Remote Senior Data & Analytics Program Manager (Risk & Compliance)
Automate your job search with Sonara.
Submit 10x as many applications with less effort than one manual application.1
Reclaim your time by letting our AI handle the grunt work of job searching.
We continuously scan millions of openings to find your top matches.
Job Description
Remote Senior Data & Analytics Program Manager (Risk & Compliance)
Location- San Francisco, CA (Remote)
6 month
Design, deploy, and operate Istio service mesh on AKS (ingress/egress gateways, traffic shifting, retries/timeouts, circuit breaking).
Enforce zero-trust service-to-service security with mTLS, AuthorizationPolicy, PeerAuthentication, and RequestAuthentication.
Drive kubenet Azure CNI transition (including Azure CNI Overlay), with IP planning, subnetting, IPAM, and routing/NSG alignment.
Implement and validate Kubernetes Network Policies (Cilium/Calico) to restrict east west traffic and control egress.
Kubernetes/Platform, strong Istio (prod ops), Gateway API migrations, and aware of Azure networking (VNets, UDR, NSG, NAT, Private Link).
Establish compliant egress architectures (NAT Gateway, Istio egress gateway, Private Link) and DNS patterns (CoreDNS + Private DNS Zones).
Build GitOps workflows (Argo CD/Flux) for mesh, Gateway API, and policy manifests; manage lifecycle via Helm/Kustomize.
Define IaC with Terraform/Bicep for AKS, networking, identity, and Key Vault; integrate with Azure DevOps/GitHub Actions pipelines.
Configure PKI/certificates for mesh (Istio CA, cert-manager with Azure Key Vault), TLS termination, and automated rotation.
Stand up observability: Prometheus/Grafana, OpenTelemetry/Jaeger, Azure Monitor/Log Analytics; publish SLOs, alerts, and runbooks.
Perform security hardening (CIS benchmarks), policy enforcement (OPA Gatekeeper/Kyverno), and DR drills.
Partner with app teams to refactor ingress to Gateway/HTTPRoute, implement canary/blue green (Argo Rollouts/Flagger), and document patterns.
Tooling & languages: YAML/bash plus Go or Python; hands-on with Azure AD/Entra, Azure Workload Identity, Key Vault, and eBPF/Cilium.
Roles & Responsibilities
Design, deploy, and operate Istio service mesh on AKS (ingress/egress gateways, traffic shifting, retries/timeouts, circuit breaking).
Enforce zero-trust service-to-service security with mTLS, AuthorizationPolicy, PeerAuthentication, and RequestAuthentication.
Drive kubenet Azure CNI transition (including Azure CNI Overlay), with IP planning, subnetting, IPAM, and routing/NSG alignment.
Implement and validate Kubernetes Network Policies (Cilium/Calico) to restrict east west traffic and control egress.
Establish compliant egress architectures (NAT Gateway, Istio egress gateway, Private Link) and DNS patterns (CoreDNS + Private DNS Zones).
Build GitOps workflows (Argo CD/Flux) for mesh, Gateway API, and policy manifests; manage lifecycle via Helm/Kustomize.
Define IaC with Terraform/Bicep for AKS, networking, identity, and Key Vault; integrate with Azure DevOps/GitHub Actions pipelines.
Configure PKI/certificates for mesh (Istio CA, cert-manager with Azure Key Vault), TLS termination, and automated rotation.
Stand up observability: Prometheus/Grafana, OpenTelemetry/Jaeger, Azure Monitor/Log Analytics; publish SLOs, alerts, and runbooks.
Perform security hardening (CIS benchmarks), policy enforcement (OPA Gatekeeper/Kyverno), and DR drills.
Partner with app teams to refactor ingress to Gateway/HTTPRoute, implement canary/blue green (Argo Rollouts/Flagger), and document patterns.
Tooling & languages: YAML/bash plus Go or Python; hands-on with Azure AD/Entra, Azure Workload Identity, Key Vault, and eBPF/Cilium.
Automate your job search with Sonara.
Submit 10x as many applications with less effort than one manual application.
