Take your career to the next level with Amaris Consulting as a GCP Cloud Network Engineer. Become part of an international team, thrive in a global group with €800M turnover and 1,000+ clients worldwide, and an agile environment by planning the kickoff and follow up on projects. Join Amaris Consulting, where you can develop your potential and make a difference within the company.
Sea uno de los primeros solicitantes, lea la descripción completa del puesto a continuación y luego envíe su candidatura para que sea considerada.
WHAT WOULD YOU NEED?
* Proven experience as a L3 Network Engineer with a focus on GCP and Kubernetes (GKE).
* Solid knowledge of GCP networking and Shared VPC: VPC fundamentals, routing, firewall rules, tags, service accounts, IAM.
* Shared VPC model (host vs service projects), cross‐project permissions.
* Private connectivity patterns, Private Google Access, Cloud DNS (private zones, split‐horizon).
* PSC/PSA concepts, proxy‐only subnets, internal vs external load balancers, L4 vs L7, TLS termination and SNI basics.
* Strong hands‐on experience with GKE operations: Kubernetes fundamentals: namespaces, RBAC, service accounts, ConfigMaps, Secrets.
* Deployments, StatefulSets, DaemonSets, Jobs.
* Services, Ingress, NetworkPolicies.
* Troubleshooting common issues (ImagePullBackOff, CrashLoopBackOff, DNS, readiness/liveness probes).
* Experience with Istio service mesh: Day‐to‐day usage of Gateways, VirtualServices, DestinationRules, ServiceEntry.
* Understanding of mTLS modes and validation of traffic paths.
* Basic Envoy/Istio debugging and use of Kiali for topology and policy visibility.
* Knowledge of Artifact Registry and secrets management: Repositories, authentication, image pull permissions and troubleshooting across projects.
* Secret Manager basics and access model.
* Kubernetes TLS secrets: creation, rotation, and usage.
* Strong Security / PKI / TLS fundamentals: Difference between TLS server authentication, mutual TLS (mTLS), and token‐based approaches.
* Certificate chain understanding (Root CA, Intermediate CA, Leaf certificate, full chain).
* SAN vs CN, DNS SAN vs IP SAN.
* Use of openssl tools (s_client, x509, verify) to validate and troubleshoot certificates.
* Familiarity with common certificate file types (.pem, .crt, .key) and chain bundles.
* Ability to create and manage Kubernetes TLS secrets and understand where TLS terminates (Ingress, Gateway, Service).
* Experience acting as first‐line technical owner / tech lead for a product or stream: triage, prioritization, routing, and mentoring engineers.
* Strong communication skills in English and Spanish (spoken and written); additional languages are a plus.
* Hybrid setting in Madrid.
WHAT WILL YOU DO?
As a Stream Cloud Tech Lead, you will be the first‐line technical owner for a cloud‐native stream running on GCP and GKE:
* Act as the go‐to technical reference for engineers and application teams on: GCP networking (Shared VPC, routes, firewalls, IAP, load balancers, PSC/PSA, proxy‐only subnets).
* GKE operations and troubleshooting (capacity, node pools, requests/limits).
* Istio traffic paths (ingress/egress), routing, and policies.
* Certificates, PKI, and TLS secret handling.
* Triage, prioritize, and route incidents and delivery blockers within the stream, resolving as many as possible without escalation.
* Provide first‐line support for: GKE routine troubleshooting and operational questions.
* Istio routing checks and policy verification for common use cases.
* GCP networking day‐to‐day issues (firewalls, routes, IAP access).
* Artifact Registry permissions for builds and deployments.
* Basic monitoring, dashboards, and initial incident triage.
* Certificate validation tasks and standard TLS secret handling.
* Make technical decisions within agreed guardrails (security, networking, observability, CI/CD) and escalate only high‐impact architecture topics to the central Cloud team.
* Mentor and support engineers in the stream: Enforce standards and best practices.
* Reduce ad hoc escalations by enabling teams to self‐serve.
* Own and maintain stream documentation: Confluence pages, reference patterns, runbooks, go‐live checklists.
* Clear escalation rules and decision records.
* Deliver weekly status updates in a concise format, highlighting blockers, risks, and cross‐team dependencies.
* Collaborate closely with Security and Cloud Architecture teams to translate certificate material and security artifacts into deployable Kubernetes TLS secrets and compliant configurations.
WHY US?
Join our dynamic team of talented individuals and experience a world of growth and opportunities. Here's what we offer:
* Grow rapidly with a tailored career path and salary evaluation. 70% of our senior leaders started at entry level.
* Enhance your skills through our Tech Academy catalog, Udemy E-learning Platform, Languages Sessions, webinars, and workshops.
* Take charge of your training with an annual personal budget and company-paid certifications.
* Enjoy flexible policies, remote work options, and fantastic social benefits like transit and restaurant tickets, kindergarten support, and private health insurance.
* Benefit from our WeCare program, supporting employees in critical situations.
* Unleash your full potential, both professionally and personally.
Amaris Consulting is proud to be an equal-opportunity workplace. We are committed to promoting diversity within the workforce and creating an inclusive working environment. xohynlm For this purpose, we welcome applications from all qualified candidates regardless of gender, sexual orientation, race, ethnicity, beliefs, age, marital status, disability, or other characteristics.