Senior DevOps Engineer

We are seeking a **Senior DevOps** with deep hands\-on expertise in **Rancher Kubernetes on bare metal** , **Kubernetes Operators** , and **high\-availability** design across core data services (PostgreSQL, Kafka, Redis, Vault, Keycloak). The ideal consultant has production experience integrating **hardware load balancers** (preferably **Fortinet** , alternatively **F5** ) with Kubernetes ingress, and can deliver a **repeatable, scripted cluster bootstrap** and **observability stack** (Grafana, Prometheus, Jaeger, plus EFK or VictoriaMetrics Logs). You will work **onsite in Dubai** with the Tejori team to design, implement, document, and hand over a robust, secure, and monitored platform to run Emcode’s commercial workloads. **Key Responsibilities** **Kubernetes \& Rancher** * Architect and deploy a **highly available Rancher\-managed Kubernetes** cluster on **bare metal** (multi\-master, etcd quorum sizing, worker pools). * Implement **cluster provisioning** and **lifecycle automation** (bootstrapping scripts and/or Pulumi/Ansible based flows). * Configure **Rancher projects, namespaces, RBAC, and fleet** for multi\-environment governance. **Networking \& Ingress** * Design and implement **ingress traffic** from **Fortinet hardware load balancers** (or F5\) to the Rancher/Kubernetes ingress layer (Layer 4/7\). * Configure **ingress controllers** (e.g., NGINX or HAProxy), **TLS termination** , **mTLS** where applicable, and **WAF** /security policies at the LB and cluster edge. **Data \& Platform Services on Kubernetes** * Deploy and harden **PostgreSQL, Kafka, Redis, Vault, and Keycloak** using **Operators** and/or well\-supported Helm charts. * Configure **backup/restore** , **secrets management (Vault/KMS)** , **rotations** , and HA (replication, quorum, partitions, failover). * Ensure **data durability** and performance tuning for bare\-metal constraints (storage classes, CSI drivers, network tuning). **Observability \& Logging** * Stand up **Prometheus \+ Alertmanager \+ Grafana** for metrics and dashboards. * Deploy **Jaeger** (or OpenTelemetry Collector → Jaeger) for distributed tracing. * Implement **EFK (Elasticsearch/Fluentd/Kibana)** or **VictoriaMetrics Logs** (e.g., VictoriaLogs/Loki alternative) with retention and index strategy. **Automation \& IaC** * Create **idempotent scripts** and/or **Pulumi** stacks for cluster bootstrap, app provisioning, and infra config. * Develop **Ansible** roles/playbooks for OS hardening, package prep, and repeatable node bring‑up. **Security \& Compliance** * Enforce **network policies** , **RBAC/ABAC** , **PodSecurity** /PSA, **image signing** /scanning, registry policies. * Integrate **Keycloak** for SSO into Rancher, Grafana, and app workloads. * Establish **backup, DR, and secrets management** standards (Vault policies, transit encryption). **Documentation \& Handover** * Produce **as\-built documentation** , **runbooks** , **troubleshooting guides** , and **DR procedures** . * Conduct **knowledge transfer** sessions and **tabletop failover tests** with the team. **Required Qualifications** * **10\+ years** DevOps/SRE with production **Kubernetes** (Rancher experience required). * Strong with **Kubernetes Operators** , **Helm** , **ingress controllers** . * Proven deployments of **PostgreSQL, Kafka, Redis, Vault, Keycloak** on K8s. * **Fortinet load balancers** (highly desirable) or **F5** experience in production. * **Pulumi** (preferred) and **Ansible** for IaC and configuration. * **Monitoring stack** : Grafana, Prometheus, Alertmanager, Jaeger; EFK or Victoria Logs. * **Bash** proficiency and at least one high\-level language ( **Go** or **Python** ). * HA/DR design on **bare metal** , including storage/CNI selection and tuning. * Excellent documentation and team enablement skills.