GAL AeroStaff Ltd. is a Canadian aerospace company specializing in delivering high-quality technical and operational services to the aviation industry. Our expertise includes aircraft interior, structural, manufacturing, and maintenance solutions for OEMs, MROs, and operators across North America.

We offer carefully designed programs and benefits, including time-off, insurance, and other plans, to support our teams and meet evolving operational and regulatory requirements.

Project Purpose:
Full-Stack Cloud Engineer – AppX, for the purpose of development, security, and operations across all cloud applications, databases, and infrastructure in the IT AppX organization.

Ensure the continuous availability, performance, security, and scalability of 100+ AppX cloud-hosted applications by proactively managing cloud infrastructure, developing robust automation and monitoring, performing routine maintenance, and implementing improvements aligned with business and technical requirements (including but not limited to instance types, right-sizing, storage volume types, backup options, etc.).

This includes managing existing applications, performing new application migrations from on-prem to cloud, migrating between hosting environments and tools, and onboarding accounts/applications obtained through M&A.

ONSITE

24/7 phone support (on a rotational basis)

Contract length: 6–12 months (extendable)

CTQ Business Requirements

Identify all critical-to-quality (“CTQ”) business requirements:

Infrastructure Management

• Provision and manage cloud services, including the following for AWS:

  • EC2 for compute workloads

  • ECS/EKS for container orchestration

  • Lambda/SNS/SQS/EventBridge for serverless workloads

  • S3/EFS/EBS for object and file storage

  • DataSync, Storage Gateway, and other services for data synchronization

  • RDS/Aurora/DocumentDB/DynamoDB for relational databases

  • CloudFront/Route 53 for content delivery and DNS

  • ELB/VPC configurations for high availability and fault tolerance

• Manage all cloud infrastructure changes through OpenTofu/Terraform.

• Define and implement necessary architectural changes, reviewing with leadership.

• Manage and optimize infrastructure spend by applying FinOps best practices.

• Forecast and seek approval for growth needed to meet business requirements.

• Work closely with development teams to implement infrastructure solutions and cloud-native services that meet their needs and minimize operational overhead.

• Attend Wabtec cloud, security, and shared service meetings to stay aware of best practices, new strategic initiatives, and required changes for all applications.

• Support infrastructure deployments on-prem, multi-region, and multi-cloud (AWS, Azure, OCI, etc.) to enable future application growth and resiliency.

• Define, implement, and manage one-time or recurring data transfers and synchronizations across platforms as needed.

Maintenance & Upkeep

• Apply regular OS, application, and database updates to keep systems up to date.

• Rotate EC2 AMIs and credentials (keys, passwords) per Wabtec security policy.

• Perform scheduled backups, monitor job statuses, and ensure recovery testing.

• Optimize performance through proactive right-sizing, scaling, and system upgrades.

Security & Compliance

• Adhere to Customer’s ITIL, PMO, and change control processes.

• Ensure all configuration items are accurately detailed and maintained in CMDB.

• Present all projects and architectural changes to domain, organization, and enterprise Demand reviews.

• Obtain approval for all changes through domain, organization, and enterprise CAB reviews.

• Enforce IAM best practices including least privilege, MFA, and role-based access.

• Use Wiz, Tenable, and other security tools for continuous compliance and threat detection.

• Encrypt data at rest and in transit using KMS and TLS.

• Conduct regular security reviews and participate in internal audits, including quarterly and yearly SOX reviews for financial applications.

• Define, implement, and maintain disaster recovery plan and execute at least twice annually. Focus on reducing manual work through automation.

• Integrate infrastructure and application components with Customer core services (as deemed necessary):

  • Identity – Active Directory, Okta, Sailpoint, CyberArk, etc.

  • Network – DNS, Imperva, SSL certs, FW rules, etc.

CI/CD & Automation

• Define, implement, and maintain:

  • CI/CD pipelines to build/test/upload/deploy code with GitLab Runner

  • Integration with code quality and security tools, including SAST and DAST

  • Docker images for CI/CD pipelines

  • Chef cookbooks/roles for configuration management and automation of all EC2 instances

• Serve as Owner/Maintainer for multiple GitLab organizations and oversee all version control, issue tracking, and deployment workflows.

• Automate routine tasks with GitLab Runner pipelines and other tools.

Monitoring & Reporting

• Define, implement, and maintain:

  • Monitoring KPIs using Amazon CloudWatch, Datadog, Grafana (LGTM), etc.

  • Dashboards for system metrics and alerts to reduce downtime

  • Regular executive reports on uptime, performance, and incidents

• Recommend proactive improvements based on usage patterns and analytics.

• Maintain thorough documentation and detailed SOPs for all deliverables.

• Assist with training and onboarding of developers and additional support resources.

• Provide 24x7 on-call support for all infrastructure, database, CI/CD, automation, and application-related issues.

• Perform RCA and problem resolution for all incidents.