I'm probably late to the party, but in case the jury is still out I have a very simple and effective pattern for this:
* implement your job behind an HTTP endpoint so that you can trigger it by posting (with a secret key of course) to a URL in your app.
* set up a cron job to hit that URL through the load balancer. This ensures you only run on one node at a time and that you're resilient against nodes failing.
* It's all inside your app so you don't need to manage a separate set of config/db passwords.
* Easy to test because you can trigger the job yourself manually.
* Easy to disable