CBL Solutions
Cloud Engineer
β - Featured Role | Apply direct with Data Freelance Hub
This role is for a Senior Kubernetes Engineer, offering a remote contract in the United States. The position requires expertise in Kubernetes, security compliance in healthcare, and skills in YAML, GitOps, and Infrastructure as Code. Contract length and pay rate are unspecified.
π - Country
United States
π± - Currency
$ USD
-
π° - Day rate
Unknown
-
ποΈ - Date
November 19, 2025
π - Duration
Unknown
-
ποΈ - Location
Remote
-
π - Contract
Unknown
-
π - Security
Unknown
-
π - Location detailed
Irving, TX
-
π§ - Skills detailed
#REST (Representational State Transfer) #Observability #YAML (YAML Ain't Markup Language) #AutoScaling #Compliance #Bash #Cloud #GIT #VPN (Virtual Private Network) #Debugging #"ETL (Extract #Transform #Load)" #Storage #Forecasting #API (Application Programming Interface) #Deployment #Kubernetes #Presto #Infrastructure as Code (IaC) #Scripting #Logging #Security #Python
Role description
Role :- Senior Kubernetes Engineer
Location :- Remote (United States)
Job Description :-
Job Summary:
Weβre hiring a Kubernetes Engineer to design, secure, and operate enterprise-grade, multi-cloud Kubernetes across major providers. Youβll enable a compliant, multi-tenant platform with βsecure-by-defaultβ controls, integrate cluster operations into Git-based delivery, and support a growing internal developer portal/software catalog and a unified repo for platform assets. The ideal candidate combines deep Kubernetes expertise with strong security, reliability, and audit readiness suitable for healthcare environments.
Key Responsibilities:
Design & Operations
β’ Architect, deploy, upgrade, and scale managed clusters across major clouds with HA control planes and cluster/workload autoscaling.
β’ Operate private clusters: restrict control-plane exposure, enforce private API access, use NAT-only egress, and implement approved private connectivity patterns.
β’ Engineer multiple node groups for workload separation and efficiency, heterogeneous instance families, GPU/CPU pools, spot vs on-demand, taints/tolerations, topology spread, and security-focused pools.
β’ Define golden patterns for services/ingress, storage classes, private networking/egress, and cloud load-balancing options.
Configuration & Delivery
β’ Maintain declarative manifests and templates, structure environment overlays and reusable modules.
β’ Enable progressive delivery via Git-based workflows with automated policy checks and promotion gates.
Security & Compliance
β’ Enforce least-privilege RBAC, namespace isolation, Pod Security standards, and admission policies for image provenance, non-root, and blocked capabilities.
β’ Implement service-to-service encryption with workload identity, certificate issuance/rotation, and policy-based authorization.
β’ Apply deny-by-default network policies, strong secrets hygiene with KMS-backed encryption and rotation, and signed/scan-gated images with SBOM attestations.
β’ Ensure audit-ready logging across control and data planes, route to central logging with detections for risky actions and configuration drift.
Observability & Resilience
β’ Integrate metrics, logs, traces, and events, define SLOs/error budgets, scale via reliable signals (including custom/external metrics).
β’ Build self-healing runbooks, conduct chaos/resiliency drills, and implement backup/restore for cluster state and application data.
Governance & Cloud Hygiene
β’ Apply org guardrails, allowed-regions, tagging/labeling standards, and automated conformance with remediation.
β’ Document RTO/RPO tiers, test restores and failovers, maintain audit evidence and change traceability.
Required Skills & Qualifications
β’ Kubernetes Expertise: Operating managed clusters on major clouds, scheduler and node lifecycle, cluster and workload autoscaling.
β’ Private Cluster Operations: Private API endpoints, restricted API access, NAT egress, bastion workflows, and private connectivity (peering/VPN/dedicated circuits).
β’ Multiple Node Groups: Designing heterogeneous pools, taints/tolerations, topology spread, and right-sizing for cost and performance.
β’ mTLS & Service Identity: Implementing workload identity, certificate issuance/rotation, policy-based service authorization, and end-to-end encryption in transit.
β’ Manifests & Packaging: YAML proficiency, templating/overlays, Git-based release strategies, and GitOps practices.
β’ Security Depth: RBAC design, Pod Security standards, admission policy engines, network policies, secrets management, image signing and vulnerability scan gates.
β’ Networking: CNI fundamentals, L4/L7 traffic, ingress/egress, private endpoints, and cross-cloud load-balancing options.
β’ Multi-Tenancy: Namespace boundaries, quotas/limits, noisy-neighbor mitigation, and sensitive-workload isolation.
β’ Infrastructure as Code: Clusters and cloud resources as code with policy guardrails and drift detection and IaC tools.
β’ Observability & Troubleshooting: Metrics/logs/traces, HPA/VPA using trustworthy signals, deep debugging of runtime, DNS/CNI, scheduling, and control-plane issues.
β’ Compliance Mindset (Healthcare): Understanding HIPAA/HITRUST concepts, encryption at rest/in transit, least-privilege, audit evidence, and governed deployment pipelines.
β’ Nice to Have: Internal developer portals/service catalogs, progressive delivery, cost-aware right-sizing and capacity forecasting, DR design, and scripting in Bash/Python.
Role :- Senior Kubernetes Engineer
Location :- Remote (United States)
Job Description :-
Job Summary:
Weβre hiring a Kubernetes Engineer to design, secure, and operate enterprise-grade, multi-cloud Kubernetes across major providers. Youβll enable a compliant, multi-tenant platform with βsecure-by-defaultβ controls, integrate cluster operations into Git-based delivery, and support a growing internal developer portal/software catalog and a unified repo for platform assets. The ideal candidate combines deep Kubernetes expertise with strong security, reliability, and audit readiness suitable for healthcare environments.
Key Responsibilities:
Design & Operations
β’ Architect, deploy, upgrade, and scale managed clusters across major clouds with HA control planes and cluster/workload autoscaling.
β’ Operate private clusters: restrict control-plane exposure, enforce private API access, use NAT-only egress, and implement approved private connectivity patterns.
β’ Engineer multiple node groups for workload separation and efficiency, heterogeneous instance families, GPU/CPU pools, spot vs on-demand, taints/tolerations, topology spread, and security-focused pools.
β’ Define golden patterns for services/ingress, storage classes, private networking/egress, and cloud load-balancing options.
Configuration & Delivery
β’ Maintain declarative manifests and templates, structure environment overlays and reusable modules.
β’ Enable progressive delivery via Git-based workflows with automated policy checks and promotion gates.
Security & Compliance
β’ Enforce least-privilege RBAC, namespace isolation, Pod Security standards, and admission policies for image provenance, non-root, and blocked capabilities.
β’ Implement service-to-service encryption with workload identity, certificate issuance/rotation, and policy-based authorization.
β’ Apply deny-by-default network policies, strong secrets hygiene with KMS-backed encryption and rotation, and signed/scan-gated images with SBOM attestations.
β’ Ensure audit-ready logging across control and data planes, route to central logging with detections for risky actions and configuration drift.
Observability & Resilience
β’ Integrate metrics, logs, traces, and events, define SLOs/error budgets, scale via reliable signals (including custom/external metrics).
β’ Build self-healing runbooks, conduct chaos/resiliency drills, and implement backup/restore for cluster state and application data.
Governance & Cloud Hygiene
β’ Apply org guardrails, allowed-regions, tagging/labeling standards, and automated conformance with remediation.
β’ Document RTO/RPO tiers, test restores and failovers, maintain audit evidence and change traceability.
Required Skills & Qualifications
β’ Kubernetes Expertise: Operating managed clusters on major clouds, scheduler and node lifecycle, cluster and workload autoscaling.
β’ Private Cluster Operations: Private API endpoints, restricted API access, NAT egress, bastion workflows, and private connectivity (peering/VPN/dedicated circuits).
β’ Multiple Node Groups: Designing heterogeneous pools, taints/tolerations, topology spread, and right-sizing for cost and performance.
β’ mTLS & Service Identity: Implementing workload identity, certificate issuance/rotation, policy-based service authorization, and end-to-end encryption in transit.
β’ Manifests & Packaging: YAML proficiency, templating/overlays, Git-based release strategies, and GitOps practices.
β’ Security Depth: RBAC design, Pod Security standards, admission policy engines, network policies, secrets management, image signing and vulnerability scan gates.
β’ Networking: CNI fundamentals, L4/L7 traffic, ingress/egress, private endpoints, and cross-cloud load-balancing options.
β’ Multi-Tenancy: Namespace boundaries, quotas/limits, noisy-neighbor mitigation, and sensitive-workload isolation.
β’ Infrastructure as Code: Clusters and cloud resources as code with policy guardrails and drift detection and IaC tools.
β’ Observability & Troubleshooting: Metrics/logs/traces, HPA/VPA using trustworthy signals, deep debugging of runtime, DNS/CNI, scheduling, and control-plane issues.
β’ Compliance Mindset (Healthcare): Understanding HIPAA/HITRUST concepts, encryption at rest/in transit, least-privilege, audit evidence, and governed deployment pipelines.
β’ Nice to Have: Internal developer portals/service catalogs, progressive delivery, cost-aware right-sizing and capacity forecasting, DR design, and scripting in Bash/Python.
