Service Mesh Engineer (Istio / Linkerd)

Service Mesh Engineer (Istio / Linkerd)

Bright Vision Technologies is a forward-thinking software development company dedicated to building innovative solutions that help businesses automate and optimize their operations. We leverage cutting-edge technologies to create scalable, secure, and user-friendly applications. As we continue to grow, we're looking for a skilled Service Mesh Engineer (Istio / Linkerd) to join our dynamic team and contribute to our mission of transforming business processes through technology. This is a fantastic opportunity to join an established and well-respected organization offering tremendous career growth potential.

Job Title: Service Mesh Engineer (Istio / Linkerd) Location: 100% Remote (Continental United States) Position Type: In-house Bright Vision Technologies SOW engagement (no third-party client or vendor) Experience: 5+ years

Salary: 100k - 150k Sponsorship: No new H1B sponsorship available. H1B transfers welcomed for qualified candidates. Employment Type: Full-time, direct W2 with Bright Vision Technologies (no C2C, no 1099, no third-party) Engagement: Long-term, multi-year, aligned to the Bright Vision SOW delivery roadmap Compensation: Competitive base salary commensurate with experience, plus benefits.

Job Summary We are looking for a Service Mesh Engineer to design, deploy, and operate service mesh platforms — primarily Istio and Linkerd — that provide secure, observable, and reliable service-to-service communication across our Kubernetes estate. The role focuses on platform engineering, mesh adoption, mTLS, traffic policy, and helping application teams reap the benefits of a mesh without paying for unnecessary complexity. The ideal candidate has operated service mesh in production, deeply understands Envoy and the data plane, and brings both platform engineering discipline and pragmatic adoption strategies.

• Design and operate service mesh platforms — primarily Istio and Linkerd — across multi-cluster Kubernetes environments.
• Implement and operate mTLS, certificate rotation, and identity propagation across the mesh.
• Define traffic management policies including routing, retries, circuit breaking, and fault injection.
• Integrate the mesh with ingress, egress, and API gateway tiers for unified traffic management.
• Build observability for mesh traffic including distributed tracing, golden signals, and topology visualization.
• Design multi-cluster and cross-cluster mesh topologies for high availability and tenant isolation.
• Profile and optimize mesh performance, sidecar resource usage, and control-plane footprint, applying systematic measurement, targeted improvements, and data-driven validation to deliver quantifiable gains in throughput, latency, or resource efficiency.
• Develop paved-road adoption patterns and onboarding guides that make mesh adoption easy for app teams.
• Implement authorization policies and zero-trust patterns at the service mesh layer.
• Operate service mesh upgrades, control-plane lifecycle management, and configuration governance, applying disciplined release practices that keep the mesh current without disrupting workloads running on top of it.
• Partner with SRE, platform, and security teams on mesh policy and incident response.
• Troubleshoot complex networking, mTLS, and traffic issues spanning sidecar and gateway tiers.
• Maintain runbooks, architecture diagrams, and onboarding materials for the service mesh platform.
• Stay current with Istio, Linkerd, Cilium, and broader service mesh ecosystem developments.

Required Qualifications

• Bachelor's degree in Computer Science or a related field.
• Five or more years of experience in platform engineering, SRE, or networking roles.
• Hands-on experience operating Istio or Linkerd in production.
• Strong understanding of Envoy proxy internals and configuration.
• Deep Kubernetes expertise including networking, CNI, and ingress.
• Strong understanding of mTLS, PKI, and certificate lifecycle management.
• Experience with distributed tracing and observability for mesh traffic.
• Proficiency in Go or Python for tooling and automation.
• Strong troubleshooting skills across networking, application, and control plane layers.
• Excellent communication and collaboration skills.

Preferred Qualifications

• Experience with multi-cluster Istio or Linkerd deployments.
• Familiarity with Cilium service mesh and eBPF networking.
• Open-source contributions to service mesh projects.
• Experience with SPIFFE/SPIRE for workload identity.
• Exposure to zero-trust networking initiatives at enterprise scale.