Cloud Native Engineer – Mid/Senior – Bare Metal, Security

This is a fully remote position, open to applicants in Italy.

📋 Description

• Design and manage bare metal infrastructures in on-premise, edge, and hybrid environments: provisioning, networking, storage, and lifecycle of physical nodes

• Build and maintain secure-by-design Kubernetes platforms on bare metal: supply chain, policy enforcement, identity, and zero trust

• Serve as the technical reference for enterprise clients on hardening, compliance, and platform security in regulated environments

• Lead project activities, mentor on infrastructure and security topics, and coordinate cross-functional technical teams

⛳️ Requirements

• Experience in provisioning and lifecycle management of physical servers: IPMI/BMC, PXE boot, MAAS, Tinkerbell, or equivalent tools

• Kubernetes on bare metal: kubeadm, k3s, Talos Linux, RKE2; advanced networking management (Cilium, Calico) and storage (Rook/Ceph, Longhorn)

• Design of edge and hybrid environments: site-to-site connectivity, workload synchronization, remote node management with limited resources

• OS and firmware hardening: BIOS/UEFI management, Secure Boot, TPM, CIS Benchmarks, immutable images (Flatcar, Talos)

• Infrastructure observability: Prometheus, Grafana, Loki, Alertmanager; hardware monitoring (IPMI exporter, node exporter)

• Knowledge of industrial and edge environments: K3s, MicroShift, fleet management with Fleet or Rancher

• Advanced secrets management: HashiCorp Vault, External Secrets Operator, integration with HSM or cloud KMS

• Supply chain security: SBOM (Syft, Grype), artifact signing with Sigstore/Cosign, Notation; container image integrity verification

• Policy & Compliance as Code: OPA/Gatekeeper, Kyverno; compliance management in regulated environments (ISO 27001, NIS2, SOC2)

• Identity & Zero Trust: internal PKI management, cert-manager, SPIFFE/SPIRE, mTLS, integration with vault (HashiCorp Vault, Sealed Secrets)

• Runtime security and threat detection: Falco, eBPF (Tetragon), audit logging, incident response on the platform

• Experience with hybrid infrastructures: integration of bare metal with AWS, Azure, GCP environments; multi-site networking and private connectivity

• Infrastructure as Code: Terraform, Ansible, GitOps (ArgoCD, Flux); automation of bare metal provisioning with cloud-init, Kickstart, or Ignition

• Advanced Kubernetes administration on bare metal (CKA + CKS required); experience with multi-tenant clusters and workload isolation

• Familiarity with Red Hat OpenShift on bare metal and/or VMware Tanzu – preferred

• Experience as a technical manager in enterprise infrastructure, Platform Engineering, or Cybersecurity contexts

• Knowledge of ITIL, PRINCE2, AgilePM methodologies

• Technical leadership and ability to coordinate cross-functional teams

🏝️ Benefits

• Continuous training: 1 day per month dedicated to learning through dedicated platforms

• Recharging Friday (1 paid Friday per quarter)

• Friendly voice

• Electronic meal vouchers

• Company welfare

• Work in a young, dynamic, and technologically innovative corporate environment