Senior Specialist - Cloud Engineering

Job Description

Senior Infrastructure Security Compliance Engineer ZeroTouch GPU Cloud GitOpsDriven Compliance Resilience

We are seeking a Senior Infrastructure Security Compliance Engineer with 10 years of experience in infrastructure and platform automation to drive the ZeroTouch Build Upgrade and Certification pipeline for our onprem GPU cloud environment This role is focused on integrating security scanning policy enforcement compliance validation and backup automation into a fully GitOpsmanaged GPU cloud stack spanning hardware OS Kubernetes platform layers

Key Responsibilities

Design and implement GitOpsnative workflows to automate security compliance and backup validation as part of the GPU cloud lifecycle

Integrate Trivy into CICD pipelines for container and system image vulnerability scanning

Automate kubebench execution and remediation workflows to enforce Kubernetes security benchmarks CISSTIG

Define and enforce policyascode using OPAGatekeeper to validate cluster and workload configurations

Deploy and manage Velero to automate backup and disaster recovery operations for Kubernetes workloads

Ensure that all compliance scanning and backup logic is declarative and auditable through Gitbacked repositories

Collaborate with infrastructure platform and security teams to define security baselines enforce drift detection and integrate automated guardrails

Drive remediation automation and postvalidation gates across build upgrade and certification pipelines

Monitor evolving security threats and ensure tooling is regularly updated to detect vulnerabilities misconfigurations and compliance drift

Required Skills Experience

10 years of handson experience in infrastructure platform automation and systems security

Primary key skills required are PythonGoBash scripting OPA Rego policy writing CI integration for Trivy kubebench GitOps

Strong knowledge and practical experience with

oTrivy for container filesystem and configuration scanning

okubebench for Kubernetes CIS benchmark compliance

oVelero for Kubernetesnative backup and disaster recovery

oOPAGatekeeper for policyascode and admission control

Deep understanding of GitOps workflows eg Argo CD Flux and how to integrate security tools declaratively

Proven experience automating security compliance and backup validation in CICD pipelines

Solid foundation in Kubernetes internals RBAC pod security and multitenant best practices

Familiarity with vulnerability management lifecycles and security risk remediation strategies

Experience with Linux systems administration OS hardening and secure bootstrapping

Proficiency in scripting languages such as Python Go or Bash for automation and tooling integration

Bonus

oExperience with SBOMs image signing or container supply chain security

oExposure to regulated environments eg PCIDSS HIPAA FedRAMP

oContributions to opensource securitycompliance projects

Skills

Mandatory Skills :