Lead DevOps Engineer

Why this job matters

Network-as-a service (NaaS) is a strategic enabler within BT’s mobile network architecture, designed to unlock and expose core network capabilities in reliable and commercially governed manner. NaaS provides centralized API exposure capabilities, allowing BT to publish and manage GSMA CAMARA aligned APIs in a secure, traceable, and programmatic manner.

As Lead DevOps Engineer, you will define, build and operate the CI/CD, runtime and observability foundations that power NaaS across multi‑site, active/active environments — ensuring high availability, change safety at scale and rapid incident recovery. This is a technical hands-on role so you are expected to lead by example. 

What you’ll be doing

• Own the reference architecture and paved paths for services on Kubernetes (Helm Charts), infra as code (Terraform), Git‑based workflows, and artefact standards. Kubernetes + Helm and GitLab CI are in active use in NaaS delivery.
• Design progressive delivery (Argo CD/Flux, canary/blue‑green) and automated database/network change patterns fit for telco‑grade reliability.
• Standardise API platform pipelines for Apigee / API gateway(s) and NaaS service onboarding, including contract testing and gateway policy automation. [
• Define service SLOs/error budgets; engineer robust alerting, runbooks, and incident response across multi‑region, GSLB‑fronted estates.
• Lead operational readiness: wargaming, failover simulations, capacity management, and performance testing at API and network layers.
• Embed security gates in CI/CD; manage vulnerability scanning (e.g., Qualys) and endpoint protection (EDR) posture; enforce secrets and key management.
• Partner on identity & consent patterns for CAMARA APIs (OAuth2/OIDC), and ensure auditability for customer and developer actions.
• Run engineering communities of practice; maintain standards, scorecards, and playbooks.
• Performance and chaos engineering at scale; cost optimisation in multi‑cluster estates.
• Operate with a product mindset; partner with Product, Architecture, and Security to deliver business outcomes.
• Coach engineers; model BT’s Connected Leaders behaviours (Solution‑Focused Achiever, Change Agent, Team Coach).

What you'll bring

MANDATORY

• Strong Linux fundamentals and troubleshooting (system performance, networking, storage).
• Practical understanding of L7/L4 load balancing, service mesh, DNS/GSLB, certificate mgmt and API connectivity patterns into telco/core systems.
• Hands-on Kubernetes experience in production (deployments, upgrades, debugging, cluster/ workload operations, managing secrets, network policies).
• Automation mindset: scripting (Python/Bash) + one or more of Terraform/Ansible/Helm/Kustomize/GitOps.
• GitOps and modern engineering practices (PRs, code review, release discipline).
• Strong Knowledge of API gateway/service mesh patterns and secure ingress.
• Experience designing observability for serverless systems (logs/metrics/traces) and implementing distributed tracing and dashboards using open standards and various tooling like Elastic, Grafana etc.
• Access, use, and disclose information only as required for the job; ensure appropriate safeguards and adherence to Information Security policies.
• Familiarity with ITIL/incident management and change practices (or equivalent experience).
• AWS Cloud Practitioner Certification
• Excellent verbal and written communication and interpersonal skills.

NICE TO HAVE

• CAMARA and TMF‑931 familiarity; API aggregator marketplace exposure (e.g., AWS/Vonage/NAC listings)
• Kubernetes certification (e.g., CKA/CKAD) 
• Technical leadership experience , including mentoring the junior devOps and infrastructure engineers.
• Good understanding of foundational AWS services like EKS, IAM, VPC, S3, CloudWatch, and hybrid connectivity patterns (e.g., VPN/Direct Connect where applicable).
• Sound understanding of authentication and authorisation patterns, including OpenID Connect (OIDC), OAuth 2.0 and LDAP/Active Directory and how these integrate with Kubernetes (e.g., OIDC-based SSO, RBAC mapping, identity federation) and AWS identity/access controls.
• Experience with network automation (YANG/NETCONF/RESTCONF, Ansible) and telco workloads.

What's in it for you

• 10% on target bonus
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%
• Life Assurance Cover
• Exclusive colleague discounts on our latest and greatest BT broadband packages, BT TV with TNT Sports and NOW Entertainment
• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.
• 25 days annual leave (not including bank holidays), increasing with service
• 24/7 private virtual GP appointments for UK colleagues
• 2 weeks carer’s leave
• World-class training and development opportunities
• Option to join BT Shares Saving schemes