DevSecOps Engineer

Remote

Job Description:

In this role, you will be working on a long-term project (to possible permanent hire) that will provide and/or enhance current logging and monitoring capabilities within Azure Gov tenant and enable to use newer tools and provide better integration.   

You will also implement Logging and Monitoring in Azure Kubernetes Service. 

All work needs to be performed using Infrastructure-as-Code (IaC) and deployable via a GitLab CI/CD pipeline.

Project milestones include:

Install and Configure Prometheus using Prometheus Operator or better

Hardened Docker images

Images need to be moved to private Container Registry

Code to deploy must be provided with documentation

Add Prometheus rules/scrapes for Istio

Add rules/monitor/alerts for OOM, Memory management

Automate Pod Discovery and Scrape rules.

Data from Prometheus need to be pushed to Mimir for long term storage.

Data needs to be easily identifiable based on Kubernetes cluster (cluster-id)

Integrated Kubecost with Prometheus, to scrape Kubecost metrics.

Install Node exporter, Blackbox exporter, Alert Manager.

Hardened Docker images

Images need to be moved to private Container Registry

Code to deploy must be provided with documentation

Install and Configure Jaeger and Kiali with Istio

Hardened Docker images

Images need to be moved to private Container Registry

Code to deploy must be provided with documentation

Connected with Azure AD for Authentication

OPA Polices using Prisma

Disable creation of Node Port and Load Balancer service (Exception based on namespace)

OPA Policy to enforce pod/deployment labels

Deliverables shall be enforced using Azure Policies as code

Consideration for most cost effective approach and integration with new or existing FinOps processes.

Please send/Email resumes:

Emmanuelle.Kramer@compassptc.com