Infrastructure Engineer (Kubernetes)

TL;DR

Infrastructure Engineer (Kubernetes): Designing and automating multi-site, resilient, secure infrastructure for Network-as-a-Service (NaaS) APIs. Focus on PKI, certificate lifecycle automation, secrets management (Vault), and gateway-level security for carrier-grade standards.

Location: Bristol, London. Working Style: 3 days a week in office, 2 days from home.

Company

hirify.global is the UK’s first telco, building the country's largest digital infrastructure project, connecting over 25 million premises to full fiber broadband and investing heavily in 5G.

What you will do

• Design and operate cloud-native environments for NaaS components (API gateway, identity & consent services, aggregator integrations).
• Engineer infrastructure supporting dual-site deployments on BT’s private cloud ecosystem with active/active or active/standby failover patterns.
• Maintain Kubernetes workloads deployed via Helm charts and environment-specific configuration pipelines.
• Optimise cluster networking, pod-to-pod routing, overlay networks, and VPC connectivity for NaaS northbound/southbound integration.
• Standardise GitLab-based deployment automation used across NaaS (e.g., templated Helm chart rollouts, environment switching, version promotion).
• Configure and operate NGINX and Kong API Gateway for internal/external API exposure, including routing, transformations, policies, and rate limiting.

Requirements

• Strong Linux fundamentals and troubleshooting (system performance, networking, storage).
• Practical understanding of L7/L4 load balancing, service mesh, DNS/GSLB, certificate management, and API connectivity patterns into telco/core systems.
• Strong understanding of CA hierarchies, mTLS, certificate lifecycle management, CRL/OCSP, key rotation, HSM/KMS.
• Ability to design automated certificate workflows for Kubernetes, gateways, and service mesh.
• Deep configuration experience on NGINX (ingress rules, SSL termination, upstream configuration, rewrite/redirect rules) including performance tuning and mTLS enforcement.
• Expertise with Kong plugins (JWT, ACL, rate limit, key auth, OIDC, mTLS), declarative configs (Kong YAML), and Ingress Controller.

Nice to have

• Expertise in automating secret delivery via Vault Agent, Vault Injector or GitLab CI integration.
• Automation mindset: scripting (Python/Bash) + one or more of Terraform/Ansible/Helm/Kustomize/GitOps.
• Experience designing observability for serverless systems (logs/metrics/traces) and implementing distributed tracing and dashboards.
• Familiarity with CAMARA and TMF-931; API aggregator marketplace exposure.
• Experience with network automation (YANG/NETCONF/RESTCONF, Ansible) and telco workloads.

Culture & Benefits

• 10% on target bonus and BT Pension scheme (minimum 5% employee contribution, 10% BT contribution).
• Life Assurance Cover and exclusive colleague discounts on BT broadband packages, BT TV with TNT Sports and NOW Entertainment.
• From January 2025, equal family leave: 18 weeks at full pay, 8 weeks at half pay, and 26 weeks at the statutory rate.
• Enhanced women’s health support including help with menopause symptoms and cancer screenings.
• 25 days annual leave (not including bank holidays), increasing with service, and 2 weeks carer’s leave.
• 24/7 private virtual GP appointments for UK colleagues and world-class training and development opportunities.