DevSecOps Engineer (Nghỉ T7-CN)

Infrastructure as Code: define and maintain the entire infrastructure in code using Terraform and Ansible; all changes go through code review and CI validation — no manual provisioning.
GitOps implementation: own GitOps workflows with ArgoCD: application state management, automated sync, progressive delivery, and rollback strategies across all environments.
Observability stack: build and operate the full observability layer: metrics (Prometheus + Grafana), logging (EFK / Loki), distributed tracing (Jaeger / Tempo), and alerting; define SLOs and error budgets.
CI/CD pipeline engineering: build and maintain end- to- end pipelines — build, test, security scan, staging, and production — with zero- downtime deployments using GitLab CI, Tekton, and ArgoCD.
Multi- layer security: implement and maintain network security (firewall rules, NetworkPolicies, ingress/egress controls, VPN tunnels to government systems); container security (image scanning with Trivy/Clair, admission controllers, Pod Security Standards, runtime threat detection with Falco); secrets management (HashiCorp Vault, automated secret rotation); and compliance hardening (CIS Kubernetes Benchmark, DISA STIG).
Security incident response: participate in threat detection, forensic investigation, and post- mortem analysis for security incidents; maintain and rehearse incident response runbooks.
Kubernetes workload management: manage the full lifecycle of 20+ microservices across namespaces: RBAC, NetworkPolicy, resource quotas, Custom Resources (CRDs), Operators, and admission webhooks.
Cross- functional collaboration: work closely with Backend and Mobile teams to optimize deployment workflows, resolve infrastructure bottlenecks, and ensure platform capabilities ship reliably end- to- end.
Platform provisioning & operations: deploy and operate production clusters on Red Hat OpenShift (OCP 4.x) or VMware Cloud Foundation 9 — configure multi- zone topology, high availability, and disaster recovery; own the platform uptime SLA.
Capacity planning & scaling: lead capacity planning exercises; configure and tune auto- scaling (HPA, VPA, Cluster Autoscaler) to handle traffic spikes without over- provisioning.
Service mesh: design and operate Istio / OpenShift Service Mesh: enforce mTLS between services, manage traffic routing, implement canary deployments, and configure circuit breaking.

Security- first mindset: solid understanding of OWASP, CVE management, and least- privilege principle — able to reason about threats at the infrastructure layer, not just follow checklists.
Hands- on experience with observability tooling: Prometheus, Grafana, EFK/ELK Stack, and distributed tracing.
Advanced Kubernetes proficiency: RBAC, NetworkPolicy, Custom Resources (CRDs), Operators, and admission webhooks in production- grade, multi- team clusters.
Production- ready Infrastructure as Code using Terraform and/or Ansible — with proper module structure, state management, and CI validation.
Solid container security experience: image scanning, Pod Security Admission, and runtime threat detection (Falco or equivalent).
Comfortable reading technical documentation in English.
Deep understanding of Kubernetes networking: CNI plugins, ingress controllers (NGINX / HAProxy), load balancing, DNS, and service discovery.
Experience building and operating large- scale CI/CD pipelines: GitLab CI, Tekton, Jenkins, or equivalent.
Minimum 4 years of hands- on experience in DevOps, Platform Engineering, or SRE in production environments.
Strong Linux administration fundamentals: systemd, networking, storage, and performance tuning on RHEL / CoreOS / Ubuntu.
Mandatory hands- on experience with Red Hat OpenShift (OCP 4.x) or VMware Cloud Foundation (VCF) — production systems will run on one of these two platforms; this requirement is non- negotiable.
Proven GitOps implementation with ArgoCD or Flux in a production environment.

Work on a national- scale platform that demands real infrastructure engineering — not routine ops work.
13th- month salary.
Collaborative and technically driven team; regular tech sharing sessions and blameless post- mortem culture.
Opportunities for career growth into Principal Engineer, Platform Architect, or Head of Infrastructure roles.
Salary range: 50,000,000 – 80,000,000 VND/month, negotiable based on experience and technical depth.
Company benefits in accordance with labor law (insurance, annual leave, etc.).

Cập nhật gần nhất lúc: 2026-03-27 13:45:03