Refer the Document A banking database DBA is not just a performance engineer — they are the last line of defence between farmer financial data and a potential breach.Role OverviewThe Senior Database Administrator (DBA) is responsible for the health, performance, security, availability, and continuity of all database infrastructure supporting the eKCC application. This role is a mission-critical function and carries both technical and governance accountability.1.1        Core Purpose•      Ensure the database is always available, performant, and secure for all operational users across six states•      Protect farmer financial data including Aadhaar-linked KCC records in compliance with RBI and NABARD guidelines•      Proactively prevent incidents through monitoring, maintenance, and capacity planning•      Respond to incidents with defined RTO and RPO targets•      Provide management with clear, timely visibility into database health1.2 Reporting StructureReports ToCTO / Head of InfrastructureFunctional AlignmentApplication Delivery and OperationsEscalation PathCTO → CEO for P1 incidents beyond 1 hourCollaborationApplication Team, Security Team, ITSM, Audit2. Core Responsibilities 2.1 Database Administration — Day-to-Day•      Monitor database health every business day before 09:00 IST and publish morning dashboard•      Review pg_stat_activity, pg_stat_statements, and pg_locks for anomalies each morning•      Manage connections via PgBouncer — ensure pool health and alert thresholds are set•      Ensure autovacuum is running correctly and dead tuple ratios remain below 10%•      Review and action slow query alerts within the same business day•      Ensure all cron-based maintenance jobs (VACUUM, ANALYZE, log rotation) run successfully•      Review disk usage trends daily — escalate if projected to cross 70% within 30 days 2.2 Performance Management•      Maintain cache hit ratio above 99% at all times — alert at 97%, escalate at 95%•      Tune postgresql.conf parameters (shared_buffers, work_mem, effective_cache_size, checkpoint parameters) to match current workload and hardware•      Conduct weekly review of top 10 slow queries from pg_stat_statements•      Create and maintain indexes — including partial, composite, and concurrent builds — to eliminate sequential scans on tables exceeding 10,000 rows•      Monitor and manage table bloat — initiate manual VACUUM FULL during maintenance windows when bloat exceeds threshold•      Conduct monthly performance baseline review and present trend report to management•      Coordinate with application team on query design, connection management, and ORM configuration2.3 High Availability and Disaster Recovery•      Maintain streaming replication to a geographically separate DR standby at all times•      Monitor replication lag — alert immediately if lag exceeds 60 seconds•      Ensure automatic failover is configured via Patroni or equivalent — manual failover is not acceptable for production•      Conduct quarterly DR failover drill and submit written drill report to management within 48 hours•      Maintain a documented DR runbook with step-by-step recovery procedures•      Define, document, and validate RTO and RPO targets in consultation with management•      Ensure DR site access controls are independent of primary site2.4 Backup and Recovery•      Execute and verify daily full or incremental backups using pg_basebackup or equivalent•      Maintain WAL archiving — alert immediately on any archiving failure; do not allow archiving to be stopped without escalation•      Test backup restoration every month — not just backup creation but actual restoration to a test environment•      Maintain backup retention schedule: daily 30 days, weekly 3 months, monthly 1 year — as per RBI/NABARD data retention policy•      Ensure all backups are encrypted before transfer to DR location•      Document and update PITR recovery procedures with actual timing benchmarks•      Submit monthly backup and recovery drill report to management2.5 Security and Compliance•      Enable and maintain pgaudit for comprehensive audit logging of all DDL, DCL, and privileged activity•      Ensure no application connects to PostgreSQL as the postgres superuser•      Configure pg_hba.conf to allow connections only from known, approved IP addresses•      Enforce SSL/TLS for all database connections — reject unencrypted connections•      Implement and maintain Role-Based Access Control (RBAC) — principle of least privilege•      Implement Row Level Security (RLS) where state-level data segregation is required•      Ensure data masking is applied to all non-production copies of farmer data•      Maintain audit trail for minimum 5 years as per RBI compliance requirements•      Coordinate VAPT (Vulnerability Assessment and Penetration Testing) annually — remediate all critical findings within 30 days•      Apply PostgreSQL security patches within defined SLA — critical patches within 7 days•      Maintain compliance with RBI IT Framework, RBI Cyber Security Framework 2016, CERT-In Directions 2022, and IT Act 20002.6 Monitoring and Alerting•      Deploy and maintain monitoring stack: Grafana + Prometheus or similar tools + pg_exporter from day one of go-live•      Configure real-time alerts for all critical database metrics with defined thresholds:      Cache hit ratio — alert at < 97%      Dead tuple ratio — alert at > 10%      Replication lag — alert at > 60 seconds      Connection count — alert at > 75% of max_connections      Disk usage — alert at > 70%      WAL archiving — alert immediately on failure      Long-running queries — alert at > 5 minutes      Deadlock detection — alert on every occurrence      Failed login attempts — alert on 3+ consecutive failures•      Review alerts and Grafana dashboards daily — not just when incidents occur•      Configure pgBadger for weekly log analysis and slow query reporting•      Establish and maintain baseline behaviour profiles — alert on deviations2.7 Maintenance and Change Management•      Plan all maintenance activities during approved maintenance windows — no production changes during business hours without explicit written approval•      Every production change must include: change description, rollback plan, verification steps, and change approver•      Apply minor version upgrades within 30 days of release — test in staging first•      Plan major version upgrades with a minimum 60-day preparation cycle including: staging validation, application team sign-off, zero-downtime strategy, and rollback plan•      Maintain a change log — all changes documented before and after execution•      Manage ITSM requests related to database with defined SLA adherence2.8 Capacity Planning•      Prepare and maintain a capacity planning document updated every quarter•      Track data volume growth rate monthly — project 6-month and 12-month storage requirements•      Track user growth and concurrent connection trends — project peak load scenarios•      Recommend infrastructure procurement with minimum 3-month lead time before projected capacity breach•      Present capacity plan to management every quarter with clear go/no-go recommendations.