Seeking a remote DevSecOps role where I can own Kubernetes platforms end-to-end. I've spent the last year running AKS clusters across dev/staging/prod for SaaS products, building CI/CD with GitLab and ArgoCD, and hardening IAM with Keycloak and Entra ID. Looking for a team where security is built in, not bolted on.
Open to opportunities
Rafa Ávila Delgado
@rafaviladelgado
DevSecOps specialist securing and operating Kubernetes/AKS with CI/CD, IAM, and observability.
SpainWhat I'm looking for
I’m a Telecommunications Engineer (Telematics specialization) focused on DevSecOps and Kubernetes/AKS administration, built on a foundation in networking and security. I enjoy turning complex platform operations into reliable, auditable workflows.
In my current role as a DevSecOps Specialist at Isotrol, I maintain and evolve CI/CD pipelines with GitLab and ArgoCD, delivering reproducible deployments across environments using Kustomize. I also deploy Kubernetes components/operators for product teams and resolve incidents without service interruption.
I manage IAM with Keycloak and Microsoft Entra ID (OAuth 2.0/OIDC, RBAC), and I’ve applied security fixes such as reducing OAuth token lifetime via Microsoft Graph to narrow exposure windows. I’ve improved resilience by troubleshooting and remediating production incidents (e.g., RabbitMQ outage) and preventing root causes from recurring.
I strengthen operational excellence through observability with Prometheus, Alertmanager, Grafana, and Lens for incident diagnosis. I also collaborate closely with development and security teams, and I explore multi-cloud scenarios (AWS SaaS PoC) while translating networking needs into secure Azure connectivity for services like Databricks.
Experience
Work history, roles, and key accomplishments
IS
Current
DevSecOps Specialist
Isotrol
Jun 2025 - Present (1 year)
Designed a self-service portal for temporary AKS cluster access, cutting ~30 hours/day of operations and reducing ops–dev coordination while keeping component changes audited. Maintain GitLab/ArgoCD CI/CD for reproducible Kustomize deployments, manage Keycloak and Microsoft Entra ID (OAuth 2.0/OIDC, RBAC), migrated 150 NGINX Ingress resources to Gateway API, and remediated OAuth token exposure and
TI
Network Engineer Intern
TiThink
Jan 2024 - Jun 2024 (5 months)
Provided level-2 technical support by resolving network and end-user incidents, and designed, documented, and deployed high-availability networks with Fortinet solutions (FortiGates, FortiSwitches, FortiAPs).
Education
Degrees, certifications, and relevant coursework
University of Seville
Telecommunications Engineering, Telecommunications Engineering (Telematics specialization)
2020 - 2025
Activities and societies: Personal project (Kubernetes): deployed a secure cluster separating frontend/backend, using CRI-O and HPA, and applying defense in depth via ingress rate limiting and Kubernetes Network Policies.
Telecommunications Engineering degree with a Telematics specialization, completed from 2020 to 2025. Completed a secure Kubernetes cluster project applying defense-in-depth with rate limiting and network segmentation.
Tech stack
Software and tools used professionally
Availability
Open to opportunities
Location
SpainAuthorized to work in
Social media
Job categories
Skills
KeycloakHelmCert ManagerCI CDGitlabArgoCDBASHPrometheusGrafanaRabbitMQLinuxOAuth 2.0OIDCRBACMicrosoft Entra IDSealed SecretsTrivyDependency TrackKubernetesKustomizeDockerAPI GatewayHarborAzure Private LinkAzure NSGsAWSGitOpsPythonAlertManagerLANVLANVPNBGPHAProxyFortinetCRI ONetwork PolicyDatabricksGmailJanNginxPortRemoteRoot CauseServerlessSSO
Interested in hiring Rafa?
You can contact Rafa and 90k+ other talented remote workers on Himalayas.
Message RafaFind your dream job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
