OpenSky Architect

Location: Singapore, Singapore

Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all trust.

In Singapore, Thales has been a trusted partner since 1973, originally focused on aerospace activities in the Asia‑Pacific region. With 2,000 employees across three local sites, we deliver cutting‑edge solutions across aerospace (including air traffic management), defence and security, and digital identity and cybersecurity sectors. Together, we’re shaping the future by enabling customers to make pivotal decisions that safeguard communities and power progress.

We are seeking a highly skilled architect specializing in Kubernetes to join our team, to design, implement and secure enterprise‑scale containerised deployments across hybrid and multi‑cloud environments. The ideal candidate will combine deep technical expertise in Kubernetes and cloud‑native platforms with a strong understanding of cybersecurity principles, compliance frameworks and zero‑trust architectures.

The candidate would be working in an agile squad, in software delivery.

• Architecture and Design
  • Design and document scaled Kubernetes deployments across multiple clusters, availability zones, and cloud providers
  • Define scalability, high availability and disaster recovery (DR) strategies for mission‑critical workloads.
  • Drive adoption of service mesh, GitOps, and multi‑tenant architectures for secure workload isolation.
• Security and Compliance
  • Integrate cybersecurity best practices into Kubernetes architecture, including RBAC, Pod Security Standards, network policies and supply chain security (SLSA v1.1, SBOMs).
  • Partner with Security to align deployments with compliance frameworks such as NIST, CIS Benchmarks (depending on regulatory requirements) with measurable control (e.g., patch SLAs, audit trails)
• Platform Engineering
  • Build and maintain self‑service platform for developers, with golden paths for CI/CD, observability.
  • Establish monitoring, logging, and tracing using Prometheus, Grafana, Loki, OpenTelemetry.
  • Standardise Infrastructure‑as‑Code (IaC) patterns using Terraform, Helmfile, and ArgoCD
  • Define golden image pipelines (e.g., continuous‑image‑patching‑pipeline where patched images are rebuilt and pushed automatically)
• Governance
  • Define a governance policy (cadence, automation, rollback) and ensure it aligns with SLAs and compliance requirements
  • Define a upgrade roadmap for Helmcharts, operators, CRDs, service meshes and observability stack, ensure that patching does not break workloads at scale.
• Collaboration and Leadership
  • Partner with Cloud, DevSecOps and Application Teams to deliver secure, production‑ready Kubernetes clusters.
  • Mentor engineering teams on Kubernetes design patterns, scaling strategies and secure coding practices for the following workloads archetypes:
    • Secure, fast data streaming (uni-/bi‑directional)
    • Large scale data processing and transformation workloads,
  • Serve as a trusted advisor to senior leadership on cloud‑native strategy, cybersecurity risks, and technology roadmaps.

• Bachelors in Computer Science or Information Technology
• Recognised Engineering degree

• At least 7 years in distributed systems cloud‑native platforms or DevOps
• At least 4 years designing an operating Kubernetes environment
• Strong experience with Linux, container runtimes (Docker, Kaniko) and networking (Cilium, Calico, Multus).
• Strong experience in identity and access management, cloud security models, encryption and compliance frameworks.
• Familiarity with threat modelling, penetration testing, vulnerability management and SOC practices
• Strong experience with security tools like Trivy, Aqua Security or Sysdig.
• Strong communication skills to articulate complex architectures to both technical and non‑technical stakeholders.

• Relevant certifications such as Certified Kubernetes Administrator (CKA) or Certified Kubernetes Security Specialist (CKSS), Certified Kubernetes Application Developer (CKAD).
• Experience with Service Meshes (Istio, Linkerd, Consul).
• Familiarity with multi‑cluster, multi‑tenant or edge Kubernetes deployments.
• Knowledge of FinOps and cost optimisation for Kubernetes workloads.

• Possess learning agility, flexibility and pro‑activity
• Comfortable with agile teamwork and user engagement

At Thales, we’re committed to fostering a workplace where respect, trust, collaboration and passion drive everything we do. Here, you’ll feel empowered to bring your best self, thrive in a supportive culture and love the work you do. Join us, and be part of a team reimagining technology to create solutions that truly make a difference – for a safer, greener and more inclusive world.