Istio Mesh Engineer (Onsite) Dallas, TX (Relocation yes)
Share
Job Location:
Dallas, IA - USA
Monthly Salary:
Not Disclosed
Posted on:
4 hours ago
Vacancies:
1 Vacancy
Job Summary
Hi
Hope you are doing well
Please find the job description given below and let me know your interest.
Position: Istio Mesh Engineer (Onsite)
Location: Dallas TX (Relocation yes)
Duration : 6 months
Job Description:
Design deploy and operate Istio service mesh on AKS (ingress/egress gateways traffic shifting retries/timeouts circuit breaking).
Enforce zero-trust service-to-service security with mTLS Authorization Policy Peer Authentication and Request Authentication.
Drive kubenet Azure CNI transition (including Azure CNI Overlay) with IP planning subnetting IPAM and routing/NSG alignment.
Implement and validate Kubernetes Network Policies (Cilium/Calico) to restrict east west traffic and control egress.
Kubernetes/Platform strong Istio (prod ops) Gateway API migrations and aware of Azure networking (VNets UDR NSG NAT Private Link).
Establish compliant egress architectures (NAT Gateway Istio egress gateway Private Link) and DNS patterns (CoreDNS Private DNS Zones).
Build GitOps workflows (Argo CD/Flux) for mesh Gateway API and policy manifests; manage lifecycle via Helm/Kustomize.
Define IaC with Terraform/Bicep for AKS networking identity and Key Vault; integrate with Azure DevOps/GitHub Actions pipelines.
Configure PKI/certificates for mesh (Istio CA cert-manager with Azure Key Vault) TLS termination and automated rotation.
Stand up observability: Prometheus/Grafana OpenTelemetry/Jaeger Azure Monitor/Log Analytics; publish SLOs alerts and runbooks.
Perform security hardening (CIS benchmarks) policy enforcement (OPA Gatekeeper/Kyverno) and DR drills.
Partner with app teams to refactor ingress to Gateway/HTTPRoute implement canary/blue green (Argo Rollouts/Flagger) and document patterns.
Tooling & languages: YAML/bash plus Go or Python; hands-on with Azure AD/Entra Azure Workload Identity Key Vault and eBPF/Cilium.
Roles & Responsibilities
Design deploy and operate Istio service mesh on AKS (ingress/egress gateways traffic shifting retries/timeouts circuit breaking).
Enforce zero-trust service-to-service security with mTLS Authorization Policy Peer Authentication and Request Authentication.
Drive kubenet Azure CNI transition (including Azure CNI Overlay) with IP planning subnetting IPAM and routing/NSG alignment.
Implement and validate Kubernetes Network Policies (Cilium/Calico) to restrict east west traffic and control egress.
Establish compliant egress architectures (NAT Gateway Istio egress gateway Private Link) and DNS patterns (CoreDNS Private DNS Zones).
Build GitOps workflows (Argo CD/Flux) for mesh Gateway API and policy manifests; manage lifecycle via Helm/Kustomize.
Define IaC with Terraform/Bicep for AKS networking identity and Key Vault; integrate with Azure DevOps/GitHub Actions pipelines.
Configure PKI/certificates for mesh (Istio CA cert-manager with Azure Key Vault) TLS termination and automated rotation.
Stand up observability: Prometheus/Grafana OpenTelemetry/Jaeger Azure Monitor/Log Analytics; publish SLOs alerts and runbooks.
Perform security hardening (CIS benchmarks) policy enforcement (OPA Gatekeeper/Kyverno) and DR drills.
Partner with app teams to refactor ingress to Gateway/HTTP Route implement canary/blue green (Argo Rollouts/Flagger) and document patterns.
Tooling & languages: YAML/bash plus Go or Python; hands-on with Azure AD/Entra Azure Workload Identity Key Vault and eBPF/Cilium.
If you are interested please share your updated resume and suggest the best number & time to connect with you.
|
