Key skills
CloudGoogle Cloud PlatformGrafanaKubernetesPrometheusTerraformGoogle CloudGKEIAMGitLabGitOpsCI/CDTrivy
About this role
Role Overview
- Design, implement, and maintain robust infrastructure solutions while ensuring the highest standards of integrity, confidentiality, and system availability.
- Focus on empowering engineering teams by exposing security tools through self-service interfaces and automating complex compliance workflows.
- Central role in optimising continuous integration and delivery across a diverse service landscape.
- Analyse program requirements to design secure, scalable architectures that address complex integration and compliance needs.
- Develop and configure CI/CD pipelines featuring built-in security scanning, compliance checks, and automated validation.
- Implement secure configurations, access controls, and encryption for repositories, systems, and deployment workflows.
- Automate infrastructure provisioning and management using tools such as Terraform or OpenTofu.
- Design user-friendly self-service interfaces and APIs to allow developers to access security tools seamlessly.
- Drive automation efforts for the generation and validation of Software Bill of Materials (SBOMs) and KBOMs during build processes.
- Conduct continuous vulnerability management, risk assessments, and threat modelling to identify and mitigate potential weaknesses.
- Maintain system availability through disaster recovery planning, incident response, and routine audits of system logs and user access.
- Create comprehensive documentation, including step-by-step guides, architecture diagrams, and FAQs for internal and external stakeholders.
- Collaborate with cross-functional teams to resolve issues, implement new features, and ensure systems run optimally under data protection requirements.
Requirements
- Proven experience implementing end-to-end DevSecOps practices and embedding security controls into platform layers.
- Extensive hands-on experience designing, operating, and troubleshooting large-scale Kubernetes platforms, including deep knowledge of CNI, RBAC, and admission controllers.
- Strong proficiency with GitOps workflows using Argo CD or FluxCD in production environments.
- Direct experience with Infrastructure-as-Code (IaC) using Terraform or OpenTofu.
- Hands-on expertise with Google Cloud Platform, specifically GKE operations, IAM workload identity, and VPC networking.
- Operational experience with artifact registries such as Harbor and security tooling like Trivy, Dependency-Track, or DefectDojo.
- Solid understanding of software supply chain security, including artifact signing, provenance, and SBOM standards like CycloneDX.
- Advanced experience building observability stacks centered around Prometheus and Grafana, including custom security-focused dashboards.
- Strong background in operating and scaling GitLab architectures for large CI workloads.
- Deep understanding of encryption mechanisms, asymmetric cryptography, and PKI.
Tech Stack
- Cloud
- Google Cloud Platform
- Grafana
- Kubernetes
- Prometheus
- Terraform
Benefits
- Flexible working hours
- Freedom to choose your own projects
- Access to exciting projects in various industries
- Support for advancing your career
- Competitive pay
- Dedicated team assistance