NBCUniversal Media, LLC

Principal DevOps Engineer

NBCUniversal Media, LLC$180K — $230K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years experience in production infrastructure and cloud-native platforms at enterprise scale.
  • Proficiency in Go for systems-level programming and API servers.
  • Expert knowledge of Kubernetes ecosystem including operators and admission webhooks.
  • Deep production experience with Crossplane and developing custom providers in Go.
  • Extensive experience in AWS multi-account architectures and networking patterns, particularly EKS and VPC.
  • Familiarity with GitOps tooling like Flux or ArgoCD for continuous delivery in Kubernetes.
  • Experience with Puppet configuration management.

Responsibilities

  • Architect a Kubernetes-native platform for broadcast infrastructure.
  • Design, build, and maintain production-grade Kubernetes operators and internal APIs in Go.
  • Lead the design of cloud networking and dynamic routing across hybrid environments.
  • Collaborate with engineers and vendors to integrate broadcast hardware with infrastructure automation.
  • Drive technical decisions, write RFCs, and mentor engineers on best practices.
  • Own the platform’s access and security strategy with emphasis on RBAC and identity integrations.
  • Implement GitOps-based continuous delivery and operational visibility solutions.

Benefits

  • Medical, dental, and vision insurance.
  • 401(k) retirement plan.
  • Paid leave and tuition reimbursement.
  • Discounts and various perks.
Full Job Description
We are looking for a Principal DevOps Engineer to architect and evolve the platform that powers NBC's broadcast production environments. As a senior technical leader on the NBC Production Application Engineering team, you will design a Kubernetes-native platform that automates the provisioning, lifecycle management, and delivery of cloud infrastructure at enterprise scale. Our team leverages infrastructure-as-code, custom Kubernetes controllers, and GitOps workflows to orchestrate resources across complex multi-account and hybrid cloud environments. Built to support the complex demands of live broadcast production, this platform spans compute provisioning, dynamic software defined networking, hybrid DNS models, remote Virtual Desktop Infrastructure (VDI), and robust configuration management via Puppet. Because we operate at the cutting edge of the cloud-native ecosystem, we are never shy about contributing upstream to the open-source projects we rely on to improve our solutions and push the industry forward. In this role, you will drive the technical vision of the platform. You will write production Go services, architect cloud-native solutions, and establish the engineering standards our teams rely on. This role requires deep fluency across Kubernetes internals, cloud infrastructure, Go systems programming, and a passion for mentoring engineers. PRIMARY RESPONSIBILITIES: - Platform Architecture & Vision: Architect a Kubernetes-native platform that models broadcast infrastructure as custom resources. Lead the technical strategy leveraging Crossplane compositions and custom Go functions to automate provisioning across multi-account AWS environments and on-prem control rooms. - Systems Engineering & Integrations: Design, build, and maintain production-grade Kubernetes operators, controllers, and internal platform APIs in Go. You will actively develop custom Crossplane providers to deeply integrate external enterprise platforms (such as NRCS, Venafi, and Infoblox) into our control plane, managing resource lifecycles and approval workflows. - Infrastructure & Networking Delivery: Lead the design of cloud networking, DNS strategies, and cross-account connectivity across hybrid environments, automating VPC topology and dynamic network routing. - Cross-Discipline Collaboration: Partner closely with broadcast systems engineers, system integrators, and external vendors to bridge the gap between broadcast hardware and automated infrastructure. You will lead efforts to "Puppet-ize" bare-metal compute configurations and integrate proprietary vendor solutions into our configuration-as-code ecosystem. - Technical Leadership: Serve as a technical authority for the team. Write RFCs, drive architectural decisions, mentor engineers, and establish high-confidence CI/CD pipelines, testing strategies, and GitHub Actions automation. - Access & Security Strategy: Own the platform's authorization model, designing hierarchical RBAC systems, resource identifier schemes, and identity integrations that enforce fine-grained access control. - Operational Excellence: Drive GitOps-based continuous delivery (Flux, Kustomize, Helm) and manage configuration-as-code for compute fleets using Puppet. Ensure deep operational visibility by designing comprehensive observability and alerting stacks. - VDI Integration: Oversee the integration of remote desktop/VDI connectivity solutions, focusing on session authentication, credential management, and gateway routing. Qualifications - Experience: 10+ years of experience designing, building, and operating production infrastructure and cloud-native platforms at enterprise scale. - Software Engineering: Strong proficiency in Go (systems-level programming, API servers) and deep experience building Kubernetes controllers/operators using patterns like controller-runtime and kubebuilder. - Kubernetes Internals: Expert-level knowledge of the Kubernetes ecosystem, including CRD/XRD generation, operators, informers, admission webhooks, and RBAC. - Crossplane & Control Planes: Deep production experience with Crossplane, including composite resources, composition functions, and specifically developing custom Crossplane providers in Go to integrate external enterprise platforms. - AWS & Networking: Extensive production experience with AWS multi-account architectures, cross-account networking patterns, and identity federation. Requires depth across EKS, EC2, VPC, IAM, STS, SSM, Secrets Manager, Route 53, and S3. - GitOps Delivery: Production experience with GitOps tooling, specifically Flux (HelmRelease, Kustomization) or ArgoCD for continuous delivery on Kubernetes. - Configuration Management: Hands-on experience with Puppet, including module development, PuppetDB, Hiera, and r10k. - APIs & Security: Experience designing REST APIs with middleware patterns and modern authentication (OAuth/JWT). Keen eye for information security, including cross-account IAM trust chains, least-privilege policies, JWT token lifecycles, and secrets abstraction. - Observability: Strong background in designing telemetry platforms using Grafana, Prometheus/Mimir, Loki, OpenTelemetry, and metrics collection agents (Alloy, Prometheus Node Exporter). - Databases: Working knowledge of PostgreSQL, SQLite or similar relational databases, encompassing schema design, migrations, and query optimization. - Communication: Excellent problem-solving skills with a proven ability to present architectural decisions to executives, engage with vendors, and write clear technical documentation. PREFERRED QUALIFICATIONS: - Familiarity with broadcast/media production workflows and the strict operational constraints of live production environments. - Experience with the Crossplane function SDK for building custom composition functions in Go, and operating in Kubernetes disaster recovery situations (Velero cluster restoration, backups). - Familiarity with VDI Solutions (NICE DCV, Leostream, PCoIP, etc), machine identity workflows, and PKI certificate management (Venafi or similar). - Networking & Gateway: Experience with hybrid DNS architectures (Infoblox), software-defined networking (VPC peering, Transit Gateway, Direct Connect, CloudWan), and Envoy Gateway / Gateway API. - Ecosystem Tooling: Familiarity with advanced testing frameworks (k6, KUTTL, etc), SOPS for encrypted GitOps configurations, and local development workflows (Air, kind/colima). - Scripting: Ability to script routine tasks in Bash and PowerShell. - Open Source: Active contributions to open-source projects, particularly within the CNCF / Kubernetes ecosystem. Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee's residence. - This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $180,000 - $230,000 (bonus eligible)

About NBCUniversal Media, LLC

NBCUniversal Media, LLC is a media and entertainment company that operates a variety of businesses, including television networks, film studios, and theme parks. The company was founded in 2004 and is headquartered in New York, New York. NBCUniversal's television networks include NBC, Telemundo, and USA Network, among others. The company's film studios produce and distribute movies under the Universal Pictures brand. NBCUniversal also operates theme parks in the United States and Japan. The company is committed to producing high-quality content and delivering it to audiences around the world.
Learn more about NBCUniversal Media, LLC
Size
35,000 employees
Industry
Founded
1994

Similar Jobs

More Jobs at NBCUniversal Media, LLC

More Information Technology Jobs

Find similar Principal DevOps Engineer jobs: