) with Jenkins, ArgoCD, and modular AI microservices.

The idea is to simulate modern CI/CD + GitOps setups where agents (via LangChain) help diagnose pipeline failures, validate Helm charts, generate Jenkinsfiles, and track reasoning via audit trails.

github.com/dorado-ai-devops/devops-ai-lab

# Key components:

`ai-log-analyzer`: log analysis for Jenkins/K8s with LLMs
ai-helm-linter: Helm chart validation (Chart.yaml, templates, values)
`ai-pipeline-gen`: Jenkinsfile generation from natural language specs
ai-gateway: Flask adapter that routes requests to AI microservices
`ai-ollama`: LLM server (e.g. LLaMA3, Phi-3) running locally
ai-mcp-server: FastAPI server to store MCP-style audit traces
`streamlit-dashboard`: WIP UI to visualize prompts, responses, and agent decisions

# Infra setup:

Kind + Helm + ArgoCD
Jenkins for CI
GitOps structure per service
LangChain agent + OpenAI fallback
Secrets managed via Kubernetes
SQLite used for trace persistence

Each service has its own Helm chart and Jenkins test pipeline (e.g. test a log input, validate Helm chart, etc.).

I’m looking for feedback, ideas, or references on:

LLM agent reliability in DevOps
AI observability best practices
Self-hosted LangChain use in ops

Happy to chat if someone else is exploring similar ideas!

https://redd.it/1lx2lc9
@r_devops

what could I improve about my resume to land a devops job?

Hey everyone,


I'm working on transitioning into a DevOps Engineer role and would really appreciate it if any of you could take a look at my resume. I'd love to hear your feedback—both critiques and suggestions—as well as your honest take on how likely you think I am to land a position in DevOps based on my current experience.

Just to note: I only put this resume together over the past few days and started applying with it yesterday, so I don’t have a sense yet of how it’s performing.

Thanks in advance :)

https://redd.it/1lx82ax
@r_devops

I've finally met my match... time to move on to a new job. (RANT)

Senior Developers that:

* Will not change..even when they agree that what you've shown them is a better way.
* Beaten attitudes.. "I'm here to fix bugs and adjust to regulatory changes... not fix this crappy code and make my job easier"
* Defer thinking to 'authorities'. I'm in a meeting now where a developer thinks that .NET Aspire is equivalent to Terraform, I keep trying to explain the difference and he'll say "yeah but it's the Microsoft way to deploy .NET applications in the cloud".. conveniently ignoring everything not .NET \*and\* that engineering has already decided TF is our goto IaC tool.

Director (my direct report) who:

* Actively moves me back to IC coding duties on legacy apps even though I'm the only engineer with IT/Cybersec/Devops experience (BS in Cybersecurity, CSSLP.. could be using those skills better)
* Ignores root problems when presented, "we don't have budget for that"... but we somehow have budget to waste on 30 engineering jobs that wouldn't exist if tech debt was cleaned up and software actually designed properly.
* Avoids inclusion of IT/Cybersec when discussing work they need to be involved in. He seems to be hoping engineering can push past IT/Cybersec which is maybe possible because we have no risk management and policy is not enforced in any case (not sure how they manage SOC audits).

VP (skip)

* Comes to me for advice on these and related subjects every few weeks, agrees with my assessment and ignores advice.
* Is a pushover... mostly due to very little technical knowledge, he's an accountant... and knows it.

I've come to the conclusion that these systemic problems are driven by our parent company. They in turn are owned by a huge capital firm (many many billions in assets). The parent is taking all profit and using that to convince the ownership that "everything is just fine.. see all this money coming in" while the technical debt and beaten down employees just shuffle along oblivious.

A couple of weeks ago I felt myself starting to give up, that was it for me. I'm not going to let my generally optimistic outlook be burned by this place.

I've got a new job in the pipeline (4th round on Monday). I've spent months researching the company and I know many current employees. As best I can tell (outside looking in always fuzzy) it'll be a much much better place, in any case it's time for change.

I know that a lot of people in this industry and related burn out, see posts about that pretty often. Try to recognize the signs early and start looking for a new job as soon as you can. Even better, don't stop looking for new opportunities at all, keep your resume up to date and put it out there. You never know what may happen.

https://redd.it/1lxak0g
@r_devops

Built an open-source tool with a weird trick to SSH through any firewall (legally)

**WS-Terminal: Remote Terminal Access That Actually Works Through Corporate Firewalls**

**TL;DR:** Built a WebSocket-based remote terminal that bypasses all the usual networking headaches. No port forwarding, works through NAT/firewalls, and you can even access it from a browser.

**The Problem We've All Faced:**

* SSH blocked by corporate firewalls
* Can't open inbound ports on your home server
* VPN setup is overkill for just terminal access
* Need to access servers behind multiple NAT layers

**My Solution: WS-Terminal**

Instead of fighting against firewalls, work WITH them. Everything uses outbound WebSocket connections that firewalls love.

**What makes it different:**

* **Zero inbound ports** \- everything connects outbound
* **Three connection methods** \- direct, reverse, or relay server
* **Browser compatible** \- access terminals from any device
* **Docker ready** \- one command deployment
* **Multi-channel** \- connect to multiple servers simultaneously

**Real-world use cases I've tested:**

* Access home lab from corporate network
* Emergency server access from mobile
* CI/CD pipeline debugging
* Helping friends troubleshoot their servers

**Security benefits:**

* No attack surface from open inbound ports
* All connections are outbound and encrypted (WSS)
* You control the relay server (self-hostable)
* Standard WebSocket security applies

**🔗 Links:**

* **GitHub:** [https://github.com/uditrajput03/ws-terminal](https://github.com/uditrajput03/ws-terminal)
* **Relay Server:** [https://github.com/uditrajput03/ws-relay](https://github.com/uditrajput03/ws-relay) (self-hostable)

**Why I built this:** Triggering point was to debug my CI/CD but there are many reasons like ISP not allow port forwarding also for quick and emergency access and i don't want to open ports in my main server, I feel safer while using a relay server or even quickly use reverse shell access method 2 in the repo this is the best thing i have found.

**Looking for:**

* Feedback from the community
* Ideas for additional features
* Contributors welcome!
* Give star to my repo if you like it

https://redd.it/1lxbv3u
@r_devops

new job. dealing with a lead who is creating a reactive culture and responding to his vision. he doesn't communicate what he does and instead expects us to know from when something breaks - and it is exhausting. how can i make the most of being here and not lose my mind?

i recently started a new gig and it was going along pretty well, until i realized that one of the highest leads keeps pushing changes into our prod pipeline without consulting us first to do the required changes.

i voiced my concerns, and it appears that the lead is resisting by accelerating even more changes into our system and telling others leads (including my own team) to also do the same.

as a result, because my team lead is following the highest lead, everyone in my team of 4 are all working in a silo.

our devops team has pretty much become a support on call. i barely have any time to develop tools because i am just spending time remoting into our machines and cleaning the drives.

Any measures/scripts I've built to prevent issues from happening again, it seems like they're quick to change something on an architectural level that either circumvents this or it requires me to throw away my implementation.

I introduced the concept of production/staging, setup pipelines so that they can first test their changes in staging before pushing to prod and they've essentially ignored that and just kept pushing to prod, breaking shit that could have been prevented if it had been tested in staging first.

every fucking morning i wake up to seeing dozens of emails/slack messages of "HELLO THIS BROKE" and I spend morning fixing shit and I can't even have time to write up a tickets. My work here is essentially measured by how fast i respond to people.

After voicing my concerns, I'm told that that's not how modern development is anymore and that it is about "moving fast and break things" (??) and that I should embrace change. It is so demoralizing because there's essentially no accountability on their end and it all falls on my team to fix fires. I'm seeing most people in my team are also demoralized and my team lead is now following the top lead instead of listening to our concerns.

I've realized that I cannot change anything there.

in my circumstance, i can't leave this job and I'm just trying to figure out what I can do to keep my sanity.

https://redd.it/1lxcvki
@r_devops

Has anyone tried both zap and burp enterprise?

What’s the difference between the two? I was on a call with a sales rep and they swore the two were very different. They couldn’t really explain the difference. It was strange.

https://redd.it/1lxfz1t
@r_devops

terraform 101 tutorial

hey there, im a devops engineer and working much with terraform.


i will cover many important topics regarding terraform in my blog:


https://medium.com/@devopsenqineer/terraform-101-tutorial-1d6f4a993ec8


or on my own blog: https://salad1n.dev/2025-07-11/terraform-101



https://redd.it/1lxgm0o
@r_devops

Shared a technical walkthrough on creating and deploying .dxt MCP extensions for Claude Desktop—minimal config, local runtime, cross-platform.

https://glama.ai/blog/2025-07-11-getting-started-with-mcp-desktop-extensions-dxt-in-claude-desktop

https://redd.it/1lxhtg9
@r_devops

getting into devops with this resume?

Hello!

I’m currently looking to land a DevOps engineering role and would really appreciate it if anyone could take a look at my resume.

I wrote this cv over the last few days and only started applying to devops positions since yesterday, so I still have no clue as to how it'll perform.

I'd appreciate any feedback! I obviously know it's extremely challenging to break in to the field but I'm extremely motivated and willing to continue working dilligently to achieve that goal.

Thanks in advance

https://redd.it/1lxfqhi
@r_devops

Where do you draw the line of how much developers can manage their own infrastructure?

For context, I'm a developer who's been tasked with helping our very tiny devops team rectify our code to infrastructure pipeline to make soc2 compliance happen. We don't currently have anyone accountable for defining or implementing policy so we're just trying to figure it out as we go. It's not going well and we keep going round-and-round on what "principal of least privilege" means and how IAM binding actually works.

We're in GCP, if that matters.

Today, as configured before I started at this company, a single GCP service account has god priviledges to deploy every project to every environment. Local terraform development happens via impersonation of this god service account. Gitlab impersonates the same SA to deploy to all environments. As you can imagine, we've had several production outages caused by developers doing something unintentionally with local terraform development against what they thought was a dev environment resource and ended up having global ramifications. We of course have CICD and code reviews - we just don't have a great way to create infrastructure. And the nature of what we're building ends up being infrastructure heavy as we're rolling our own PKI infrastructure for an IoT fleet.

The devops lead and I have sat at the negotiation table litigating the solution to this to death. I can't look to a policy maker to arbitrate so I'm looking for outside advice.

Do you air-gap environments so that no single service account can cross environment boundaries?

Do you allow developers to deploy to dev/sandbox/test environments? Do you have break-glass capability for prod in the event that terraform state gets wonked up from an intermittent API fault?

Can developers administer service accounts / iam permissions on dev environments? How about global resources like buckets?

How do you provision access for their project pipelines to do what they need to without risking the pipeline escalating its own privileges to break other infrastructure?

If Service A needs Resource Alpha running as Service Account Alphonso, how do you let the their pipeline create A, Alpha, and Alphonso without permitting read/mutation/deletion of service B, resource Beta, and account Brit? Is that even a real issue? What about Shared Resource Gamma? Or do you take away rights to deploy any infrastructure and only allow pipelines to revision deployed code?

Are these just squishy details and ideas that don't really matter so long as there's a point person who's accountable for policy?

https://redd.it/1lxl2m3
@r_devops

Best free courses for learning devops.

Which are the best free courses to learn devops as a student?

https://redd.it/1lxp5r4
@r_devops

My solution to collecting bug reports (no more duplicates, lackluster reports or user-error)

I've been drowning in bug reports lately. Players submit super vague reports through Discord and it turns into this endless back-and-forth just to get basic info. "The game is broken" → "What's broken?" → "It doesn't work" → you get the idea. It was becoming really time-consuming.

I looked into Sentry and Highlight io but they're great for crashes and API errors, not so much for the weird UI bugs or behavioral stuff that only humans notice.

So I had this idea - what if I made a bug report form that uses AI to actually be useful? It checks my GitHub issues for duplicates, asks follow-up questions when details are missing, and filters out the "this is user error" reports.

I also made it customizable so you can add your own prompts to "teach" it about your specific app and what kinds of reports to reject.

If anyone else is dealing with this kind of chaos, I put it up at bugspot.dev. It's free for small projects and the code's on GitHub if you want to self-host. Only thing you need to do is to look at the env example and get API keys for OpenRouter, GitHub and configure some Svelte variables :-)

https://redd.it/1lxm7n9
@r_devops

Programming languages in devops

I am a cybersecurity student who has been learning cloud and DevOps for the past 3–4 months.

As a cybersecurity major I haven’t focused heavily on coding, I have an intermediate-level understanding of Python and am comfortable with advanced scripting(bash and powershell). I also know that I need to learn Infrastructure as Code (IaC), YAML, and JSON.

So will this be enough for devops and cloud in programming aspect or I need to learn any other programming language.

https://redd.it/1lxsubv
@r_devops