Senior Kubernetes Engineer
Job Summary:
We're hiring a Kubernetes Engineer to design, secure, and operate enterprise-grade, multi-cloud Kubernetes across major providers. You'll enable a compliant, multi-tenant platform with "secure-by-default" controls, integrate cluster operations into Git-based delivery, and support a growing internal developer portal/software catalog and a unified repo for platform assets. The ideal candidate combines deep Kubernetes expertise with strong security, reliability, and audit readiness suitable for healthcare environments.
Key Responsibilities:
Design & Operations
β’ Architect, deploy, upgrade, and scale managed clusters across major clouds with HA control planes and cluster/workload autoscaling.
β’ Operate private clusters: restrict control-plane exposure, enforce private API access, use NAT-only egress, and implement approved private connectivity patterns.
β’ Engineer multiple node groups for workload separation and efficiency, heterogeneous instance families, GPU/CPU pools, spot vs on-demand, taints/tolerations, topology spread, and security-focused pools.
β’ Define golden patterns for services/ingress, storage classes, private networking/egress, and cloud load-balancing options.
Configuration & Delivery
β’ Maintain declarative manifests and templates, structure environment overlays and reusable modules.
β’ Enable progressive delivery via Git-based workflows with automated policy checks and promotion gates.
Security & Compliance
β’ Enforce least-privilege RBAC, namespace isolation, Pod Security standards, and admission policies for image provenance, non-root, and blocked capabilities.
β’ Implement service-to-service encryption with workload identity, certificate issuance/rotation, and policy-based authorization.
β’ Apply deny-by-default network policies, strong secrets hygiene with KMS-backed encryption and rotation, and signed/scan-gated images with SBOM attestations.
β’ Ensure audit-ready logging across control and data planes, route to central logging with detections for risky actions and configuration drift.
Observability & Resilience
β’ Integrate metrics, logs, traces, and events, define SLOs/error budgets, scale via reliable signals (including custom/external metrics).
β’ Build self-healing runbooks, conduct chaos/resiliency drills, and implement backup/restore for cluster state and application data.
Governance & Cloud Hygiene
β’ Apply org guardrails, allowed-regions, tagging/labeling standards, and automated conformance with remediation.
β’ Document RTO/RPO tiers, test restores and failovers, maintain audit evidence and change traceability.
Required Skills & Qualifications
β’ Kubernetes Expertise: Operating managed clusters on major clouds, scheduler and node lifecycle, cluster and workload autoscaling.
β’ Private Cluster Operations: Private API endpoints, restricted API access, NAT egress, bastion workflows, and private connectivity (peering/VPN/dedicated circuits).
β’ Multiple Node Groups: Designing heterogeneous pools, taints/tolerations, topology spread, and right-sizing for cost and performance.
β’ mTLS & Service Identity: Implementing workload identity, certificate issuance/rotation, policy-based service authorization, and end-to-end encryption in transit.
β’ Manifests & Packaging: YAML proficiency, templating/overlays, Git-based release strategies, and GitOps practices.
β’ Security Depth: RBAC design, Pod Security standards, admission policy engines, network policies, secrets management, image signing and vulnerability scan gates.
β’ Networking: CNI fundamentals, L4/L7 traffic, ingress/egress, private endpoints, and cross-cloud load-balancing options.
β’ Multi-Tenancy: Namespace boundaries, quotas/limits, noisy-neighbor mitigation, and sensitive-workload isolation.
β’ Infrastructure as Code: Clusters and cloud resources as code with policy guardrails and drift detection and IaC tools.
β’ Observability & Troubleshooting: Metrics/logs/traces, HPA/VPA using trustworthy signals, deep debugging of runtime, DNS/CNI, scheduling, and control-plane issues.
β’ Compliance Mindset (Healthcare): Understanding HIPAA/HITRUST concepts, encryption at rest/in transit, least-privilege, audit evidence, and governed deployment pipelines.
β’ Nice to Have: Internal developer portals/service catalogs, progressive delivery, cost-aware right-sizing and capacity forecasting, DR design, and scripting in Bash/Python.
Apply tot his job
Apply To this Job
We're hiring a Kubernetes Engineer to design, secure, and operate enterprise-grade, multi-cloud Kubernetes across major providers. You'll enable a compliant, multi-tenant platform with "secure-by-default" controls, integrate cluster operations into Git-based delivery, and support a growing internal developer portal/software catalog and a unified repo for platform assets. The ideal candidate combines deep Kubernetes expertise with strong security, reliability, and audit readiness suitable for healthcare environments.
Key Responsibilities:
Design & Operations
β’ Architect, deploy, upgrade, and scale managed clusters across major clouds with HA control planes and cluster/workload autoscaling.
β’ Operate private clusters: restrict control-plane exposure, enforce private API access, use NAT-only egress, and implement approved private connectivity patterns.
β’ Engineer multiple node groups for workload separation and efficiency, heterogeneous instance families, GPU/CPU pools, spot vs on-demand, taints/tolerations, topology spread, and security-focused pools.
β’ Define golden patterns for services/ingress, storage classes, private networking/egress, and cloud load-balancing options.
Configuration & Delivery
β’ Maintain declarative manifests and templates, structure environment overlays and reusable modules.
β’ Enable progressive delivery via Git-based workflows with automated policy checks and promotion gates.
Security & Compliance
β’ Enforce least-privilege RBAC, namespace isolation, Pod Security standards, and admission policies for image provenance, non-root, and blocked capabilities.
β’ Implement service-to-service encryption with workload identity, certificate issuance/rotation, and policy-based authorization.
β’ Apply deny-by-default network policies, strong secrets hygiene with KMS-backed encryption and rotation, and signed/scan-gated images with SBOM attestations.
β’ Ensure audit-ready logging across control and data planes, route to central logging with detections for risky actions and configuration drift.
Observability & Resilience
β’ Integrate metrics, logs, traces, and events, define SLOs/error budgets, scale via reliable signals (including custom/external metrics).
β’ Build self-healing runbooks, conduct chaos/resiliency drills, and implement backup/restore for cluster state and application data.
Governance & Cloud Hygiene
β’ Apply org guardrails, allowed-regions, tagging/labeling standards, and automated conformance with remediation.
β’ Document RTO/RPO tiers, test restores and failovers, maintain audit evidence and change traceability.
Required Skills & Qualifications
β’ Kubernetes Expertise: Operating managed clusters on major clouds, scheduler and node lifecycle, cluster and workload autoscaling.
β’ Private Cluster Operations: Private API endpoints, restricted API access, NAT egress, bastion workflows, and private connectivity (peering/VPN/dedicated circuits).
β’ Multiple Node Groups: Designing heterogeneous pools, taints/tolerations, topology spread, and right-sizing for cost and performance.
β’ mTLS & Service Identity: Implementing workload identity, certificate issuance/rotation, policy-based service authorization, and end-to-end encryption in transit.
β’ Manifests & Packaging: YAML proficiency, templating/overlays, Git-based release strategies, and GitOps practices.
β’ Security Depth: RBAC design, Pod Security standards, admission policy engines, network policies, secrets management, image signing and vulnerability scan gates.
β’ Networking: CNI fundamentals, L4/L7 traffic, ingress/egress, private endpoints, and cross-cloud load-balancing options.
β’ Multi-Tenancy: Namespace boundaries, quotas/limits, noisy-neighbor mitigation, and sensitive-workload isolation.
β’ Infrastructure as Code: Clusters and cloud resources as code with policy guardrails and drift detection and IaC tools.
β’ Observability & Troubleshooting: Metrics/logs/traces, HPA/VPA using trustworthy signals, deep debugging of runtime, DNS/CNI, scheduling, and control-plane issues.
β’ Compliance Mindset (Healthcare): Understanding HIPAA/HITRUST concepts, encryption at rest/in transit, least-privilege, audit evidence, and governed deployment pipelines.
β’ Nice to Have: Internal developer portals/service catalogs, progressive delivery, cost-aware right-sizing and capacity forecasting, DR design, and scripting in Bash/Python.
Apply tot his job
Apply To this Job