Overview
Remote
USD 160,000.00 - 230,000.00 per year
Full Time
Skills
Brand
Migration
High Availability
Orchestration
Workflow
Software Packaging
Delegation
Network Security
Load Balancing
Amazon Route 53
Access Control
Identity Management
Corporate Identity
OIDC
Authentication
Authorization
Encryption
API
Auditing
Vulnerability Management
System On A Chip
ISO/IEC 27001:2005
HIPAA
High Performance Computing
Backup
Dashboard
Dragon NaturallySpeaking
DNS
Root Cause Analysis
Incident Management
Debugging
Disaster Recovery
Testing
Cloud Computing
Virtual Private Cloud
RBAC
Terraform
Continuous Delivery
Jenkins
GitLab
Continuous Integration
Network
Grafana
Storage
EBS
Amazon EFS
Scripting
Python
Bash
Command-line Interface
Computer Networking
Communication
Security Operations
Problem Solving
Conflict Resolution
Attention To Detail
Productivity
Management
Documentation
Knowledge Sharing
Mentorship
Computer Science
Information Technology
Computer Cluster Management
FedRAMP
Regulatory Compliance
Artificial Intelligence
Machine Learning (ML)
GPU
SaaS
Optimization
Microsoft Windows
Open Source
Kubernetes
Amazon Web Services
Health Care
Life Insurance
FAR
Recruiting
Military
ADA
Human Resources
Job Details
Duration: 4+ Months
Location: WA-Seattle, 100% Remote
Overview: Every Turnberry consultant belongs to a practice, an internal group of consultants and leaders with shared experience and expertise. Each of these practices aligns with one of the core services Turnberry offers to clients. Alongside our core services, are our branded services. As an EKS Cloud Engineer, you will join Turnberry's boutique cloud optimization brand, Rise and Shift. Rise and Shift consultants specialize in cloud strategy & advisory, cloud migration & modernization, data as a product, cloud FinOps, cloud-based contact center solutions, and digital-native business solutions.
Responsibilities:
EKS Cluster Management and Architecture
Design and implement EKS cluster architecture following best practices and Well-Architected Framework principles
Create and manage EKS clusters across multiple regions and availability zones for high availability
Configure and maintain EKS control plane and data plane components
Implement cluster autoscaling strategies using Cluster Autoscaler, Keda, and Karpenter
Manage node groups (managed, self-managed, and Fargate profiles)
Perform cluster upgrades and maintain Kubernetes version currency
Implement EKS Auto Mode for streamlined cluster operations where appropriate
Configure and manage kubeconfig files for secure cluster access
Utilize kubectl for cluster management, troubleshooting, and operational tasks
Container Orchestration and Application Deployment
Deploy and manage containerized applications using Kubernetes deployments, StatefulSets, and DaemonSets
Implement GitOps workflows using tools like Argo CD for continuous deployment
Create and maintain Helm charts for application packaging and deployment
Configure Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA) for workload optimization
Implement zero-downtime deployment strategies (blue/green, canary, rolling updates)
Manage container images using ECR (Elastic Container Registry)
Networking Architecture and Connectivity
Design and implement VPC networking for EKS clusters using VPC CNI plugin
Configure pod networking, including custom networking and prefix delegation
Implement network policies for pod-to-pod traffic control
Configure security groups for pods for fine-grained network security
Set up and manage Load Balancer Controller for ingress traffic
Implement service mesh architectures using App Mesh when required
Configure DNS resolution using CoreDNS and Route 53 integration
Design network segmentation strategies across namespaces and clusters
Implement and manage Istio service mesh for advanced traffic management, security, and observability
Configure Istio ingress and egress gateways for cluster traffic control
Identity and Access Management (IAM)
Design and implement IAM roles for service accounts (IRSA) for pod-level permissions
Configure EKS Pod Identity for simplified credential management
Implement Kubernetes RBAC (Role-Based Access Control) policies
Establish least privilege access principles for users and service accounts
Configure EKS cluster access management (CAM) APIs for identity integration
Integrate with corporate identity providers using OIDC federation
Manage cluster authentication and authorization mechanisms
Create and maintain service control policies for multi-account environments
Security and Compliance
Design and implement security policies following EKS security best practices
Configure pod security standards and admission controllers
Implement secrets management using Secrets Manager and Kubernetes Secrets encryption
Enable and configure EKS control plane logging (API server, audit, authenticator, controller manager, scheduler)
Integrate with Security Hub, GuardDuty, and Config for security monitoring
Implement network policies and security groups for defense-in-depth
Conduct security assessments and vulnerability management for container images
Ensure compliance with industry standards (SOC 2, ISO 27001, HIPAA, FedRAMP, etc.)
Configure private EKS endpoints and implement secure cluster access patterns
Storage and Persistence
Configure and manage persistent storage using EBS CSI driver
Implement shared storage solutions using EFS CSI driver
Configure FSx for Lustre for high-performance computing workloads
Design storage classes and persistent volume claim strategies
Implement backup and disaster recovery solutions for stateful applications
Observability and Monitoring
Set up comprehensive logging using CloudWatch Container Insights
Configure metrics collection using Prometheus and CloudWatch
Implement distributed tracing using X-Ray and OpenTelemetry
Create dashboards and alerts using CloudWatch and Grafana
Configure control plane and application logging
Implement cost monitoring and optimization using tools like Kubecost
Troubleshooting and Operations
Diagnose and resolve EKS cluster issues (control plane, nodes, networking, applications)
Troubleshoot pod lifecycle issues (ImagePullBackOff, CrashLoopBackOff, OOMKilled)
Resolve networking issues related to VPC CNI, DNS, and load balancers
Perform root cause analysis for incidents and implement preventive measures
Participate in on-call rotation and incident response
Create and maintain runbooks and operational documentation
Utilize kubectl for debugging and troubleshooting cluster and application issues
Create infrastructure as code using Terraform, CloudFormation, or CDK
Implement CI/CD pipelines using CodePipeline, Jenkins, or GitLab CI
Develop and maintain architectural documentation and diagrams
Provide technical guidance and mentorship to engineering teams
Optimize cloud costs and resource utilization
Participate in disaster recovery planning and testing
Stay current with EKS features, Kubernetes releases, and container ecosystem developments
Qualifications:
5+ years of experience in cloud engineering, with 3+ years specifically working with containers and Kubernetes
Deep understanding of Kubernetes architecture, components (control plane, worker nodes, pods, services, ingress), and core concepts (deployments, StatefulSets, ConfigMaps, Secrets)
Hands-on experience creating, configuring, and managing EKS clusters in production environments
Expert knowledge of networking services (VPC, subnets, security groups, VPC CNI, Transit Gateway, Direct Connect)
Strong expertise in Kubernetes RBAC, IAM roles for service accounts (IRSA), and EKS Pod Identity
Proven experience implementing container security best practices and compliance frameworks
Proficiency with infrastructure as code tools (Terraform, CloudFormation, CDK, Helm)
Experience with CI/CD tools and GitOps practices (Argo CD, Flux, Jenkins, GitLab CI)
Strong understanding of container networking, including CNI plugins and network policies
Experience with monitoring and observability tools (Prometheus, Grafana, CloudWatch, OpenTelemetry)
Knowledge of container storage solutions (EBS CSI, EFS CSI, FSx)
Experience with cluster autoscaling (Cluster Autoscaler, Keda, Karpenter, HPA, VPA)
Proficiency in scripting languages (Python, Bash, Go)
Experience troubleshooting complex distributed systems
Strong proficiency with kubeconfig management and kubectl command-line operations
AWS and Kubernetes Certifications (Preferred)
AWS Certified Solutions Architect - Professional
AWS Certified Security - Specialty
AWS Certified Advanced Networking - Specialty
Certified Kubernetes Administrator (CKA)
Certified Kubernetes Application Developer (CKAD)
Certified Kubernetes Security Specialist (CKS)
Strong communication skills with ability to explain complex technical concepts to diverse audiences
Experience working with cross-functional teams (developers, security, operations)
Problem-solving mindset with attention to detail and systematic troubleshooting approach
Ability to balance security requirements with business needs and developer productivity
Self-motivated with ability to work independently and manage multiple priorities
Strong documentation skills for creating technical guides and runbooks
Collaborative approach to knowledge sharing and mentoring
Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent practical experience)
Preferred Qualifications:
Experience with multi-cluster management and service mesh architectures
Knowledge of AWS GovCloud environments and FedRAMP compliance
Experience with serverless containers using AWS Fargate
Familiarity with AI/ML workload deployment on EKS (GPU instances, accelerated computing)
Experience with multi-tenancy patterns and SaaS architectures on EKS
Knowledge of FinOps practices and cost optimization strategies
Experience with Windows containers on EKS
Contributions to open-source Kubernetes projects or AWS container tools
The salary range for this role is $160,000 to $230,000 or the hourly equivalent. Pay is based on several factors including but not limited to education, work experience, certifications, etc. In addition to your salary, Turnberry Solutions offers benefits such as a comprehensive healthcare package (medical, dental, vision), disability and group term life insurance, health and flexible spending accounts, a utilization bonus, 401(k) with match, flexible time off for salaried employees, parental leave for salaried employees, and flexible work arrangements (all benefits are subject to eligibility requirements). No matter where or when you begin a career with Turnberry, you'll find a far-reaching choice of benefits and incentives.
At Turnberry, inclusion is one of our core values. We are committed to creating a positive and connected work environment for all and are fully invested in and focused on hiring and growing a diverse team of high performers. We believe that uniqueness in ideas, experiences, and backgrounds make us a better Turnberry: Turnberry is an Equal Employment Opportunity employer, and recruits, employs, trains, compensates, and promotes regardless of age, ancestry, family medical or genetic information, gender identity and expression, marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics.
Americans with Disabilities Act (ADA)
Turnberry will provide reasonable accommodation with our application process upon request as required to comply with applicable laws. If you have a disability and require accommodation assistance in this application process, please send an email to our Human Resources department at
Location: WA-Seattle, 100% Remote
Overview: Every Turnberry consultant belongs to a practice, an internal group of consultants and leaders with shared experience and expertise. Each of these practices aligns with one of the core services Turnberry offers to clients. Alongside our core services, are our branded services. As an EKS Cloud Engineer, you will join Turnberry's boutique cloud optimization brand, Rise and Shift. Rise and Shift consultants specialize in cloud strategy & advisory, cloud migration & modernization, data as a product, cloud FinOps, cloud-based contact center solutions, and digital-native business solutions.
Responsibilities:
EKS Cluster Management and Architecture
Design and implement EKS cluster architecture following best practices and Well-Architected Framework principles
Create and manage EKS clusters across multiple regions and availability zones for high availability
Configure and maintain EKS control plane and data plane components
Implement cluster autoscaling strategies using Cluster Autoscaler, Keda, and Karpenter
Manage node groups (managed, self-managed, and Fargate profiles)
Perform cluster upgrades and maintain Kubernetes version currency
Implement EKS Auto Mode for streamlined cluster operations where appropriate
Configure and manage kubeconfig files for secure cluster access
Utilize kubectl for cluster management, troubleshooting, and operational tasks
Container Orchestration and Application Deployment
Deploy and manage containerized applications using Kubernetes deployments, StatefulSets, and DaemonSets
Implement GitOps workflows using tools like Argo CD for continuous deployment
Create and maintain Helm charts for application packaging and deployment
Configure Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA) for workload optimization
Implement zero-downtime deployment strategies (blue/green, canary, rolling updates)
Manage container images using ECR (Elastic Container Registry)
Networking Architecture and Connectivity
Design and implement VPC networking for EKS clusters using VPC CNI plugin
Configure pod networking, including custom networking and prefix delegation
Implement network policies for pod-to-pod traffic control
Configure security groups for pods for fine-grained network security
Set up and manage Load Balancer Controller for ingress traffic
Implement service mesh architectures using App Mesh when required
Configure DNS resolution using CoreDNS and Route 53 integration
Design network segmentation strategies across namespaces and clusters
Implement and manage Istio service mesh for advanced traffic management, security, and observability
Configure Istio ingress and egress gateways for cluster traffic control
Identity and Access Management (IAM)
Design and implement IAM roles for service accounts (IRSA) for pod-level permissions
Configure EKS Pod Identity for simplified credential management
Implement Kubernetes RBAC (Role-Based Access Control) policies
Establish least privilege access principles for users and service accounts
Configure EKS cluster access management (CAM) APIs for identity integration
Integrate with corporate identity providers using OIDC federation
Manage cluster authentication and authorization mechanisms
Create and maintain service control policies for multi-account environments
Security and Compliance
Design and implement security policies following EKS security best practices
Configure pod security standards and admission controllers
Implement secrets management using Secrets Manager and Kubernetes Secrets encryption
Enable and configure EKS control plane logging (API server, audit, authenticator, controller manager, scheduler)
Integrate with Security Hub, GuardDuty, and Config for security monitoring
Implement network policies and security groups for defense-in-depth
Conduct security assessments and vulnerability management for container images
Ensure compliance with industry standards (SOC 2, ISO 27001, HIPAA, FedRAMP, etc.)
Configure private EKS endpoints and implement secure cluster access patterns
Storage and Persistence
Configure and manage persistent storage using EBS CSI driver
Implement shared storage solutions using EFS CSI driver
Configure FSx for Lustre for high-performance computing workloads
Design storage classes and persistent volume claim strategies
Implement backup and disaster recovery solutions for stateful applications
Observability and Monitoring
Set up comprehensive logging using CloudWatch Container Insights
Configure metrics collection using Prometheus and CloudWatch
Implement distributed tracing using X-Ray and OpenTelemetry
Create dashboards and alerts using CloudWatch and Grafana
Configure control plane and application logging
Implement cost monitoring and optimization using tools like Kubecost
Troubleshooting and Operations
Diagnose and resolve EKS cluster issues (control plane, nodes, networking, applications)
Troubleshoot pod lifecycle issues (ImagePullBackOff, CrashLoopBackOff, OOMKilled)
Resolve networking issues related to VPC CNI, DNS, and load balancers
Perform root cause analysis for incidents and implement preventive measures
Participate in on-call rotation and incident response
Create and maintain runbooks and operational documentation
Utilize kubectl for debugging and troubleshooting cluster and application issues
Create infrastructure as code using Terraform, CloudFormation, or CDK
Implement CI/CD pipelines using CodePipeline, Jenkins, or GitLab CI
Develop and maintain architectural documentation and diagrams
Provide technical guidance and mentorship to engineering teams
Optimize cloud costs and resource utilization
Participate in disaster recovery planning and testing
Stay current with EKS features, Kubernetes releases, and container ecosystem developments
Qualifications:
5+ years of experience in cloud engineering, with 3+ years specifically working with containers and Kubernetes
Deep understanding of Kubernetes architecture, components (control plane, worker nodes, pods, services, ingress), and core concepts (deployments, StatefulSets, ConfigMaps, Secrets)
Hands-on experience creating, configuring, and managing EKS clusters in production environments
Expert knowledge of networking services (VPC, subnets, security groups, VPC CNI, Transit Gateway, Direct Connect)
Strong expertise in Kubernetes RBAC, IAM roles for service accounts (IRSA), and EKS Pod Identity
Proven experience implementing container security best practices and compliance frameworks
Proficiency with infrastructure as code tools (Terraform, CloudFormation, CDK, Helm)
Experience with CI/CD tools and GitOps practices (Argo CD, Flux, Jenkins, GitLab CI)
Strong understanding of container networking, including CNI plugins and network policies
Experience with monitoring and observability tools (Prometheus, Grafana, CloudWatch, OpenTelemetry)
Knowledge of container storage solutions (EBS CSI, EFS CSI, FSx)
Experience with cluster autoscaling (Cluster Autoscaler, Keda, Karpenter, HPA, VPA)
Proficiency in scripting languages (Python, Bash, Go)
Experience troubleshooting complex distributed systems
Strong proficiency with kubeconfig management and kubectl command-line operations
AWS and Kubernetes Certifications (Preferred)
AWS Certified Solutions Architect - Professional
AWS Certified Security - Specialty
AWS Certified Advanced Networking - Specialty
Certified Kubernetes Administrator (CKA)
Certified Kubernetes Application Developer (CKAD)
Certified Kubernetes Security Specialist (CKS)
Strong communication skills with ability to explain complex technical concepts to diverse audiences
Experience working with cross-functional teams (developers, security, operations)
Problem-solving mindset with attention to detail and systematic troubleshooting approach
Ability to balance security requirements with business needs and developer productivity
Self-motivated with ability to work independently and manage multiple priorities
Strong documentation skills for creating technical guides and runbooks
Collaborative approach to knowledge sharing and mentoring
Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent practical experience)
Preferred Qualifications:
Experience with multi-cluster management and service mesh architectures
Knowledge of AWS GovCloud environments and FedRAMP compliance
Experience with serverless containers using AWS Fargate
Familiarity with AI/ML workload deployment on EKS (GPU instances, accelerated computing)
Experience with multi-tenancy patterns and SaaS architectures on EKS
Knowledge of FinOps practices and cost optimization strategies
Experience with Windows containers on EKS
Contributions to open-source Kubernetes projects or AWS container tools
The salary range for this role is $160,000 to $230,000 or the hourly equivalent. Pay is based on several factors including but not limited to education, work experience, certifications, etc. In addition to your salary, Turnberry Solutions offers benefits such as a comprehensive healthcare package (medical, dental, vision), disability and group term life insurance, health and flexible spending accounts, a utilization bonus, 401(k) with match, flexible time off for salaried employees, parental leave for salaried employees, and flexible work arrangements (all benefits are subject to eligibility requirements). No matter where or when you begin a career with Turnberry, you'll find a far-reaching choice of benefits and incentives.
At Turnberry, inclusion is one of our core values. We are committed to creating a positive and connected work environment for all and are fully invested in and focused on hiring and growing a diverse team of high performers. We believe that uniqueness in ideas, experiences, and backgrounds make us a better Turnberry: Turnberry is an Equal Employment Opportunity employer, and recruits, employs, trains, compensates, and promotes regardless of age, ancestry, family medical or genetic information, gender identity and expression, marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics.
Americans with Disabilities Act (ADA)
Turnberry will provide reasonable accommodation with our application process upon request as required to comply with applicable laws. If you have a disability and require accommodation assistance in this application process, please send an email to our Human Resources department at
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.