Job Description

Role Purpose

We’re looking for an engineer with strong hands-on experience in Red Hat OpenShift and Kubernetes to build, operate, and secure container platforms at scale. The role involves day‑2 operations, automation (GitOps/Ansible), platform upgrades, and troubleshooting complex production issues across networking, security, storage, and CI/CD. Experience with enterprise workloads on OpenShift (Operators, Routes, SCC, ImageStreams) is essential.
 

͏

Important:     OpenShift Administrator.  Who has experience with installation and configuration of below optional software.

Experience: 8 + Years

Platform Engineering & Operations

o   Install, upgrade, and operate OpenShift/Kubernetes clusters (on‑prem and/or cloud—AWS/Azure/GCP).

o   Manage cluster resources: Projects/Namespaces, Nodes, MachineSets, Operators/OLM, SCC, NetworkPolicies, Routes/Ingress, StorageClasses/PVCs.

o   Maintain cluster reliability: capacity planning, performance tuning, backup/DR, multi‑AZ/HA, patching.

Security & Compliance

o   Implement RBAC, Pod Security (PSA/PSS), NetworkPolicies (CNI), Secrets management (KMS/HashiCorp Vault), image signing/scanning (Quay/Trivy/ACS).

o   Enforce compliance guardrails via policies (e.g., Gatekeeper/OPA/Kyverno) and SCC best practices on OpenShift.

Automation & GitOps

o   Build declarative platforms using Argo CD or Flux, Helm/Kustomize, Ansible for Day‑2 ops.

o   Create reusable modules/playbooks for provisioning, patching, and app deployments.

 CI/CD & Build

o   Integrate with Jenkins/GitLab CI/GitHub Actions; manage BuildConfigs/ImageStreams, Tekton pipelines on OpenShift.

o   Optimize container build workflows (Docker/Buildah/Podman) and artifact management (Quay/Artifactory).

·       Observability & SRE

o   Set up Prometheus/Grafana, Alertmanager, Loki/EFK; tune SLO/SLIs and actionable alerts.

o   Troubleshoot with oc/kubectl, Events, Logs, Metrics, insights-operator, and node-level tools.

Networking & Service Delivery

o   Configure Ingress/Routes, L7 controllers, TLS termination, mTLS (service mesh/Istio/ASM optional).

o   Handle DNS, certificates, load balancers, firewall openings, and egress controls.

Collaboration & Support

o   Partner with app teams to containerize and operate workloads, perform production incident response and RCA.

o   Author runbooks, standards, and best practices; mentor engineers.

Optional (IBM Integration focus)

·       Operate CP4I components (App Connect, MQ, API Connect) via Operators on OpenShift.

·       Deploy/upgrade IBM MQ / ACE containers, manage persistent volumes, secrets (certs/keystores), and route exposure.

·       Integrate platform observability with Instana and enterprise SIEM; automate certificate rotation for MQ/ACE/DataPower.

͏

·       8+ years hands-on with Kubernetes/OpenShift (for Senior: 6–10+; Lead/Architect: 10+ including platform design).

·       Strong expertise with:

o   OpenShift: oc CLI, Operators/OLM, SCC, Projects, Routes, ImageStreams, BuildConfigs, MachineConfig, Cluster Operators, OAuth/IdP.

o   Kubernetes: Deployments, StatefulSets, DaemonSets, HPA/VPA, Jobs/CronJobs, ConfigMaps/Secrets, Admission Controllers.

o   Networking: CNI (OVN‑K, Calico, etc.), Ingress/Routes, L4/L7 load balancing, TLS, DNS, egress policies.

o   Storage: CSI drivers, dynamic provisioning, RWX/RWO, snapshots/backup (Velero).

o   Security: RBAC, PSP/PSA (or PSS), SCC (OpenShift), image scanning/signing, Vault/KMS, policy engines (OPA/Kyverno).

o   Automation: GitOps (Argo CD/Flux), Helm/Kustomize, Ansible, scripting (bash/Python).

o   CI/CD: Jenkins/GitLab/Tekton; containers with Docker/Buildah/Podman.

o   Observability: Prometheus, Grafana, EFK/Loki, Alertmanager; cluster health tuning.

·       OS & Platform: RHEL administration, systemd, SELinux, networking basics.

·       Proven experience in production incident 

͏

͏

Deliver