TBC Bank Group PLC established Space International with the strategic aim of facilitating the group's global expansion efforts. In 2018, the team successfully introduced the pioneering neobank, Space, in Georgia. Building upon this success, subsequent efforts were directed towards the creation and launch of the fully digital bank in Uzbekistan, TBC UZ, in 2020. In a significant move towards enhancing its foothold in the Uzbek market, the group acquired Payme, a prominent local payments provider and esteemed brand among the Uzbek populace, in 2023.
Presently, a dedicated team of 1,700 professionals representing 17 nationalities collaborates to advance TBC's international presence. Space International spearheads the provision of cutting-edge technologies and top-tier professional services, while the local teams at Payme and TBC Uzbekistan drive sustained growth and operational excellence.
We are looking for talented individuals with Senior Devops Engineer experience to join our team
Key Responsibilities
Kubernetes & Platform Engineering
• Cluster Orchestration: Deploy and manage production-grade RKE2 clusters on-
premise, utilizing Rancher for centralized multi-cluster management and visibility.
• Advanced Networking: Implement and optimize Cilium as the CNI, leveraging eBPF
for high-performance networking, advanced load balancing, and network policy
enforcement.
• GitOps & Deployment: Architect and maintain ArgoCD for automated application
delivery, ensuring that the "truth" of our infrastructure always resides in Git.
• Storage Management: Configure and troubleshoot on-premise Container Storage
Interfaces (CSI) for stateful workloads (e.g., StarRocks) using Longhorn, Ceph, or local
NVMe arrays.
• High Availability: Design the control plane and worker node architecture to withstand
physical hardware failures, ensuring 99.9% uptime for the platform.
• Resource Optimization: Tune Kubernetes scheduling and resource quotas to ensure
maximum hardware utilization for heavy DWH and analytics workloads.
Infrastructure Automation (IaC) & CI/CD
• Bare-Metal Automation: Use Terraform to automate the provisioning of physical
servers, virtual machines (vSphere), and local networking components.
• Modular Code: Build reusable Terraform modules to standardize the rollout of new
environments (Dev, Test, Prod) across the data center.
• CI/CD Pipeline Engineering: Design and manage robust pipelines (GitLab CI/Jenkins)
that integrate with ArgoCD for seamless software promotion.
• Operating System Hardening: Automate the lifecycle of the underlying Linux OS
(Ubuntu/RHEL) using Ansible or SaltStack, applying security patches without service
interruption.
Audit, Security & Risk Mitigation
• Infrastructure Auditing: Conduct periodic audits of the on-premise stack to identify
rogue assets, unauthorized configuration changes, and hardware health risks.
• Vulnerability Management: Lead the remediation of vulnerabilities identified by
Nessus/Qualys across the Kubernetes nodes, Cilium networking, and container
images.
• Policy Enforcement: Use Cilium and OPA Gatekeeper to implement strict network
segmentation and security policies (Zero Trust architecture) within the local network.
• Compliance Reporting: Generate technical evidence and reports for security audits,
ensuring the platform meets GDPR, HIPAA, or local financial regulations.
• Identity Management: Implement and manage Keycloak or OIDC integrations within
Rancher to provide secure, centralized access to all platform tools.
• Threat Modeling: Analyze the impact of infrastructure-level threats and implement
mitigation strategies like mTLS and encrypted secrets management (HashiCorp Vault).
Qualifications
• Education: Bachelor’s degree in Computer Science, Systems Engineering, or a related
field.
• Experience: 6+ years in DevOps, SRE, or Systems Engineering roles, with at least 3
years focused on Kubernetes on-premise.
• Core Competency: A platform-first engineer who believes that manual work is a bug
and that security is a feature of the architecture
Nice to Have
• Big Data Support: Experience optimizing Kubernetes for stateful, high-performance
databases like StarRocks or ClickHouse.
• Service Mesh: Familiarity with Istio or Linkerd for advanced traffic management and
security.
• Disaster Recovery: Experience with Velero or similar tools for backing up and
restoring on-premise Kubernetes clusters.
• Hardware: Understanding of IPMI, PXE booting, and RAID configurations.
Required Skills
Kubernetes & DevOps Ecosystem
• K8s Distributions: Deep hands-on experience with RKE2, K3s, or upstream
Kubernetes in a non-cloud environment.
• Rancher Mastery: Proficiency in managing large-scale, multi-cluster environments
through Rancher.
• Networking: Strong understanding of Cilium (eBPF), BGP, Load Balancers (F5/
HAProxy), and VLAN tagging.
• GitOps: Expert-level knowledge of ArgoCD or Flux, including Helm chart management
and Kustomize.
• Infrastructure as Code: Advanced Terraform skills (specifically on-premise providers
like vSphere, Nutanix, or Libvirt).
Systems & Development
• Linux Internals: Expert knowledge of the Linux kernel, systemd, and performance
tuning for high-throughput networking and I/O.
• Java Understanding: A fair understanding of Java (OOP) and system architecture to
support and troubleshoot Java-based applications running on K8s.
• Scripting: Advanced proficiency in Python, Go, or Bash for building custom
automation and integration tools.
• Monitoring: Hands-on experience with the LGTM stack (Loki, Grafana, Tempo, Mimir)
or Prometheus/Thanos.
Security & Risk
• Security Tools: Proven experience with Nessus, Qualys, or Trivy for vulnerability
scanning and management.
• Risk Assessment: Ability to identify, prioritize, and mitigate technical risks within a
complex on-premise network.
• Certificate Management: Experience with cert-manager and managing internal PKI
for on-premise services.
What We Offer:
• Full support and career-development resources to maximize your potential along our career journey
• Market competitive total compensation package
• 100% company-paid for every employee’s medical insurance
• Benefits and incentives to stay healthy and fit
• English language classes
• Possibility to be involved in an international project
• Junk Fridays, fruit days, terrace BBQs, and many more
Thank you for your interest in opportunities at JSC "Space International." Your privacy is a priority. We process data in compliance with the Law of Georgia "On Personal Data Protection." Your information is confidential and used solely for assessing suitability, with a maximum 2-year retention period. We securely store your data using BreezyHR (Canada). You are authorized to request data deletion or modification, or provision of information regarding data processing. If you have any such requests or have any questions regarding data processing, please feel free to contact us ProfileModificationRequests@ space.ge. Our commitment extends to equal treatment, ensuring a fair and unbiased selection process. Thank you for considering opportunities with us.