Platform Engineer – Secure Cloud Services

Platform Engineer – Secure Cloud Services 🌐 Project Overview The project focuses on building and operating an internal, service‑oriented, cloud‑native platform that accelerates software development and delivery across hybrid cloud environments. This role sits within the IAM domain, responsible for designing secure, scalable, federated access solutions for applications running on the platform. 🎯 Key Responsibilities 🔐 OpenBao / Vault Operations (Deep Expertise) Manage full cluster lifecycle: initialization, unseal, upgrades, migrations. Oversee Raft consensus operations: quorum, leader election, anti‑affinity, network partition handling. Implement snapshot creation and restore procedures, including encrypted offsite backups. Optimize system performance (I/O, connection limits, audit overhead). Coordinate namespace creation, security policy attachment, and authentication mount configuration. Administer audit devices and integrate log pipelines. Troubleshoot operational issues: seal/unseal failures, Raft instability, token/lease storms. 🏗️ Infrastructure as Code Manage Vault/OpenBao resources using Terraform or OpenTofu. Deploy applications to Kubernetes clusters using Helm. Implement GitOps workflows with ArgoCD or Flux. Develop and maintain policies‑as‑code in HCL, including testing and CI validation. ☸️ Kubernetes Integration Configure Kubernetes authentication methods. Design and implement secret injection patterns (Vault Agent, CSI Driver, External Secrets Operator). Ensure alignment with service mesh technologies (mTLS, SPIFFE). 📊 Observability Collect Prometheus metrics for monitoring. Design and maintain Grafana dashboards for SLO tracking. Build and manage audit log pipelines. Define alerting rules for key operational indicators (seal status, leader health, token/lease counts, policy violations). 🔑 PKI Baseline (Cross‑Coverage) Understand certificate lifecycle management fundamentals. Distinguish between PKI and Secrets clusters and their separation rationale. Perform essential PKI operations for emergency cross‑coverage. 🛠️ Monitoring & Troubleshooting Conduct functional and integration tests (IAM federation, CI/CD, HA/DR). Monitor telemetry, logs, and SIEM outputs. Troubleshoot Vault, PKI, and Keycloak issues. Automate HA/DR failover testing. Validate multi‑tenant and RA delegation scenarios. 🧠 Profile Requirements (Must‑Have) Strong experience with OpenBao/Vault (cluster lifecycle, Raft, snapshots, namespaces, audit). IaC expertise: Terraform/OpenTofu, Helm, ArgoCD/Flux. Policy‑as‑code (HCL + CI pipelines). Kubernetes authentication and secret injection. Observability: Prometheus, Grafana, audit pipelines. Ability to interpret Tier‑1 execution narratives and produce Tier‑3 runbooks. PKI fundamentals. ✅ Languages Fluent English (C1). 📍 Location Brussels 💼 Work Model Hybrid