Postúlate en Kit Empleo: kitempleo.com.co/empleo/1ben1t

**Location**: Fully Remote (Global)
- **Compensation**: $50k to $72k USD Yearly
- **Position Type**: Full-Time Contract

Role Overview

Core Responsibilities1. Infrastructure Management & High Availability
- **MTA Optimization**: Maintain and configure core MTAs (**Postfix**, **Postal**) and IMAP/POP3 servers (**Dovecot**), ensuring graceful reloads over restarts to prevent dropping active connections.
- **Traffic Routing & Load Balancing**: Utilize **HAProxy** and network routing protocols (like BGP via **FRRouting**) to distribute outbound traffic and architect high-volume failover mechanisms.
- **Redundancy & Failover**: Administer backend infrastructure databases (**PostgreSQL** replica setups) and maintain dedicated "Block" backup/archive servers to instantly take over the workload of a failed primary "Cube" server.
- **Architectural Segregation**: Maintain strict workload isolation across our infrastructure network—separating standard nodes for mail stacks, specialized injection nodes (Postal), and separate archiving/backup systems to prevent high-volume senders from degrading performance.

2. Deliverability Engine & Authentication Protocol Architecture
- **Protocol Enforcement**: Act as the absolute technical authority on DNS and authentication setups, maintaining flawless configurations for **SPF** (navigating the 10-lookup limit), **DKIM** (key rotation and forwarding protection), **DMARC** (safely driving policies toward p=reject), and **BIMI**.
- **Traffic Throttling**: Implement automated, MTA-level dynamic throttling to handle 4xx deferrals instantly, preventing a single high-volume sender from triggering global rate limits across our shared IP pools.
- **Warm-up Strategy**: Design and guide automated IP/Domain Warm-up Plans for new infrastructure, managing incremental volume scaling over 2-4 week cycles.





3. Edge Security, Anti-Abuse & Incident Response
- **Outbound Spam Filtering**: Configure and optimize **Rspamd** to actively scan, flag, and quarantine highly spammy content before it exits our network.
- **Edge Defense**: Deploy automated connection-dropping systems (**Fail2Ban**, custom SMTP blocker scripts) to mitigate authenticated attacks, brute-force attempts, and malicious traffic.
- **Blast Radius Mitigation**: Program and maintain a dynamic IP pooling engine ("The Penalty Box") to instantly isolate accounts displaying poor metrics (bounces, FBL spikes) away from prime Tier-1 IP pools.

4. Observability & Monitoring
- **Log Shipping Architecture**: Build and manage high-performance log aggregation pipelines using **Vector** to ship system and MTA data into a centralized repository for real-time auditing and incident response.
- **Network Auditing**: Utilize **IPAudit** and custom tools to continuously scan for bandwidth anomalies, connection spikes, or compromised user credentials.
- **Dashboard Management**: Actively monitor ISP infrastructure portals daily (**Google Postmaster Tools**, **Microsoft SNDS**, **Yahoo Sender Hub**) along with third-party tracking tools (**GlockApps**, **Validity/ReturnPath**, **MXToolbox**, **DMARCian**).

**Requirements**:
Must-Have Technical Stack & Skills:

- **Systems Engineering Background**: 5+ years of experience as a Linux Systems Administrator, DevOps,



or Infrastructure Engineer with deep networking knowledge (TCP/IP, routing, ports, DNS management).
- **MTA Mastery**: Expert-level proficiency configuring, debugging, and optimizing enterprise mail tools such as **Postfix**, **Dovecot**, or **Postal**.
- **Observability Pipelines**: Proven experience building or maintaining log pipelines using **Vector** or similar high-scale telemetry frameworks.
- **Infrastructure Automation**: Experience implementing network routing layer tools (**HAProxy**, **FRRouting**) and relational databases (**PostgreSQL** replication).
- **Certificate Management**: Strong familiarity with automated SSL/TLS certificate rotation and multi-node compliance monitoring to ensure broken TLS never causes silent drops.

Deliverability & Operational Standards:

- Deep comprehension of the difference between _Delivery_ (server handoff) and _Deliverability_ (inbox placement).
- Expert parsing of aggregate **DMARC reports** using platforms like DMARCian, Valimail, or Postmark.
- Strict commitment to Acceptable Use Policies (AUP): zero tolerance for purchased/scraped lists and a firm grasp on Feedback Loop (FBL) automated triage.

Key Performance Indicators (KPIs)
Your success in this role will be directly measured by your ability to keep our infrastructure metrics pristine:

- **General Infrastructure Spam Complaint Rate**: Maintained strictly under **0.1%**.
- **Global Hard Bounce Rate**: Kept consistently below **2.0%**.
- **Infrastructure Uptime**: 99.99% availability across all outbound MTAs and mail relays.
- **Incident Isolation Time**: Transitioning high-risk or abusive senders to the "Penalty Box" or circuit-breaking campaigns within minutes of a threshold breach.

**Benef

Postúlate en Kit Empleo: kitempleo.com.co/empleo/1ben1t

📌 Senior Systems Engineer - Email Deliverability & Infrastructure (Bogotá)
🏢 Mission Inbox
📍 Bogotá