Software Engineer 1

Job Descriptions:
Multi-Tenant Kubernetes Cluster Design and Implementation
Design, deploy, and manage highly available multi-tenant Kubernetes clusters in on-premises environments, ensuring isolation between tenants using namespaces, network policies, and resource quotas.
Architect solutions to allow different teams and business units to share Kubernetes resources while maintaining strict security controls and minimizing performance impacts.
Implement Role-Based Access Control (RBAC) policies to ensure appropriate permissions for different teams, while maintaining compliance with security requirements.
Design and configure network segmentation for tenants to ensure secure and isolated communication, leveraging Kubernetes NetworkPolicies or external solutions such as Cilium or Calico.
Create and enforce resource limits to ensure that tenants cannot consume more than their allocated share of compute, storage, or networking resources.
Security and Compliance
Implement robust security measures for multi-tenant environments, including securing container images, conducting vulnerability scans, and managing security policies across clusters.
Lead efforts in Kubernetes vulnerability management, working with tools like Chainguard to secure the software supply chain, ensuring only validated, secure images are deployed.
Establish and enforce Pod Security Policies or use alternatives like Kyverno or OPA Gatekeeper to define security constraints on tenant workloads.
Ensure that all tenants are compliant with organizational security policies and industry regulations, implementing necessary audit logging and monitoring tools for compliance tracking.
Conduct regular vulnerability assessments and remediate risks in containerized applications and infrastructure, staying ahead of emerging threats.
CNCF and Open-Source Engagement:
Contribute to or participate in CNCF projects, adopting open-source tools and solutions that enhance Kubernetes operations and security.
Stay up to date with the latest trends and innovations within the CNCF ecosystem to bring innovative solutions to the infrastructure.
Compliance and Best Practices:
Ensure Kubernetes environments and containerized applications comply with security policies, industry standards, and regulatory requirements.
Define and enforce best practices for secure container image management, infrastructure hardening, and continuous vulnerability management.

Required Qualifications:
Extensive hands-on experience with Kubernetes (cloud-native and on-premise) at scale.
Expertise in multi-tenancy models for shared Kubernetes clusters, managing resource isolation, security, and tenant policies.
Strong knowledge of Core Kubernetes concepts with focus on Kubernetes security, networking, and scaling patterns.
Proven track record with container image security, vulnerability scanning, and vulnerability remediation tools (e.g., Chainguard).
Strong knowledge of supply chain security principles in the context of containerized environments.
Strong hands-on experience with CNCF tool stack (certmanager, kyverno, fluxcd, argocd, envoy etc ..and their deployment to K8s environments is desired.
Active contributions or active participation in the CNCF open-source community is a plus.
Experience identifying and fixing vulnerabilities in software by patching base images, updating dependencies, and hardening configurations is a plus
Strong hands om experience with one of the modern programming languages such as Golang/Python(GoLang preferred).
In-depth understanding ofcand automation within containerized infrastructure.

Preferred Qualifications:
Contributions to CNCF or open-source Kubernetes tools is a plus.
Expertise in cloud-native practices and tools such as OPA, Kyverno, CertManager, Prometheus Operator etc.
CKA (Certified Kubernetes Administrator)/CKS (Certified Kubernetes Security Specialist)/CKAD (Certified Kubernetes Application Developer) certifications are a plus.