Cloud Infrastructure Engineer – DevSecOps
NS8Full time security kubernetes yaml kubernetes-helm pulumi
About this job
Location options: Remote
Job type: Full-time
Experience level: Senior
Industry: E-Commerce, Fraud, SaaS
Company size: 201–500 people
Company type: VC Funded
security, kubernetes, yaml, kubernetes-helm, pulumi
DevSecOps Engineers at NS8 have a dual responsibility to uphold and create security standards across all of our environments as well as collaborate with other infrastructure teams to operate a production environment. The DevSecOps team’s responsibility is to “shift left” security, reliability, and availability matters early into the development process for the entire engineering org. Accordingly, the DevSecOps team has 3 focuses, Infrastructure, Security, and Test/QA.
We value quality work and an attitude to design and review carefully, thoughtfully, and proactively. We are looking for a DevSecOps Engineer who is passionate about high quality code and processes, automated testing, and continuous integration and monitoring and who will maintain high standards through code reviews and daily interactions.
- Implement DevSecOps systems with Infrastracture-as-Code that deploy and run in Kubernetes clusters and in Concourse CI/CD
- Write automated tests to verify that the infrastructure is up, working as configured, resilient, and highly available
- Code review with an eye for correctness, standards-compliance, security holes, availability holes, test holes, etc
- Write Policy-as-Code that ensure various systems are compliant, encrypted, and follow least privilege and zero trust models
- Operate and respond to on-call incidents in a production environment, then automating systems to make such incidents occur less frequently
Experience with specific technologies listed is not required, except Kubernetes. We may prefer candidates who know the specific technologies, but we are also open to input on some of these
- Experience building, operating, and maintaining production environments in Kubernetes and in the cloud more broadly. Experience with zero downtime upgrades.
- Infrastructure-as-Code experience. We use plenty of YAML, Helm, and some Terraform but are also looking at Pulumi and cdk8s.
- Experience writing production code in at least one language. Most of our engineering teams use TypeScript, with some sprinkles of Java, Python, Go, Shell, etc.
- Observability experience. We use Prometheus, Grafana, Fluentbit, Cloudwatch, Jaeger, Kiali, and likely more
- Experience writing CI/CD pipelines. We are migrating to Concourse from CircleCI and some AWS CodeBuild. Many of the tools the DevSecOps team implements and builds will run in CI/CD
- Automated testing experience. We prefer experience with static analysis, end-to-end testing, and infrastructure testing
These experiences are not required, but we will prefer candidates who have one or more of these in addition to the requirements above.
- Multi-cloud experience. We primarily use AWS right now, but are starting to use GCP and potentially more in the future. We try to be cloud agnostic, but take pragmatic approaches and consider trade-offs when using managed services.
- Multi-cluster experience. We run several clusters, some of which communicate with each other, currently in a hub-and-spoke model.
- Service Mesh experience. We use Istio.
- Experience promoting components in stages from development to pre-production to canary to production.
- Experience implementing and influencing a DevSecOps workflow for other teams
- Experience working in an Agile/Kanban environment with GitFlow style development on a Remote / distributed team.
- Experience with any of the DevSecOps Team’s other focuses: Security (linkme) and/or Test/QA (linkme)
These experiences are also not required, but we will prefer candidates who have one or more of these in addition to the requirements above.
- Experience running and securing untrusted, 3rd-party workloads.
- Experience designing or operating event-driven architecture, databases, and data pipelines, as well as working with data engineers. We use Kafka, Zeebe, Mongo, Postgres, MySQL, DynamoDB, ElasticSearch, etc