Lumbra is building Nebula, an agentic harness running as a set of microservices on managed Kubernetes, backed by managed databases, caching, and workflow orchestration, all provisioned with OpenTofu and deployed with Helm via CI/CD. We currently run on GCP but are not wed to any single provider. We're looking for an infrastructure engineer to own the reliability, scalability, and developer experience of the harness across dev, demo, and production environments.
What You'll OwnAuthor and maintain Infrastructure as Code (OpenTofu/Terraform) modules for cloud resources including networking, managed Kubernetes clusters, databases, caching, and container registries. Strong IaC skills and experience with GCP (or equivalent) are essential.
Design and manage Kubernetes cluster configurations including node pool autoscaling, workload identity, private connectivity for database access, and network policies. You need deep Kubernetes knowledge, not just manifest authoring.
Build and optimize Helm charts for a shared service template consumed by multiple services, managing environment-specific overrides across dev, demo, staging, and production. Experience with Helm inheritance patterns and chart libraries is important.
Own the CI/CD pipeline architecture: multi-stage builds, conditional triggers based on file-change detection, and deployment orchestration. You should be comfortable authoring and debugging complex pipeline configurations.
Implement and maintain the observability stack (metrics, traces, logs) across all services using Grafana, Prometheus, and OpenTelemetry. Experience instrumenting distributed systems and building actionable dashboards is needed.
Manage secrets lifecycle and credential rotation with automated syncing to Kubernetes, plus identity provider configuration. Understanding of zero-trust patterns and secrets management at scale is essential.
Configure and maintain production networking including load balancing, TLS termination, DNS, and authentication proxies. Solid networking fundamentals are a must.
Optimize the container build pipeline for speed and security: multi-stage builds, layer caching, image hardening, and size reduction for faster, safer deployments.
Continuously profile and optimize platform performance: query latency, pod startup times, resource utilization, and network throughput. You care about measurable improvements and treat sluggish infrastructure as a bug, not a tradeoff.
Maintain developer experience tooling including local development environments, task automation, and environment bootstrapping that lets engineers go from clone to running system quickly.
Experience operating Temporal or similar workflow orchestration systems in production
Familiarity with graph databases (Neo4j) and object storage (MinIO, S3-compatible) on Kubernetes
Experience with Keycloak or similar identity providers: administration, realm configuration, and OIDC management
Background in cloud cost optimization: committed use discounts, node pool right-sizing, spot instances
Familiarity with GitOps patterns (ArgoCD, Flux) as an evolution from push-based CI/CD
Understanding of public key infrastructure: certificate management, mTLS, CA hierarchies, and trust chain validation
Experience with hybrid networking between cloud and on-prem environments
BenefitsComprehensive medical, dental, and vision plans
Premiums 100% covered by Lumbra for all employees
Exceptionally low premiums for spouses and dependents
Basic life insurance and disability 100% covered for all employees by Lumbra
Option to purchase additional life insurance available
Take the time off that you need, when you need it' paid time off, not accrual based
Generous company holiday calendar including a holiday shutdown in December
Supportive leave of absence program including time off for military service, medical events, and parental leave
Full 401(k) retirement plan for all full-time eligible employees
Company-funded commuter benefits
Free access to on-site gym at office
Skills Required
- Infrastructure as Code (OpenTofu/Terraform) module authoring for cloud resources
- Experience with GCP or equivalent cloud provider
- Deep Kubernetes knowledge including cluster config, node pool autoscaling, workload identity, and network policies
- Helm chart authoring and managing environment-specific overrides
- Designing and maintaining CI/CD pipeline architecture with multi-stage builds and conditional triggers
- Observability stack implementation and instrumentation using Grafana, Prometheus, and OpenTelemetry
- Secrets lifecycle and credential rotation with automated syncing to Kubernetes and identity provider configuration
- Production networking configuration: load balancing, TLS termination, DNS, and authentication proxies
- Container build pipeline optimization: multi-stage builds, layer caching, image hardening, size reduction
- Experience operating Temporal or similar workflow systems in production
- Familiarity with graph databases (Neo4j) and object storage (MinIO, S3-compatible) on Kubernetes
- Experience with Keycloak or similar identity providers (OIDC, realm configuration)
- Cloud cost optimization experience (committed use, right-sizing, spot instances)
- Familiarity with GitOps patterns and tools (ArgoCD, Flux)
- Understanding of public key infrastructure, certificate management, and mTLS
- Experience with hybrid networking between cloud and on-prem environments
What We Do
Lumbra is an AI company building the architecture for autonomous intelligence in the intelligence community. They are developing frameworks, orchestration layers, and agentic operating systems, including Nebula—an agentic harness designed to make AI agents reliable, evaluable, and useful for real analytical work in high-consequence environments. The team consists of engineers and operators from the intelligence community, special operations, and frontier AI research.
