Infrastructure Engineer

Qt Group
Charing Cross, United Kingdom
4 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

Charing Cross, United Kingdom

Tech stack

API
Amazon Web Services (AWS)
Build Automation
Bash
Computer Security
Linux
DNS
Python
Netconf
Nginx
OAuth
OpenID
Performance Tuning
Ansible
YAML
Data Logging
Scripting (Bash/Python/Go/Ruby)
Transport Layer Security
Load Balancing
Grafana
Amazon Web Services (AWS)
Gitlab
Gitlab-ci
Kubernetes
Deployment Automation
Hashicorp
Api Gateway
Terraform
Serverless Computing

Job description

  • Engineer infrastructure supporting dual-site deployments on BT's private cloud ecosystem with active/active or active/standby failover patterns.
  • Maintain Kubernetes workloads deployed via Helm charts and environment-specific configuration pipelines used in NaaS delivery.
  • Optimise cluster networking, pod-to-pod routing, overlay networks, and VPC connectivity required for NaaS northbound/southbound integration.
  • Standardise GitLab-based deployment automation used across NaaS (e.g., templated Helm chart rollouts, environment switching, version promotion).
  • Create automated patterns for repetitive run tasks: certificate rotation, namespace creation, resource onboarding and gateway policy application.
  • Configure and operate NGINX (Ingress) and Kong API Gateway for internal/external API exposure, including routing, transformations, policies, plugins, and rate limiting.
  • Build automation pipelines for dynamic secrets, lease renewal, token lifecycle and secret-rotation using Vault Agents or sidecar models.
  • Ensure API services and ingress components follow strict Zero-Trust and mTLS standards.
  • Operate Kong API Gateway with automated provisioning of routes, consumers, plugins, certificates, OAuth/OIDC configs, and rate-limit/security policies.
  • Instrument NGINX and Kong with structured logging, metrics, gateway tracing and plugin-level observability.
  • Validate multi-site GSLB routing for API flows using synthetic probes, ingress/gateway failover testing and API path validation.

Requirements

  • Strong Linux fundamentals and troubleshooting (system performance, networking, storage).

  • Practical understanding of L7/L4 load balancing, service mesh, DNS/GSLB, certificate mgmt and API connectivity patterns into telco/core systems.

  • Strong understanding of CA hierarchies, mTLS, certificate lifecycle management, CRL/OCSP, key rotation, HSM/KMS.

  • Ability to design automated certificate workflows for Kubernetes, gateways, and service mesh.

  • Deep configuration experience (ingress rules, SSL termination, upstream configuration, rewrite/redirect rules) on NGINX including Performance tuning, rate limiting, mTLS enforcement, header-based routing etc.

  • Understanding of service registration, upstream health checks, traffic routing, consumer management etc.

  • Expertise with Kong plugins (JWT, ACL, rate limit, key auth, OIDC, mTLS), declarative configs (Kong YAML), and Ingress Controller

  • Access, use, and disclose information only as required for the job; ensure appropriate safeguards and adherence to Information Security policies.

  • Familiar to Hashicorp Vault

  • Familiarity with ITIL/incident management and change practices (or equivalent experience).

  • Excellent verbal and written communication and interpersonal skills.

NICE TO HAVE

  • Expertise in automating secret delivery via Vault Agent, Vault Injector or GitLab CI integration.
  • Automation mindset: scripting (Python/Bash) + one or more of Terraform/Ansible/Helm/Kustomize/GitOps.
  • Experience designing observability for serverless systems (logs/metrics/traces) and implementing distributed tracing and dashboards using open standards and various tooling like Elastic, Grafana etc.
  • CAMARA and TMF-931 familiarity; API aggregator marketplace exposure (e.g., AWS/Vonage/NAC listings)
  • Experience with network automation (YANG/NETCONF/RESTCONF, Ansible) and telco workloads.
  • Kubernetes certification (e.g., CKA/CKAD).

Benefits & conditions

  • 10% on target bonus
  • BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
  • Life Assurance Cover
  • Exclusive colleague discounts on our latest and greatest BT broadband packages, BT TV with TNT Sports and NOW Entertainment
  • From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It's for all parents, no matter how your family is made up.
  • Enhanced women's health support: including help with menopause symptoms, cancer screenings, period care and more.
  • 25 days annual leave (not including bank holidays), increasing with service
  • 24/7 private virtual GP appointments for UK colleagues
  • 2 weeks carer's leave
  • World-class training and development opportunities
  • Option to join BT Shares Saving schemes

Apply for this position