DevOps Engineer
Indexed description
Our Values
- Be Fearless: Unmute yourself. Test boundaries and get proven right.
- Remain Adaptable: Stay comfortable in a continuously changing world. If you’re wrong, concede and move on.
- Educate Your Ego: Selflessly collaborate towards our shared purpose.
Your first big project is leading our GitHub-to-GitLab migration, working with stakeholders across the company to make sure the new platform fits how teams actually work. Once that lands, you'll shift into the ongoing platform work below.
We currently do not offer sponsorship or relocation for this role.
What You'll Do
- Initial Focus: GitHub-to-GitLab Migration (1–3 Months)
- Migrate repos, history, branches, tags, LFS, releases, packages, issues, PRs/MRs, and CI config from GitHub to GitLab using GitLab Importer, git filter-repo, and custom tooling where needed.
- Translate GitHub Actions into GitLab CI/CD: reusable workflows into CI components/templates, matrix strategies, environments, OIDC, and self-hosted runner equivalents.
- Map GitHub constructs (branch protections, CODEOWNERS, status checks, secrets, orgs/teams) to their GitLab equivalents and resolve the gaps with stakeholders.
- Plan the cutover (big-bang vs. phased), run mirrors during transition, and verify parity before retiring GitHub assets.
- Partner with app teams, security, compliance, and release managers to align the migration with how each team works today and where they need to land. Own the runbook and run enablement sessions.
- Build and maintain GitLab CI/CD pipelines: multi-stage workflows, parent/child pipelines, reusable CI components, and matrix builds.
- Run and scale GitLab Runners on Kubernetes, AWS, Azure, and Proxmox, including executor tuning, tagging, and cache/artifact strategy.
- Ship via blue/green, canary, and rolling deployments with feature flags and automated rollback.
- Manage release governance: protected branches/tags, MR approvals, CODEOWNERS, environment-scoped variables, and audit-ready change records.
- Wire GitLab pipelines into AWS (ECR, EKS/ECS/Fargate, Lambda, S3, RDS, CloudFormation/CDK) and Azure (ACR, AKS, Functions, App Service, ARM/Bicep).
- Set up OIDC federation so pipelines assume short-lived cloud roles instead of using long-lived keys or secrets.
- Integrate with AWS Secrets Manager / Azure Key Vault, CloudWatch / Azure Monitor, and policy engines (AWS Config, Azure Policy).
- Feed GitLab security scan results into AWS Security Hub or Microsoft Defender for Cloud.
- Operate Proxmox VE clusters: nodes, storage (ZFS, Ceph, NFS), networking (bridges, VLANs, SDN), HA, and Proxmox Backup Server.
- Provision VMs and LXC containers as code with Terraform (Telmate or bpg/proxmox), Packer templates, and cloud-init.
- Use Proxmox for self-hosted runners, ephemeral build agents, and dev/staging environments. Keep parity with the cloud side so pipelines behave the same in both.
- Build infrastructure with Terraform/OpenTofu: reusable modules, remote state, workspaces, and policy-as-code (OPA or Sentinel).
- Run Kubernetes (EKS, AKS, or self-managed on Proxmox) with Helm and Kustomize.
- Use Ansible (or Puppet/Chef) for configuration; Packer for golden images across AWS, Azure, and Proxmox.
- Implement GitOps with Argo CD, Flux, or GitLab's Kubernetes Agent.
- Tune GitLab security scanners (SAST, DAST, dependency, container, IaC, secret detection, license compliance) and triage findings with the relevant teams.
- Manage secrets with Vault, AWS Secrets Manager, Azure Key Vault, or GitLab CI variables; default to OIDC over long-lived credentials.
- Apply least-privilege IAM, signed artifacts (Cosign/Sigstore), SBOMs, and image hardening.
- Instrument systems with Prometheus, Grafana, Loki, OpenTelemetry, CloudWatch, Azure Monitor, or Datadog.
- Build dashboards and alerts, investigate incidents, and run postmortems on pipeline and deployment failures.
- Support testing, staging, and production: drift detection, capacity planning, and performance tuning.
- Write the docs, runbooks, and ADRs. Build reusable pipeline templates so teams can self-serve.
- Work with developers, QA, security, and product to clear bottlenecks and make delivery feel easier.
- 3–5 years in DevOps, Platform, or Build/Release Engineering.
- GitLab in production: .gitlab-ci.yml, runners, container registry, MR workflows, protected environments. Comfortable with GitLab Flow or trunk-based development.
- GitHub-to-GitLab migration experience, or a comparable platform migration (Bitbucket to GitLab, Jenkins to GitLab CI, Azure DevOps to GitLab). You've moved repos, translated pipelines, and kept stakeholders aligned through it.
- Working knowledge of GitHub and GitHub Actions to translate what's already there.
- Real CI/CD ownership in production.
- Deploying into AWS and/or Azure from CI/CD, including OIDC, IAM/RBAC, and core services (compute, networking, storage, managed DBs, container registries, Kubernetes).
- Proxmox VE or a comparable virtualization platform (vSphere, Nutanix, KVM/libvirt).
- Bash plus one of Python, Go, or Ruby.
- Docker and Kubernetes (Deployments, Services, RBAC, Helm).
- Terraform with cloud and Proxmox providers.
- Solid Linux and networking fundamentals (systemd, TLS, DNS, HTTP, VLANs, load balancing).
- Comfortable with the messy parts of Git: rebases, conflict resolution, history rewriting.
- Good at troubleshooting, better at explaining tradeoffs to people with competing priorities.
- Prior lead role on a source control or CI platform migration.
- GitLab certifications (CI/CD Associate, Implementation Specialist) or experience running self-managed GitLab at scale.
- AWS or Azure certs (Solutions Architect, DevOps Engineer, Administrator).
- Hybrid-cloud experience bridging Proxmox to AWS/Azure (Site-to-Site VPN, Direct Connect, ExpressRoute).
- GitOps with Argo CD, Flux, or the GitLab Agent.
- Service mesh (Istio, Linkerd) and ingress controllers.
- Observability stack ownership (Prometheus, Grafana, OpenTelemetry, CloudWatch, Azure Monitor).
- HashiCorp Vault and OIDC federation.
- Supply-chain security: SLSA, Cosign/Sigstore, SBOMs (Syft, Trivy).
- Proxmox Backup Server, Ceph, or Proxmox SDN.
- Postgres or MySQL admin basics: migrations, backups, replication.
- Compliance frameworks: NIST 800-53 / 800-171, CMMC, SOC 2, ISO 27001, FedRAMP, PCI-DSS.
- Agile teams and coaching developers on platform usage.
Benefits
- Medical, Dental, & Vision - 100% covered premiums
- Equity - Stock Options
- 401(k) match
- WFH Hardware
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search