Duration: 4+ Months Location: WA-Seattle, 100% Remote Overview: Every Turnberry consultant belongs to a practice, an internal group of consultants and leaders with shared experience and expertise. Each of these practices aligns with one of the core services Turnberry offers to clients. Alongside our core services, are our branded services. As an EKS Cloud Engineer, you will join Turnberry's boutique cloud optimization brand, Rise and Shift. Rise and Shift consultants specialize in cloud strategy & advisory, cloud migration & modernization, data as a product, cloud FinOps, cloud-based contact center solutions, and digital-native business solutions. Responsibilities: EKS Cluster Management and Architecture Design and implement EKS cluster architecture following best practices and Well-Architected Framework principles Create and manage EKS clusters across multiple regions and availability zones for high availability Configure and maintain EKS control plane and data plane components Implement cluster autoscaling strategies using Cluster Autoscaler, Keda, and Karpenter Manage node groups (managed, self-managed, and Fargate profiles) Perform cluster upgrades and maintain Kubernetes version currency Implement EKS Auto Mode for streamlined cluster operations where appropriate Configure and manage kubeconfig files for secure cluster access Utilize kubectl for cluster management, troubleshooting, and operational tasks Container Orchestration and Application Deployment Deploy and manage containerized applications using Kubernetes deployments, StatefulSets, and DaemonSets Implement GitOps workflows using tools like Argo CD for continuous deployment Create and maintain Helm charts for application packaging and deployment Configure Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA) for workload optimization Implement zero-downtime deployment strategies (blue/green, canary, rolling updates) Manage container images using ECR (Elastic Container Registry) Networking Architecture and Connectivity Design and implement VPC networking for EKS clusters using VPC CNI plugin Configure pod networking, including custom networking and prefix delegation Implement network policies for pod-to-pod traffic control Configure security groups for pods for fine-grained network security Set up and manage Load Balancer Controller for ingress traffic Implement service mesh architectures using App Mesh when required Configure DNS resolution using CoreDNS and Route 53 integration Design network segmentation strategies across namespaces and clusters Implement and manage Istio service mesh for advanced traffic management, security, and observability Configure Istio ingress and egress gateways for cluster traffic control Identity and Access Management (IAM) Design and implement IAM roles for service accounts (IRSA) for pod-level permissions Configure EKS Pod Identity for simplified credential management Implement Kubernetes RBAC (Role-Based Access Control) policies Establish least privilege access principles for users and service accounts Configure EKS cluster access management (CAM) APIs for identity integration Integrate with corporate identity providers using OIDC federation Manage cluster authentication and authorization mechanisms Create and maintain service control policies for multi-account environments Security and Compliance Design and implement security policies following EKS security best practices Configure pod security standards and admission controllers Implement secrets management using Secrets Manager and Kubernetes Secrets encryption Enable and configure EKS control plane logging (API server, audit, authenticator, controller manager, scheduler) Integrate with Security Hub, GuardDuty, and Config for security monitoring Implement network policies and security groups for defense-in-depth Conduct security assessments and vulnerability management for container images Ensure compliance with industry standards (SOC 2, ISO 27001, HIPAA, FedRAMP, etc.) Configure private EKS endpoints and implement secure cluster access patterns Storage and Persistence Configure and manage persistent storage using EBS CSI driver Implement shared storage solutions using EFS CSI driver Configure FSx for Lustre for high-performance computing workloads Design storage classes and persistent volume claim strategies Implement backup and disaster recovery solutions for stateful applications Observability and Monitoring Set up comprehensive logging using CloudWatch Container Insights Configure metrics collection using Prometheus and CloudWatch Implement distributed tracing using X-Ray and OpenTelemetry Create dashboards and alerts using CloudWatch and Grafana Configure control plane and application logging Implement cost monitoring and optimization using tools like Kubecost Troubleshooting and Operations Diagnose and resolve EKS cluster issues (control plane, nodes, networking, applications) Troubleshoot pod lifecycle issues (ImagePullBackOff, CrashLoopBackOff, OOMKilled) Resolve networking issues related to VPC CNI, DNS, and load balancers Perform root cause analysis for incidents and implement preventive measures Participate in on-call rotation and incident response Create and maintain runbooks and operational documentation Utilize kubectl for debugging and troubleshooting cluster and application issues Create infrastructure as code using Terraform, CloudFormation, or CDK Implement CI/CD pipelines using CodePipeline, Jenkins, or GitLab CI Develop and maintain architectural documentation and diagrams Provide technical guidance and mentorship to engineering teams Optimize cloud costs and resource utilization Participate in disaster recovery planning and testing Stay current with EKS features, Kubernetes releases, and container ecosystem developments Qualifications: 5+ years of experience in cloud engineering, with 3+ years specifically working with containers and Kubernetes Deep understanding of Kubernetes architecture, components (control plane, worker nodes, pods, services, ingress), and core concepts (deployments, StatefulSets, ConfigMaps, Secrets) Hands-on experience creating, configuring, and managing EKS clusters in production environments Expert knowledge of networking services (VPC, subnets, security groups, VPC CNI, Transit Gateway, Direct Connect) Strong expertise in Kubernetes RBAC, IAM roles for service accounts (IRSA), and EKS Pod Identity Proven experience implementing container security best practices and compliance frameworks Proficiency with infrastructure as code tools (Terraform, CloudFormation, CDK, Helm) Experience with CI/CD tools and GitOps practices (Argo CD, Flux, Jenkins, GitLab CI) Strong understanding of container networking, including CNI plugins and network policies Experience with monitoring and observability tools (Prometheus, Grafana, CloudWatch, OpenTelemetry) Knowledge of container storage solutions (EBS CSI, EFS CSI, FSx) Experience with cluster autoscaling (Cluster Autoscaler, Keda, Karpenter, HPA, VPA) Proficiency in scripting languages (Python, Bash, Go) Experience troubleshooting complex distributed systems Strong proficiency with kubeconfig management and kubectl command-line operations **AWS And Kubernetes Certifications (Preferred)** AWS Certified Solutions Architect - Professional AWS Certified Security - Specialty AWS Certified Advanced Networking - Specialty Certified Kubernetes Administrator (CKA) Certified Kubernetes Application Developer (CKAD) Certified Kubernetes Security Specialist (CKS) Strong communication skills with ability to explain complex technical concepts to diverse audiences Experience working with cross-functional teams (developers, security, operations) Problem-solving mindset with attention to detail and systematic troubleshooting approach Ability to balance security requirements with business needs and developer productivity Self-motivated with ability to work independently and manage multiple priorities Strong documentation skills for creating technical guides and runbooks Collaborative approach to knowledge sharing and mentoring Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent practical experience) Preferred Qualifications: Experience with multi-cluster management and service mesh architectures Knowledge of AWS GovCloud environments and FedRAMP compliance Experience with serverless containers using AWS Fargate Familiarity with AI/ML workload deployment on EKS (GPU instances, accelerated computing) Experience with multi-tenancy patterns and SaaS architectures on EKS Knowledge of FinOps practices and cost optimization strategies Experience with Windows containers on EKS Contributions to open-source Kubernetes projects or AWS container tools The salary range for this role is $160,000 to $230,000 or the hourly equivalent. Pay is based on several factors including but not limited to education, work experience, certifications, etc. In addition to your salary, Turnberry Solutions offers benefits such as a comprehensive healthcare package (medical, dental, vision), disability and group term life insurance, health and flexible spending accounts, a utilization bonus, 401(k) with match, flexible time off for salaried employees, parental leave for salaried employees, and flexible work arrangements (all benefits are subject to eligibility requirements). No matter where or when you begin a career with Turnberry, you'll find a far-reaching choice of benefits and incentives. At Turnberry, inclusion is one of our core values. We are committed to creating a positive and connected work environment for all and are fully invested in and focused on hiring and growing a diverse team of high performers. We believe that uniqueness in ideas, experiences, and backgrounds make us a better Turnberry: Turnberry is an Equal Employment Opportunity employer, and recruits, employs, trains, compensates, and promotes regardless of age, ancestry, family medical or genetic information, gender identity and expression, marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. Americans with Disabilities Act (ADA) Turnberry will provide reasonable accommodation with our application process upon request as required to comply with applicable laws. If you have a disability and require accommodation assistance in this application process, please send an email to our Human Resources department at