Jobless Developer
Bolt Graphics logo
Bolt Graphics

Posted 2 days ago

Open

DevOps Engineer

Sunnyvale, CARemote

AI Summary

About the role:We're hiring a DevOps Engineer to own our GitLab-based delivery platform end to end: the pipelines, the runners, the cloud integrations, and the on-prem infrastructure behind them.

About this role

About the role:

We're hiring a DevOps Engineer to own our GitLab-based delivery platform end to end: the pipelines, the runners, the cloud integrations, and the on-prem infrastructure behind them. You'll work across AWS, Azure, and Proxmox, partnering with developers, security, and product to keep code moving from commit to production quickly and safely.

Your first big project is leading our GitHub-to-GitLab migration, working with stakeholders across the company to make sure the new platform fits how teams actually work. Once that lands, you'll shift into the ongoing platform work below.


We currently do not offer sponsorship or relocation for this role.


What you'll do:

  • Initial Focus: GitHub-to-GitLab Migration (1–3 Months)

A defined, time-bound project. Once it's done and the dust settles, these duties wind down.

  • Migrate repos, history, branches, tags, LFS, releases, packages, issues, PRs/MRs, and CI config from GitHub to GitLab using GitLab Importer, git filter-repo, and custom tooling where needed.
  • Translate GitHub Actions into GitLab CI/CD: reusable workflows into CI components/templates, matrix strategies, environments, OIDC, and self-hosted runner equivalents.
  • Map GitHub constructs (branch protections, CODEOWNERS, status checks, secrets, orgs/teams) to their GitLab equivalents and resolve the gaps with stakeholders.
  • Plan the cutover (big-bang vs. phased), run mirrors during transition, and verify parity before retiring GitHub assets.
  • Partner with app teams, security, compliance, and release managers to align the migration with how each team works today and where they need to land. Own the runbook and run enablement sessions.

Ongoing Responsibilities

Pipelines & Releases

  • Build and maintain GitLab CI/CD pipelines: multi-stage workflows, parent/child pipelines, reusable CI components, and matrix builds.
  • Run and scale GitLab Runners on Kubernetes, AWS, Azure, and Proxmox, including executor tuning, tagging, and cache/artifact strategy.
  • Ship via blue/green, canary, and rolling deployments with feature flags and automated rollback.
  • Manage release governance: protected branches/tags, MR approvals, CODEOWNERS, environment-scoped variables, and audit-ready change records.

Cloud Integrations (AWS / Azure)

  • Wire GitLab pipelines into AWS (ECR, EKS/ECS/Fargate, Lambda, S3, RDS, CloudFormation/CDK) and Azure (ACR, AKS, Functions, App Service, ARM/Bicep).
  • Set up OIDCfederation so pipelines assume short-lived cloud roles instead of using long-lived keys or secrets.
  • Integrate with AWS Secrets Manager / Azure Key Vault, CloudWatch / Azure Monitor, and policy engines (AWS Config, Azure Policy).
  • Feed GitLab security scan results into AWS Security Hub or Microsoft Defender for Cloud.

Virtualization (Proxmox)

  • Operate Proxmox VE clusters: nodes, storage (ZFS, Ceph, NFS), networking (bridges, VLANs, SDN), HA, and Proxmox Backup Server.
  • Provision VMs and LXC containers as code with Terraform (Telmate or bpg/proxmox), Packer templates, and cloud-init.
  • Use Proxmox for self-hosted runners, ephemeral build agents, and dev/staging environments. Keep parity with the cloud side so pipelines behave the same in both.

Infrastructure as Code

  • Build infrastructure with Terraform/OpenTofu: reusable modules, remote state, workspaces, and policy-as-code (OPA or Sentinel).
  • Run Kubernetes (EKS, AKS, or self-managed on Proxmox) with Helm and Kustomize.
  • Use Ansible (or Puppet/Chef) for configuration; Packer for golden images across AWS, Azure, and Proxmox.
  • Implement GitOps with Argo CD, Flux, or GitLab's Kubernetes Agent.

Security

  • Tune GitLab security scanners (SAST, DAST, dependency, container, IaC, secret detection, license compliance) and triage findings with the relevant teams.
  • Manage secrets with Vault, AWS Secrets Manager, Azure Key Vault, or GitLab CI variables; default to OIDC over long-lived credentials.
  • Apply least-privilege IAM, signed artifacts (Cosign/Sigstore), SBOMs, and image hardening.

Monitoring & Operations

  • Instrument systems with Prometheus, Grafana, Loki, OpenTelemetry, CloudWatch, Azure Monitor, or Datadog.
  • Build dashboards and alerts, investigate incidents, and run postmortems on pipeline and deployment failures.
  • Support testing, staging, and production: drift detection, capacity planning, and performance tuning.

Collaboration

  • Write the docs, runbooks, and ADRs. Build reusable pipeline templates so teams can self-serve.
  • Work with developers, QA, security, and product to clear bottlenecks and make delivery feel easier.

Required Qualifications:

  • 3–5 years in DevOps, Platform, or Build/Release Engineering.
  • GitLab in production: .gitlab-ci.yml, runners, container registry, MR workflows, protected environments. Comfortable with GitLab Flow or trunk-based development.
  • GitHub-to-GitLab migration experience, or a comparable platform migration (Bitbucket to GitLab, Jenkins to GitLab CI, Azure DevOps to GitLab). You've moved repos, translated pipelines, and kept stakeholders aligned through it.
  • Working knowledge of GitHub and GitHub Actions to translate what's already there.
  • Real CI/CD ownership in production.
  • Deploying into AWS and/or Azure from CI/CD, including OIDC, IAM/RBAC, and core services (compute, networking, storage, managed DBs, container registries, Kubernetes).
  • ProxmoxVE or a comparable virtualization platform (vSphere, Nutanix, KVM/libvirt).

Explore related jobs

More jobs at Bolt Graphics

Browse these categories

Remote JobsJobs in United States