DevSecOps, Platform Engineer – Kubernetes, Terraform

This is a fully remote position, open to applicants in Portugal.

📋 Description

• Become part of a technically ambitious organization situated at the crossroads of infrastructure, security, and AI/ML workloads.

• Influence the reliability, security posture, and scalability of essential platform infrastructure.

• Engage within a high-trust engineering culture that emphasizes ownership and ongoing improvement.

• Function in a GitOps-first and security-first environment, where Infrastructure as Code is standard practice.

• Contribute to a well-established internal platform that supports advanced data and ML workloads operating on Kubernetes.

• Guarantee that the platform meets the high-security standards necessary for cross-functional engineering teams.

⛳️ Requirements

• Over 7 years of experience in DevOps or Platform Engineering.

• At least 2 years in a focused DevSecOps role.

• Extensive knowledge of Kubernetes, including AKS, upstream K8s, or enterprise distributions.

• Practical experience with on-premises Kubernetes platforms: RKE2, K3s, or OpenShift.

• Proficient in Infrastructure as Code (IaC): Terraform, Helm, Kustomize, YAML, and GitOps workflows.

• Ownership of CI/CD pipelines using Azure DevOps and/or GitHub Actions.

• Experience in deploying and managing GPU-accelerated workloads utilizing NVIDIA operators, GPU device plugins, and/or Run:AI.

• Familiarity with CIS-hardened Kubernetes environments.

• Knowledge of Zero Trust network architecture principles.

• Expertise in container security tools such as Trivy, Aqua, Prisma, or similar.

• Implementation experience with SAST/DAST/SCA toolchains.

• Configuration experience with RBAC, NetworkPolicies, and PodSecurityAdmission.

• Understanding of encryption both at rest and in transit, alongside certificate lifecycle management.

• Experience with secrets management using HashiCorp Vault and/or Azure Key Vault.

• Competence in Keycloak configuration and identity management.

• Proven experience with Prometheus and Grafana, including deployment, configuration, and dashboard management.

• Strong fundamentals in Linux and networking, including TLS, DNS, Ingress, OAuth/OIDC, VNet, Peering, and VPN/Jump Host configuration.

• Experience managing MinIO, MLflow, and PostgreSQL, particularly in HA configurations and backup strategies.

• Proficient scripting skills in Python and Bash (required).

🏝️ Benefits

• Comprehensive health and wellness programs.

• Opportunities for professional development and continuous learning.

• Flexible work arrangements to promote work-life balance.

• Collaborative and innovative work environment.