DevOps & Infrastructure Architect

Reports to: CTO

As our DevOps & Infrastructure Architect, you will own the full stack beneath the engineering organisation – from physical rack layouts and server specifications through to Kubernetes clusters, CI/CD pipelines, MLOps platforms, and the security controls that tie it all together. This is a hands-on architecture role: you will design the blueprint and build, deploy, and operate the running infrastructure. You serve embedded engineers, ML researchers, flight-software developers, and data analysts – teams whose workloads look nothing like a typical web-app shop. If you want to be the person who makes a defence-grade autonomous-systems company actually ship, this is the role.

‍

- IT systems architecture – Design the full infrastructure stack: service topology, network segmentation, trust zones, rack layouts, power/cooling, and cabling. Maintain architecture docs, data-flow diagrams, and capacity plans the entire engineering org depends on.
- Hardware lifecycle management – Own assets from specification and procurement through deployment, maintenance, and decommissioning. Build hardware roadmaps tied to engineering growth forecasts so capacity is never the bottleneck.
- Server infrastructure – Size and deploy on-prem and hybrid compute environments serving concurrent workloads: GPU clusters for ML training and inference, tiered storage for telemetry and sensor datasets, analytics and BI tooling, development platforms, and local LLM deployment.
- Development platform administration – Deploy and operate self-hosted engineering tooling – primarily GitLab (SCM, CI/CD, registries, issue tracking) – plus artefact repositories, SAST scanners, and documentation platforms. Own high availability, backup/restore, and upgrade lifecycle for all dev tools.
- MLOps infrastructure – Build and maintain the ML lifecycle stack: experiment tracking, model registries, GPU-scheduled training orchestration, dataset versioning, and model serving pipelines. Ensure full reproducibility and auditability from data ingestion to edge deployment.
- Containerisation and orchestration – Design and operate the container platform: Docker builds pipelines, private registries, and Kubernetes clusters (RBAC, network policies, resource quotas, persistent storage, ingress). Manage deployments via Helm/Kustomize with GitOps-driven delivery.
- CI/CD pipeline architecture – Design scalable pipelines across heterogeneous codebases: embedded firmware with cross-compilation and HIL triggers, Python/C++ services, ML training jobs, and infrastructure-as-code. Implement secret management, signed artefacts, SBOM generation, runner fleet management, and parallelisation.
- Agile tooling and workflow support – Configure and maintain tooling for Agile workflows: issue tracking, sprint boards, branch-per-ticket and merge-request workflows with automated status transitions, CI-enforced Definition of Done, and engineering metrics dashboards.
- IT security architecture – Design and enforce security across the stack: network segmentation, firewall management, VPN/zero-trust access, IAM (LDAP/AD, SSO, MFA), PAM, endpoint security, vulnerability scanning, patch management, encrypted storage and transport, SIEM integration, and incident response. Support air-gapped environments where required.
- Monitoring, observability, and reliability – Implement infrastructure monitoring, log management, and alerting. Define SLAs/SLOs, build tested DR and business-continuity plans with clear RTO/RPO targets and failover procedures.
- Infrastructure as Code and automation – Manage all infrastructure through code: provisioning, config management, and automation scripting. Every infrastructure change goes through code review and CI validation before touching production.

‍

Required Qualifications & Experience

- BS/MS in Computer Science, IT, Systems Engineering, or equivalent practical experience
- 7+ years in infrastructure, DevOps, or platform engineering; 3+ years in an architecture or tech-lead role
- Deep Linux admin (RHEL/Ubuntu/Debian): systemd, kernel tuning, LVM, production troubleshooting
- Physical and logical infrastructure design: compute/storage sizing, VLAN/subnet layout, firewall management, rack capacity planning
- Kubernetes in production (k8s, k3s, or OpenShift): cluster architecture, RBAC, NetworkPolicy, PV provisioning (Ceph, Longhorn, NFS), Ingress (NGINX, Traefik), resource quotas
- GitOps delivery with ArgoCD or Flux: Helm/Kustomize across dev/staging/prod, drift detection, and rollback
- CI/CD pipeline design at scale with GitLab CI (or Jenkins/GitHub Actions): pipeline topology, runner fleet management, Kaniko/DinD builds, artefact signing, SBOM generation, secret management (Vault, CI variables)
- Infrastructure-as-Code: Terraform or OpenTofu for provisioning, Ansible or Salt for config management, Bash/Python for automation
- Security architecture: LDAP/AD with SSO (SAML/OIDC, Keycloak), MFA, VPN/zero-trust (WireGuard, Tailscale, Cloudflare Access), TLS management, LUKS, vulnerability scanning (Trivy, Grype, OpenVAS), patch workflows
- Observability stack experience: metrics, log aggregation, alerting, and infrastructure monitoring
- Storage architecture: NAS/SAN (TrueNAS, NetApp), object storage (MinIO/S3-compatible), tiered hot/warm/cold strategies, backup/recovery (Restic, Borg, Velero) for multi-terabyte datasets
- Container expertise: multi-stage Docker builds, layer caching, private registry operation (Harbor, GitLab Registry), image scanning, runtime security
- Ability to translate engineering needs into infrastructure designs, trade-off analyses, and capacity roadmaps
- Clear technical documentation: architecture diagrams (draw.io, Mermaid), runbooks, operational procedures, post-incident reviews
- Hardware procurement and vendor management experience (servers, storage, networking, UPS)
- Comfortable in security-sensitive or defence-adjacent environments (access controls, audits, need-to-know policies)
- Collaborative mindset – infrastructure as a service to engineering teams
- English – Upper-Intermediate or above

‍Preferred Qualifications & Experience

- MLOps infrastructure: MLflow/Weights&Biases for experiment tracking, model registries, training orchestration (Kubeflow, Ray, SLURM), dataset versioning (DVC, LakeFS), model serving (Triton, Torch Serve), GPU operator and MIG partitioning
- Embedded and real-time systems CI: cross-compilation toolchains, hardware-in-the-loop (HIL) test integration, firmware signing and OTA update pipelines
- Edge deployment infrastructure: OTA update systems, lightweight container runtimes, remote management and telemetry collection from deployed UAVs
- Data engineering support: pipeline orchestration (Airflow, Prefect), data lake architecture, time-series and telemetry storage (InfluxDB, TimescaleDB), BI and analytics tooling (Grafana, Metabase)
- Regulated or certified environments: ISO 27001, SOC 2, DO-178C awareness; experience with audit trails, change management, and evidence collection
- Experience at a defence, aerospace, or deep-tech hardware company
- Familiarity with Luxembourg’s regulatory and data-sovereignty landscape
- Additional European language (French, German, or Luxembourgish)

‍