Role Summary

ResetData is hiring a Systems Engineer to design, build, and operate the foundational infrastructure powering our platform — spanning bare metal, virtualisation, Kubernetes, storage, and security.

This is a hybrid infra + platform engineering role. You will work across the full stack, from physical hardware and Linux systems through to multi-cluster Kubernetes and GPU workloads.

We are looking for engineers who are comfortable operating across boundaries, taking ownership of complex systems, and working hands-on in both data centre and cloud-native environments.

Day-to-day looks like:

• Bringing up and hardening physical and virtualised infrastructure across multiple sites
• Data centre hands-on work — racking, cabling, commissioning, and decommissioning hardware; working alongside DC techs and remote-hands; comfortable with the physical side, not just the logical
• Running and extending our multi-cluster Kubernetes estate — GitOps-driven, including GPU workloads
• Running the security-scanning and CVE-mitigation programme across hosts, hypervisors, and K8s nodes
• Debugging across the stack when the failure crosses layers
• Writing the automation that makes all of the above reproducible
• You should be comfortable owning a problem end-to-end across the layer boundary: spot a kernel CVE on a Friday, ship a mitigation across the hypervisor fleet and every K8s node the same day. Confident enough to push back on architecture you disagree with.

Linux fluency (baseline, required): You should be at home in Linux as an operating system. Specifically:

• Comfortable across multiple distributions and their package/init/security quirks
• Understands the difference between distro spins/variants (server, cloud, minimal, immutable) and when each is the right choice
• Knows your way around systemd, journald, the common networking stacks, AppArmor and SELinux, cgroups, kernel modules and sysctl tuning
• Can read a kernel CVE advisory and decide whether a given host is actually exposed, and what the mitigation is
• Comfortable building/customising images (cloud-init, kickstart/preseed, Packer, or equivalent)

Bonus: real experience with immutable / image-based Linux, since that's where the K8s node side is heading

Tech stack (broad strokes):

• Kubernetes: multi-cluster, GitOps-driven, Helm-based packaging, plus the usual ingress / cert / secrets ecosystem
• Hypervisors & virtualisation: KVM-based stacks (Proxmox, CloudStack, OpenStack)
• Storage: enterprise SAN/SDS plus local NVMe; CSI integration into K8s
• Config mgmt / automation: Ansible (deep), with a run-orchestration layer on top
• Security & compliance: vulnerability scanning, host hardening (CIS-style baselines), policy-as-code
• Networking exposure: overlay networks, load balancing, firewalls — you don't own this but you'll touch it
• Languages: Bash (fluent), Python (read/write), YAML at scale; some Go reading ability for upstream patches

Nice to have:

• MSP / managed-services background — comfortable in a multi-tenant world where customers expect SLAs, change windows, and clean blast-radius boundaries.
• Knows the difference between "it works on my cluster" and "it works for someone who's paying us".
• Willing to get NV1 clearance