➡️ Apply here: Senior DevOps Engineer
👩💼 Want to stand out? Improve your resume to appeal to recruiters, hiring managers, and Applicant Tracking Systems. ➡️ Improve your resume
TBC Bank Group PLC established Space International with the strategic aim of facilitating the group’s global expansion efforts. In 2018, the team successfully introduced the pioneering neobank, Space, in Georgia. Building upon this success, subsequent efforts were directed towards the creation and launch of the fully digital bank in Uzbekistan, TBC UZ, in 2020. In a significant move towards enhancing its foothold in the Uzbek market, the group acquired Payme, a prominent local payments provider and esteemed brand among the Uzbek populace, in 2023.
Presently, a dedicated team of 1,700 professionals representing 17 nationalities collaborates to advance TBC’s international presence. Space International spearheads the provision of cutting-edge technologies and top-tier professional services, while the local teams at Payme and TBC Uzbekistan drive sustained growth and operational excellence.
We are looking for talented individuals with Senior Devops Engineer experience to join our team
Key Responsibilities
Kubernetes & Platform Engineering
Cluster Orchestration: Deploy and manage production-grade RKE2 clusters on-premise, utilizing Rancher for centralized multi-cluster management and visibility.
Advanced Networking: Implement and optimize Cilium as the CNI, leveraging eBPF for high-performance networking, advanced load balancing, and network policy enforcement.
GitOps & Deployment: Architect and maintain ArgoCD for automated application delivery, ensuring that the “truth” of our infrastructure always resides in Git.
Storage Management: Configure and troubleshoot on-premise Container Storage Interfaces (CSI) for stateful workloads (e.g., StarRocks) using Longhorn, Ceph, or local NVMe arrays.
High Availability: Design the control plane and worker node architecture to withstand physical hardware failures, ensuring 99.9% uptime for the platform.
Resource Optimization: Tune Kubernetes scheduling and resource quotas to ensure maximum hardware utilization for heavy DWH and analytics workloads.
Infrastructure Automation (IaC) & CI/CD
Bare-Metal Automation: Use Terraform to automate the provisioning of physical servers, virtual machines (vSphere), and local networking components.
Modular Code: Build reusable Terraform modules to standardize the rollout of new environments (Dev, Test, Prod) across the data center.
CI/CD Pipeline Engineering: Design and manage robust pipelines (GitLab CI/Jenkins) that integrate with ArgoCD for seamless software promotion.
Operating System Hardening: Automate the lifecycle of the underlying Linux OS (Ubuntu/RHEL) using Ansible or SaltStack, applying security patches without service interruption.
Audit, Security & Risk Mitigation
Infrastructure Auditing: Conduct periodic audits of the on-premise stack to identify rogue assets, unauthorized configuration changes, and hardware health risks.
Vulnerability Management: Lead the remediation of vulnerabilities identified by Nessus/Qualys across the Kubernetes nodes, Cilium networking, and container images.
Policy Enforcement: Use Cilium and OPA Gatekeeper to implement strict network segmentation and security policies (Zero Trust architecture) within the local network.
Compliance Reporting: Generate technical evidence and reports for security audits, ensuring the platform meets GDPR, HIPAA, or local financial regulations.
Identity Management: Implement and manage Keycloak or OIDC integrations within Rancher to provide secure, centralized access to all platform tools.
Threat Modeling: Analyze the impact of infrastructure-level threats and implement mitigation strategies like mTLS and encrypted secrets management (HashiCorp Vault).
Qualifications
Education: Bachelor’s degree in Computer Science, Systems Engineering, or a related field.
Experience: 6+ years in DevOps, SRE, or Systems Engineering roles, with at least 3 years focused on Kubernetes on-premise.
Core Competency: A platform-first engineer who believes that manual work is a bug and that security is a feature of the architecture
Nice to Have
Big Data Support: Experience optimizing Kubernetes for stateful, high-performance databases like StarRocks or ClickHouse.
Service Mesh: Familiarity with Istio or Linkerd for advanced traffic management and security.
Disaster Recovery: Experience with Velero or similar tools for backing up and restoring on-premise Kubernetes clusters.
Hardware: Understanding of IPMI, PXE booting, and RAID configurations.
Required Skills
Kubernetes & DevOps Ecosystem
K8s Distributions: Deep hands-on experience with RKE2, K3s, or upstream Kubernetes in a non-cloud environment.
Rancher Mastery: Proficiency in managing large-scale, multi-cluster environments through Rancher.
Networking: Strong understanding of Cilium (eBPF), BGP, Load Balancers (F5/HAProxy), and VLAN tagging.
GitOps: Expert-level knowledge of ArgoCD or Flux, including Helm chart management and Kustomize.
Infrastructure as Code: Advanced Terraform skills (specifically on-premise providers like vSphere, Nutanix, or Libvirt).
Systems & Development
Linux Internals: Expert knowledge of the Linux kernel, systemd, and performance tuning for high-throughput networking and I/O.
Java Understanding: A fair understanding of Java (OOP) and system architecture to support and troubleshoot Java-based applications running on K8s.
Scripting: Advanced proficiency in Python, Go, or Bash for building custom automation and integration tools.
Monitoring: Hands-on experience with the LGTM stack (Loki, Grafana, Tempo, Mimir) or Prometheus/Thanos.
Security & Risk
Security Tools: Proven experience with Nessus, Qualys, or Trivy for vulnerability scanning and management.
Risk Assessment: Ability to identify, prioritize, and mitigate technical risks within a complex on-premise network.
Certificate Management: Experience with cert-manager and managing internal PKI for on-premise services.
What We Offer
Full support and career-development resources to maximize your potential along our career journey
Market competitive total compensation package
100% company-paid for every employee’s medical insurance
Benefits and incentives to stay healthy and fit
English language classes
Possibility to be involved in an international project
Junk Fridays, fruit days, terrace BBQs, and many more
Thank you for your interest in opportunities at JSC “Space International.” Your privacy is a priority. We process data in compliance with the Law of Georgia “On Personal Data Protection.” Your information is confidential and used solely for assessing suitability, with a maximum 2-year retention period. We securely store your data using BreezyHR (Canada). You are authorized to request data deletion or modification, or provision of information regarding data processing. If you have any such requests or have any questions regarding data processing, please feel free to contact us ProfileModificationRequests@ space.ge. Our commitment extends to equal treatment, ensuring a fair and unbiased selection process. Thank you for considering opportunities with us.