Service Mesh Engineer (Istio / Linkerd)

About The Position

Requirements

• Bachelor’s degree in Computer Science or a related field.
• Five or more years of experience in platform engineering, SRE, or networking roles.
• Hands-on experience operating Istio or Linkerd in production.
• Strong understanding of Envoy proxy internals and configuration.
• Deep Kubernetes expertise including networking, CNI, and ingress.
• Strong understanding of mTLS, PKI, and certificate lifecycle management.
• Experience with distributed tracing and observability for mesh traffic.
• Proficiency in Go or Python for tooling and automation.
• Strong troubleshooting skills across networking, application, and control plane layers.
• Excellent communication and collaboration skills.

Nice To Haves

• Experience with multi-cluster Istio or Linkerd deployments.
• Familiarity with Cilium service mesh and eBPF networking.
• Open-source contributions to service mesh projects.
• Experience with SPIFFE/SPIRE for workload identity.
• Exposure to zero-trust networking initiatives at enterprise scale.

Responsibilities

• Design and operate service mesh platforms — primarily Istio and Linkerd — across multi-cluster Kubernetes environments.
• Implement and operate mTLS, certificate rotation, and identity propagation across the mesh.
• Define traffic management policies including routing, retries, circuit breaking, and fault injection.
• Integrate the mesh with ingress, egress, and API gateway tiers for unified traffic management.
• Build observability for mesh traffic including distributed tracing, golden signals, and topology visualization.
• Design multi-cluster and cross-cluster mesh topologies for high availability and tenant isolation.
• Profile and optimize mesh performance, sidecar resource usage, and control-plane footprint, applying systematic measurement, targeted improvements, and data-driven validation to deliver quantifiable gains in throughput, latency, or resource efficiency.
• Develop paved-road adoption patterns and onboarding guides that make mesh adoption easy for app teams.
• Implement authorization policies and zero-trust patterns at the service mesh layer.
• Operate service mesh upgrades, control-plane lifecycle management, and configuration governance, applying disciplined release practices that keep the mesh current without disrupting workloads running on top of it.
• Partner with SRE, platform, and security teams on mesh policy and incident response.
• Troubleshoot complex networking, mTLS, and traffic issues spanning sidecar and gateway tiers.
• Maintain runbooks, architecture diagrams, and onboarding materials for the service mesh platform.
• Stay current with Istio, Linkerd, Cilium, and broader service mesh ecosystem developments.

Benefits

• Competitive base salary commensurate with experience, plus benefits.