DevOps Manager - WPP Open China
Location - Wuxi
Business Value
• Deployment Process
• Secret Management Risks
• AWS Infrastructure Security & Governance
• Environment & Configuration Management
• Infrastructure Performance, Scaling & Optimization
Key Responsibilities
• Own and enforce zero-downtime deployment strategies across all production workloads.
• Design and enforce custom Helm rollback and deployment patterns with automated validation.
• Review and refactor existing Terraform modules to reduce excessive granularity and simplify dependency chains.
• Implement strict CI/CD governance in GitLab and GitHub Actions including mandatory PR approvals, automated security checks (Snyk/SonarQube), and enforced policy gates.
• Migrate secret management away to AWS Secrets Manager or similar.
• Standardize environment drift detection across pre-prod and production via Terraform Cloud and automated config audits.
• Define and maintain infrastructure runbooks, operational SOPs, and DR playbooks.
• Mentor junior engineers, define DevOps KPIs, and participate in postmortems.
Requirements
• Minimum of 3 years of experience in a DevOps, SRE, or Infrastructure Engineering role.
• Solid understanding of Terraform and experience maintaining reusable module libraries.
• Hands-on experience managing workloads on Kubernetes (preferably EKS).
• Working knowledge of CI/CD tools such as GitHub Actions and Helm.
• Familiarity with AWS Cloud services, including networking, RDS/Aurora (PostgresSQL), and container security.
• Competence in observability tooling, especially Datadog dashboards and alert configurations.
• Strong operational mindset with attention to detail in release processes and deployment integrity.
Desirable Experience
• Exposure to GitOps tooling such as ArgoCD or FluxCD.
• Experience developing or integrating Kubernetes operators.
• Familiarity with service-level indicators (SLIs), service-level objectives (SLOs), and structured alerting.
Tools and Expectations
• Terraform / HCP Terraform - Core to infrastructure provisioning. Required to build, refactor, and maintain reusable infrastructure modules across environments, enforce naming/tagging standards, and leverage state management for drift detection and rollback.
• GitHub / GitLab / GitHub Actions - Central to CI/CD workflows. Expected to enforce secure release procedures, set up integration with code quality tools, and prevent direct changes to critical branches.
• Helm - Used for Kubernetes application packaging and deployment. Must implement pre/post deployment logic, rollback plans, and chart lifecycle automation.
• EKS / Kubernetes - Platform for hosting applications. The engineer must manage node pools, service networking, security contexts, and namespace segmentation.
• AWS Services (Amazon RDS/Aurora, VPC, IAM) - Backend for infrastructure workloads. Expected to configure VPC isolation, IAM boundaries, and implement private access wherever possible connecting to PostgresSQL on RDS/Aurora
• Secrets Manager / Kubernetes Secrets / CSI Driver - Secret handling is critical. Migrate legacy init-container pattern to scoped access through Secrets Manager sync or CSI injection.
• Datadog - Observability backbone. Responsible for building actionable metrics, tracking SLOs, and managing alert noise to reduce operational fatigue.
• Cloudflare - Interface layer. Use Terraform to define DNS entries, WAF rules, and validate exposure configuration per environment.
• Snyk / SonarQube / Wiz - Code and container security enforcement. Ensure pipeline integration catches vulnerabilities and provides immediate feedback to development.
About WPP
WPP is the global leader in marketing and communications services and one of the world’s largest creative transformation companies. It comprises leading companies in advertising, media investment management, PR and public affairs, branding and identity, healthcare communications, digital, ecommerce and shopper marketing, and specialist communications. WPP works with 317 of the Fortune Global 500, all 30 of the Dow Jones 30, 62 of the NASDAQ 100, and 61 of the FTSE 100. Headquartered in London, it employs over 100,000 people. The business is listed on the London and New York Stock Exchanges.
Why we’re hiring:
WPP Open, our advanced AI-powered marketing platform, is at the heart of WPP's transformation, redefining how global brands create, plan, and measure campaigns through a seamless operating system. This role offers a pivotal opportunity to immerse yourself in the cutting-edge convergence of cloud-native engineering, AI, and advertising innovation, specifically adapting and scaling this transformative technology for China's unique market.
This role is strategically located in Wuxi, our newly established, state-of-the-art AI innovation hub. Here, you'll join a pioneering team dedicated to engineering intelligent, scalable solutions that empower global brands with unprecedented impact. This isn't just a job; it's an exceptional opportunity to contribute to something truly transformative and directly shape the future trajectory of marketing itself.
Learn more about WPP Open: WPP Open | WPP
运维经理 - WPP Open China
工作地点:无锡
类型:全职
业务价值
• 部署流程
• 密钥管理
• AWS基础设施安全与治理
• 环境与配置管理
• 基础设施性能、扩展与优化
主要职责
• 负责并强制执行所有生产环境负载的zero-downtime部署策略
• 设计并实施自定义Helm回滚和部署模式,包含自动化验证
• 审查并重构现有Terraform模块,减少过度细粒度化并简化依赖链
• 在GitLab和GitHub Actions中实施严格的CI/CD治理,包括强制PR审批、自动化安全检查(Snyk/SonarQube)和强制执行策略门控
• 将密钥管理迁移至AWS Secrets Manager或类似工具
• 通过Terraform Cloud和自动化配置审计,标准化预生产和生产环境中的漂移检测
• 定义并维护基础设施操作手册、SOP和DR预案
• 指导初级工程师,定义DevOps KPI,并参与事故复盘
任职要求
• 至少3年DevOps、SRE或Infrastructure相关经验
• 扎实的Terraform知识,并有维护可重用模块库的经验
• Kubernetes(优先EKS)工作负载管理的实际操作经验
• 熟悉CI/CD工具,如GitHub Actions和Helm
• 了解AWS云服务,包括网络、RDS/Aurora(PostgreSQL)和容器安全
• 熟练使用可观测性工具,尤其是Datadog仪表盘和警报配置
• 具备强烈的运维意识,注重发布流程和部署完整性的细节
优先考虑经验
• 接触过GitOps工具(如ArgoCD或FluxCD)
• 有开发或集成Kubernetes Operator的经验
• 熟悉服务级别指标(SLIs)、服务级别目标(SLOs)和结构化警报
工具与期望
• Terraform/HCP Terraform:基础设施配置核心。需构建、重构和维护跨环境可重用基础设施模块,强制执行命名/标记标准,并利用状态管理进行drift detection和回滚。
• GitHub/GitLab/GitHub Actions:CI/CD工作流核心。需确保安全的发布流程,设置与代码质量工具的集成,并防止直接修改关键分支。
• Helm:用于Kubernetes应用打包和部署。需实现部署前后逻辑、回滚计划和图表生命周期自动化。
• EKS/Kubernetes:应用托管平台。需管理节点池、服务网络、安全上下文和命名空间隔离。
• AWS服务(Amazon RDS/Aurora、VPC、IAM):基础设施负载后端。需配置VPC隔离、IAM边界,并尽可能实现私有访问,连接RDS/Aurora上的PostgreSQL。
• Secrets Manager/Kubernetes Secrets/CSI Driver:密钥处理关键。需将传统init-container模式迁移至通过Secrets Manager同步或CSI注入的范围访问。
• Datadog:监控支柱。需构建可操作的指标、跟踪SLOs,并管理警报噪音以减少运维疲劳。
• Cloudflare:接口层。使用Terraform定义DNS条目、WAF规则,并按环境验证暴露配置。
• Snyk/SonarQube/Wiz:代码和容器安全执行。确保流水线集成能捕获漏洞并向开发提供即时反馈。
关于WPP
WPP是全球营销和传播服务领域的领导者,也是全球最大的创意转型公司之一。它旗下汇集了广告、媒体投资管理、公关和公共事务、品牌与形象、医疗保健传播、数字、电子商务和消费者营销以及专业传播等领域的领先公司。WPP与全球财富500强中的317家企业、道琼斯30指数中的全部30家企业、纳斯达克100指数中的62家企业以及富时100指数中的61家企业都有合作。公司总部位于伦敦,拥有超过10万名员工。其业务在伦敦证券交易所和纽约证券交易所上市。
招聘背景
WPP Open,我们先进的AI驱动营销平台,正处于WPP转型的核心,通过一个无缝的操作系统,重新定义全球品牌如何创建、规划和衡量营销活动。这个职位提供了一个关键的机会,让您深入体验云原生工程、人工智能和广告创新的前沿融合,特别是为中国独特的市场调整和扩展这项变革性技术。
此职位战略性地位于无锡,这里是我们新成立的、先进的AI创新中心。在这里,您将加入一个开创性的团队,致力于设计智能、可扩展的解决方案,以史无前例的影响力赋能全球品牌。这不仅仅是一份工作;这是一个为真正具有变革意义的事业做出贡献,并直接塑造营销未来发展轨迹的绝佳机会。
了解更多关于WPP Open的信息:WPP Open | WPP