Senior Platform Engineer

Build the future of FinTech at VIALET

VIALET is a Lithuanian EMI building a specialized financial platform for target industries – ranked among the country’s top EMIs by client funds, turnover, and revenue, and scaling into new markets.

Why VIALET?

• Impact: Own the efficiency, security, and scalability of the platform our engineering teams build on.

• Growth: Join a fast-scaling FinTech at the point where the core platform is being defined.

• Ownership: Take real ownership – from architecture and ADRs to operations and developer experience.

• Expertise: Work with a small, high-bar team setting the standard for platform engineering here.

Why now

Engineering is mid-pivot: from a cloud of functions (Lambda + API Gateway, some ECS) to an in-house platform on Kubernetes. Serverless got us to market fast; it won’t carry mission-critical 24/7 systems. The new platform is greenfield, built in parallel to the legacy estate – nothing breaks on launch, services migrate when ready. It’s young but seriously planned: account strategy, networking, orchestration, IAM, and repo strategy were argued out in ADRs before any code. The hard calls are written down. Large surfaces are still open.

How we work

• Platform as a product, not a project. Shaped by the engineers who use it. Never “done.”

• Paved paths with explicit escape hatches. Security, observability, and quality come by default – best practice is the path of least resistance.

• No human gatekeepers. Deterministic automation is the gate. Self-service within guardrails.

• Decisions are written and argued. ADR culture is real here, not ceremonial.

The role

Senior Platform Engineer on the Foundations team. Hands-on, with genuine architectural say – not a ticket queue.

You’d own and evolve real surfaces: the @platform/* components, CI/CD, network and security policy, the observability stack, cost governance, and developer experience itself.

First stretch: get the first real services onto the platform – standing up observability, closing developer-experience and training gaps, and building the CI templates that make deployment configuration rather than engineering. This is the Pilot → Automate → GA arc of our build.

The contract

The platform is not a hand-off model – both sides have skin in the game.

• We own: a ready AWS account (networking, DNS, IAM, EKS) with TLS, secrets, mTLS, and a security baseline by default; non-breaking cluster upgrades with runbooks; self-service onboarding; being the escalation path for infra incidents, not the first line.

• Developers own: resource requests/limits, probes, graceful shutdown, their service-specific infra as code, and first response to their own incidents.

• Off-path is allowed: a team can step off the paved road, but takes on the operational and security burden explicitly.

The team – lite by design

A deliberately small group (2–3) accountable for the platform side of that contract. It works because platform is a capability team – we scale by enabling product teams to run their own services, not by absorbing their work. No on-call today, and it isn’t being smuggled in. The platform is built so it isn’t the thing that pages you at 3am: managed data (Aurora), observability kept off our own infra where possible. Small team, high bar, real pace – that’s the appeal, and the tension is named in the platform vision, not hidden.

What you’ll bring

• 4+ years of strong Platform / DevOps / SRE experience with a track record of owning infrastructure.

• Strong, hands-on Kubernetes in production (AWS EKS preferred).

• Solid cloud networking (VPCs, security groups, routing, load balancers).

• Infrastructure as Code, and a genuine platform-as-a-product mindset.

• Security-first instincts in a regulated environment.

• Bonus: FinTech, PCI-DSS, ISO 27001, eBPF/Cilium, Istio, Pulumi.

Tech stack

Everything is TypeScript – infrastructure included.

Layer What we use

IaC Pulumi (replaces CDK)

Cloud AWS multi-account org, SCP guardrails, CloudTrail + GuardDuty

Identity IAM Identity Center SSO, GitHub OIDC hub-and-spoke, EKS Pod Identity

Network Transit Gateway hub-and-spoke, four-tier VPCs, Cilium (eBPF) + Hubble

Compute Amazon EKS, Karpenter autoscaling, self-hosted Actions runners on-cluster

Mesh Istio ambient + cert-manager, AWS Load Balancer Controller, NLB ingress

Data Aurora PostgreSQL, MongoDB Atlas

Delivery ArgoCD GitOps + ECR + GitHub Actions

Secrets / TLS External Secrets Operator ← AWS Secrets Manager, cert-manager

What’s not built yet – the senior surface area

• Observability – the big one. Largely greenfield; a placeholder today. The intent: an OpenTelemetry pipeline to a SaaS backend, RED/USE dashboards, distributed tracing. Could be your first major ADR and build.

• Policy-as-code (Kyverno), cross-region DR runbook, cost governance, and the Cilium audit → enforce rollout.

• Legacy retrofit of the CDK/Lambda/ECS estate – patterns built per service as we go.

Straight talk

Regulated environment (Bank of Lithuania, Visa/MC, PSD2, AML) – constraints are design inputs, not walls to route around. The legacy estate still runs; migration is a longer process. Running EKS means real ownership – cluster upgrades, the network/security layer, the paved road – scoped deliberately not to be a pager treadmill.

What we offer

• Competitive compensation: 6000-8000 euros gross, based on your experience and knowledge, with room for negotiation for an exceptional candidate.

• Health insurance: Comprehensive health coverage after 3 months.

• Work-life balance: Flexible work arrangements, including hybrid and remote options (after the probation period), and a relaxed approach to work hours.

• Professional development: Up to 1000 euros annual reimbursement for work-related training and courses, with potential for more based on individual needs.

• Inspiring workspace: Modern office on the top floor of Vilnius’ highest office building, offering stunning city views. A convenient parking space is available.

• Wellness benefits: Gym membership to support your physical well-being.

• Vibrant company culture: Regular company events, including monthly city-wide gatherings, bi-annual company-wide adventures, and team-based activities.

• Collaborative environment: A flat hierarchy where you can freely communicate with anyone and make decisions quickly.

• Ambitious culture: Join a team of driven professionals committed to building a leading FinTech platform.

Building the platform that powers the future of finance sounds like your kind of problem? Apply now.