Lead SRE & Edge Architect

Good day greetings from Datum Technologies, Role Summary We are seeking a high-caliber Lead SRE & Edge Architect to serve as the Sole Custodian of our Integrated Intelligence Ops Ecosystem. This role is critical for bridging the gap between physical hardware security and high-velocity, cloud-native application delivery within a Google Distributed Cloud (GDC) Connected environment. You will lead the orchestration of hybrid workloads (VMs and Containers) and pioneer a Zero-Trust security posture at the edge. This is a "Full-Stack Infrastructure" role, where your responsibility begins at the physical intrusion sensor on the rack and extends to the AIOps-driven self-healing of application workloads. Section 1: Scope of Work (SOW) • Ecosystem Custodianship: Design, deploy, and maintain the bridge between physical hardware security and GDC-native application delivery. • Hybrid Orchestration: Lead the deployment of VM Runtime on GDC and Symcloud Storage, enabling the co-existence of legacy VM workloads and modern microservices. • Zero-Trust Engineering: Establish and maintain a "Zero-Trust" architecture using MASQUE/TLS tunnels, per-machine certificates, and hardware-level encryption. • Full-Lifecycle Ownership: Responsible for the entire stack: from monitoring Physical Intrusion Sensors in the rack to implementing AIOps for workload self-healing. • Connectivity Management: Ensure seamless and secure GDC-to-GCP communication while maintaining 99.99% uptime for disconnected/local-first operations. Section 2: Mandatory Technical Experience I. Cloud-Native & DevOps Orchestration • Orchestration: Expert-level mastery of Kubernetes (K8s) and Docker for large-scale distributed systems. • Infrastructure as Code (IaC): Advanced automation using Terraform (GCP/GDC resources) and Ansible (Bare Metal OS configuration). • CI/CD & Packaging: Engineering complex Helm Charts and managing pipelines via GitHub Actions, GitLab CI, and Jenkins. • Networking: Implementing NGINX Load Balancer as a Service and integrating with the Distributed Cloud Edge Network API. II. Observability & Intelligence Ops • The "Gold Standard" Stack: Hands-on implementation of Prometheus (metrics), Grafana (visualization), and Open Telemetry (OTEL) for distributed tracing. • AIOps & Self-Healing: Proven ability to build closed-loop remediation using Vertex AI to analyze OTEL traces and trigger automated Google Cloud CLI/API scripts. III. Storage & Virtualization • Storage Architecture: Designing software-defined storage using Symcloud Storage and local persistent volumes. • VM Runtime: Deep experience orchestrating legacy VMs alongside containers within a single GDC control plane. Section 3: Mandatory Security & Hardware Integrity • Hardware Defense: Knowledge of Physical Intrusion Sensors, Port Lockdown strategies, and Platform Certificates. • Root of Trust: Managing Trusted Platform Module (TPM) integrations and LUKS for data-at-rest protection. • Encryption: Implementation of Self-Encrypting Disks (SED) and Cloud KMS for Customer Managed Encryption Keys (CMEK). • Secure Tunnels: Engineering MASQUE tunnels or TLS-wrapped connections using per-machine certificates. Section 4: Compliance & Operational Governance • IAM Governance: Expert knowledge of Distributed Cloud Edge Container API roles and least-privilege access enforcement. • Resiliency: Implementation of Availability Best Practices (Region/Zone/Rack awareness) for disconnected state reliability. • Strategic Liaison: Act as the primary technical point of contact for Google-certified System Integrators (SI) to ensure hardware meets GDC specifications. Preferred Qualifications • Google Cloud Professional Cloud Architect or Professional Data Engineer certification. • Experience in highly regulated sectors (Defense, Telco, Banking, or Healthcare). • Strong background in Linux Kernel tuning and Bare Metal performance optimization.