Senior DevOps Engineer

Location: Riyadh / Remote Employment: Full‑time Department: Platform Engineering / DevSecOps Reports to: Head of Platform / CTORole SummaryLead the reliability, security, and scalability of our API and container platforms. You will architect and operate WSO2 API Manager on top of Kubernetes (preferably OCI OKE), implement Istio for traffic management and zero‑trust service‑to‑service security, and build GitOps‑based CI/CD with robust observability and compliance-by-design.Key Responsibilities·        WSO2 API Platform: Design, deploy, and operate WSO2 API Manager (Gateway, Publisher, Developer Portal, Analytics). Implement API lifecycles, throttling policies, subscriptions, rate limiting, monetization, and SSO (OIDC/SAML) integrations (e.g., Keycloak/Azure AD).·        Kubernetes on OCI (OKE): Plan and manage clusters, node pools, autoscaling, Ingress/Load Balancers, OCI WAF/LB. Own multi‑env strategy (dev/test/stage/prod) with namespaces and network policies.·        Istio Service Mesh: Configure VirtualService, DestinationRule, Gateway, AuthorizationPolicy, mTLS, traffic shifting/canary, retries, timeouts, circuit breaking.·        Infrastructure as Code: Use Terraform for OCI (VCN, subnets, IGW/NAT, security lists/NSG, IAM policies, OKE), and Helm/Helmfile/Kustomize for app and platform components.·        CI/CD & GitOps: Build pipelines (GitLab CI/GitHub Actions) and GitOps flows (Argo CD/Flux) with automated tests, security scans, pre‑prod promotions, and progressive delivery.·        Observability & SRE: Implement logging/metrics/tracing (Prometheus, Alertmanager, Grafana, Loki/ELK, Tempo/Jaeger). Define SLO/SLI/Error Budgets. Conduct capacity planning and load tests.·        Security & Compliance: Enforce mTLS, JWT validation, OPA/Gatekeeper policies, image signing (Cosign), secrets management (Vault/External Secrets). Support audits (e.g., ISO 27001, NCA CCC, Secure‑by‑Design).·        Reliability Engineering: Backup/restore (Velero/OCI Object Storage), DR/HA, blue/green & canary, chaos testing. Own incident response/RCAs and postmortems.·        Cost Governance: Monitor and optimize cloud and platform spend (OKE nodes, LB/WAF, storage, egress). Right‑size resources and autoscaling policies.Minimum Qualifications·        5–8+ years in DevOps/SRE with 3+ years running Kubernetes in production.·        Hands‑on with WSO2 API Manager in production (install/upgrade/scale, gateway policies, analytics).·        Strong OCI: VCN, IAM, OKE, LB, WAF, Logging, Monitoring.·        Production experience with Istio (traffic mgmt, mTLS, authz, resiliency patterns).·        IaC (Terraform), container build & registry (Docker/OCI images), Helm/Helmfile.·        CI/CD (GitLab CI/GitHub Actions) and GitOps (Argo CD/Flux).·        Observability stack (Prometheus, Grafana) and log pipelines (ELK/Loki).·        WSO2 API Analytics/Choreo experience; custom gateways & mediation.·        Keycloak/OPA, ExternalDNS & Cert‑Manager, Open Policy Agent/Gatekeeper.·        Service mesh alternatives (Linkerd, Consul).·        Performance/load testing (k6, Locust), Chaos engineering (Litmus, Gremlin).·        Security: SBOM, SAST/DAST, Trivy/Grype, image signing (Cosign), supply‑chain controls (SLSA).Success Metrics (First 6 Months)·        99.9%+ API Gateway availability; SLOs & alerts in place.·        Istio mTLS enforced platform‑wide with zero major regressions.·        GitOps delivery live across environments with <30 min mean change lead time.Certifications (Preferred)·        OCI Architect / OKE Specialization·        CKA/CKAD·        HashiCorp Terraform Associate·        WSO2 API Manager (or demonstrable project credentials)