Engineer, Platform II

About The Position

Requirements

• High school diploma or GED equivalent required
• Bachelor’s degree in Computer Science or related field or equivalent years of experience required
• Equivalent years of experience are defined as one year of professional experience for each year of college requested
• 3+ years of experience in platform engineering, infrastructure, or DevOps roles required
• Proven experience architecting and administering Kubernetes clusters in on-premises environments
• Hands-on experience with hybrid-cloud architectures integrating on-prem Kubernetes with AWS services (EKS, S3, Secrets Manager, IAM Roles Anywhere)
• Hands-on experience provisioning and managing virtual machines on VMware vSphere or similar hypervisor platforms
• Experience with CI/CD pipeline design and deployment automation platforms (Octopus Deploy, Jenkins, GitLab CI/CD, or similar)
• Experience with immutable Kubernetes distributions (Talos Linux, Flatcar, Bottlerocket) or willingness to learn API-driven, immutable OS management
• Experience with VMware vSphere environments (VM provisioning, content libraries, resource pools, networking)
• Experience with eBPF-based networking (Cilium) including CNI configuration, L2/BGP load balancer announcements, WireGuard encryption, and kube-proxy replacement
• Experience with Linux systems administration and networking
• Experience implementing GitOps workflows with Flux CD or Argo CD, including multi-repo architectures and Kustomization dependency chains
• Deep experience with Helm chart management (creating, customizing, versioning) and Kustomize overlays, particularly within GitOps workflows where HelmReleases and Kustomizations coordinate component deployment ordering
• Experience with X.509 certificate lifecycle management (cert-manager), PKI concepts, and certificate-based authentication for cross-environment trust
• Deep knowledge of Kubernetes and container orchestration principles
• Proficiency in Infrastructure as Code (Terraform) and cross-platform automation scripting (Bash for Linux, PowerShell for CI/CD pipelines and deployment tooling)
• Knowledge of observability and monitoring solutions (OpenTelemetry Collector, Prometheus, Grafana) including cross-environment telemetry forwarding
• Strong understanding of security, compliance, and disaster recovery for containerized environments
• Adept at assessing organizational dynamics and managing change
• Works quickly and efficiently. Able to test solutions, learn, and iterate quickly
• Proactive and pragmatic problem solver
• Communicates effectively across multiple mediums

Nice To Haves

• Transportation, Logistics, and/or Tech industry experience a plus
• Certified Kubernetes Administrator (CKA) preferred
• Certified Kubernetes Application Developer (CKAD) preferred
• HashiCorp Certified Terraform Associate preferred
• AWS Certified Solutions Architect preferred

Responsibilities

• Define and implement the architecture for an on-premises Kubernetes environment, ensuring high availability, scalability, and security.
• Design and implement a hybrid cloud platform strategy where on-premises Kubernetes clusters operate with architectural parity to cloud-based EKS clusters, enabling workload portability and cross-environment disaster recovery.
• Establish standards and best practices for cluster configuration, networking (Cilium CNI, Istio service mesh), and storage integration (Rook-Ceph).
• Design and implement disaster recovery strategies including cross-datacenter Active-Passive failover, backup and restore with Velero, and cross-environment (on-prem to cloud) workload recovery procedures.
• Establish workload classification criteria (stateful vs. stateless) to guide placement decisions across on-prem and cloud environments.
• Install, configure, and maintain Kubernetes clusters on Talos Linux (immutable, API-driven OS) and supporting components (Cilium CNI, Istio ambient mesh, Flux CD, cert-manager).
• Manage RBAC, namespaces, resource quotas, and policies (Kyverno) for governance and security.
• Implement backup and restore strategies for clusters and workloads using Velero with S3 and on-prem storage targets.
• Manage VMware vSphere infrastructure including VM provisioning, content libraries, resource pools, and datacenter operations.
• Develop automation for cluster provisioning, scaling, and lifecycle management using Terraform, Helm, and Kustomize.
• Manage GitOps workflows using Flux CD including multi-repo architectures (bootstrap, cluster orchestration, platform components), Kustomization dependency chains, HelmRelease management, and branch-based environment promotion.
• Integrate Kubernetes with existing infrastructure services and monitoring solutions (OpenTelemetry Collector, Prometheus, Grafana).
• Manage CI/CD pipelines using GitHub Actions (CI) and Octopus Deploy (CD) including variable management, release lifecycle configuration, channel/lifecycle strategies, and multi-environment promotion workflows.
• Design and implement cross-environment workload deployment strategies enabling seamless movement of containerized applications between on-prem and cloud.
• Integrate on-premises Kubernetes workloads with AWS services using certificate-based authentication (IAM Roles Anywhere with cert-manager) and External Secrets Operator for secrets management.
• Manage cloud cost optimization, egress cost management, and workload placement economics to support data-driven decisions on on-prem vs. cloud deployment.
• Extend existing cloud observability tooling (Grafana) to on-premises environments using OpenTelemetry Collector for metrics, logs, and traces forwarding.
• Design CI/CD pipelines that enable development teams to deploy containerized applications to the hybrid platform with minimal friction.
• Build self-service capabilities for developer teams including automated deployment workflows, environment promotion, and rollback procedures.
• Ensure the developer experience is consistent regardless of whether workloads deploy to on-prem or cloud.
• Harden Kubernetes clusters and container workloads through image scanning, secrets management (External Secrets Operator + AWS Secrets Manager), network policies (Cilium), and Pod Security Standards.
• Manage X.509 certificate lifecycle (cert-manager) including PKI, certificate-based cross-environment trust, and Istio CSR integration.
• Ensure compliance with organizational and industry standards.
• Partner with development teams to enable smooth application deployment and troubleshooting.
• Work closely with the cloud platform team to ensure architectural parity and shared standards across on-prem and AWS environments.
• Mentor junior engineers on Kubernetes best practices and platform engineering principles.

Benefits

• Medical, Dental, and Vision
• Basic/Supplemental Life
• Accidental Death/Dismemberment
• Health Savings Accounts
• Flexible Savings Accounts
• Company Paid Holidays
• Paid Time Off
• 401k with Employer Matching Contribution
• Employee Stock Purchase Plan
• Paid Parental Leave
• Short Term Incentive Program
• Employee Assistance Program
• Pet Insurance