DevOps Engineer

Bolt Graphics is a semiconductor startup based in Sunnyvale, CA building the fastest and most efficient graphics processors. We pride ourselves on our first principles approach to solving problems. We are energized by our mission to reduce the barrier of entry for content creation and consumption. Our goal is to enable everyone to easily create, simulate and consume immersive experiences as vividly as they can imagine them.

Our Values

• Be Fearless: Unmute yourself. Test boundaries and get proven right.
• Remain Adaptable: Stay comfortable in a continuously changing world. If you’re wrong, concede and move on.
• Educate Your Ego: Selflessly collaborate towards our shared purpose.

About the role:

We're hiring a DevOps Engineer to own our GitLab-based delivery platform end to end: the pipelines, the runners, the cloud integrations, and the on-prem infrastructure behind them. You'll work across AWS, Azure, and Proxmox, partnering with developers, security, and product to keep code moving from commit to production quickly and safely. 

Your first big project is leading our GitHub-to-GitLab migration, working with stakeholders across the company to make sure the new platform fits how teams actually work. Once that lands, you'll shift into the ongoing platform work below. 

We currently do not offer sponsorship or relocation for this role.

What you'll do:

• Initial Focus: GitHub-to-GitLab Migration (1–3 Months) 

A defined, time-bound project. Once it's done and the dust settles, these duties wind down. 

• Migrate repos, history, branches, tags, LFS, releases, packages, issues, PRs/MRs, and CI config from GitHub to GitLab using GitLab Importer, git filter-repo, and custom tooling where needed. 

• Translate GitHub Actions into GitLab CI/CD: reusable workflows into CI components/templates, matrix strategies, environments, OIDC, and self-hosted runner equivalents. 

• Map GitHub constructs (branch protections, CODEOWNERS, status checks, secrets, orgs/teams) to their GitLab equivalents and resolve the gaps with stakeholders. 

• Plan the cutover (big-bang vs. phased), run mirrors during transition, and verify parity before retiring GitHub assets. 

• Partner with app teams, security, compliance, and release managers to align the migration with how each team works today and where they need to land. Own the runbook and run enablement sessions. 

Ongoing Responsibilities 

Pipelines & Releases 

• Build and maintain GitLab CI/CD pipelines: multi-stage workflows, parent/child pipelines, reusable CI components, and matrix builds. 

• Run and scale GitLab Runners on Kubernetes, AWS, Azure, and Proxmox, including executor tuning, tagging, and cache/artifact strategy. 

• Ship via blue/green, canary, and rolling deployments with feature flags and automated rollback. 

• Manage release governance: protected branches/tags, MR approvals, CODEOWNERS, environment-scoped variables, and audit-ready change records. 

Cloud Integrations (AWS / Azure) 

• Wire GitLab pipelines into AWS (ECR, EKS/ECS/Fargate, Lambda, S3, RDS, CloudFormation/CDK) and Azure (ACR, AKS, Functions, App Service, ARM/Bicep). 

• Set up OIDC federation so pipelines assume short-lived cloud roles instead of using long-lived keys or secrets. 

• Integrate with AWS Secrets Manager / Azure Key Vault, CloudWatch / Azure Monitor, and policy engines (AWS Config, Azure Policy). 

• Feed GitLab security scan results into AWS Security Hub or Microsoft Defender for Cloud. 

Virtualization (Proxmox) 

• Operate Proxmox VE clusters: nodes, storage (ZFS, Ceph, NFS), networking (bridges, VLANs, SDN), HA, and Proxmox Backup Server. 

• Provision VMs and LXC containers as code with Terraform (Telmate or bpg/proxmox), Packer templates, and cloud-init. 

• Use Proxmox for self-hosted runners, ephemeral build agents, and dev/staging environments. Keep parity with the cloud side so pipelines behave the same in both. 

Infrastructure as Code 

• Build infrastructure with Terraform/OpenTofu: reusable modules, remote state, workspaces, and policy-as-code (OPA or Sentinel). 

• Run Kubernetes (EKS, AKS, or self-managed on Proxmox) with Helm and Kustomize. 

• Use Ansible (or Puppet/Chef) for configuration; Packer for golden images across AWS, Azure, and Proxmox. 

• Implement GitOps with Argo CD, Flux, or GitLab's Kubernetes Agent. 

Security 

• Tune GitLab security scanners (SAST, DAST, dependency, container, IaC, secret detection, license compliance) and triage findings with the relevant teams. 

• Manage secrets with Vault, AWS Secrets Manager, Azure Key Vault, or GitLab CI variables; default to OIDC over long-lived credentials. 

• Apply least-privilege IAM, signed artifacts (Cosign/Sigstore), SBOMs, and image hardening. 

Monitoring & Operations 

• Instrument systems with Prometheus, Grafana, Loki, OpenTelemetry, CloudWatch, Azure Monitor, or Datadog. 

• Build dashboards and alerts, investigate incidents, and run postmortems on pipeline and deployment failures. 

• Support testing, staging, and production: drift detection, capacity planning, and performance tuning. 

Collaboration 

• Write the docs, runbooks, and ADRs. Build reusable pipeline templates so teams can self-serve. 

• Work with developers, QA, security, and product to clear bottlenecks and make delivery feel easier. 

Required Qualifications:

• 3–5 years in DevOps, Platform, or Build/Release Engineering. 

• GitLab in production: .gitlab-ci.yml, runners, container registry, MR workflows, protected environments. Comfortable with GitLab Flow or trunk-based development. 

• GitHub-to-GitLab migration experience, or a comparable platform migration (Bitbucket to GitLab, Jenkins to GitLab CI, Azure DevOps to GitLab). You've moved repos, translated pipelines, and kept stakeholders aligned through it. 

• Working knowledge of GitHub and GitHub Actions to translate what's already there. 

• Real CI/CD ownership in production. 

• Deploying into AWS and/or Azure from CI/CD, including OIDC, IAM/RBAC, and core services (compute, networking, storage, managed DBs, container registries, Kubernetes). 

• Proxmox VE or a comparable virtualization platform (vSphere, Nutanix, KVM/libvirt). 

• Bash plus one of Python, Go, or Ruby. 

• Docker and Kubernetes (Deployments, Services, RBAC, Helm). 

• Terraform with cloud and Proxmox providers. 

• Solid Linux and networking fundamentals (systemd, TLS, DNS, HTTP, VLANs, load balancing). 

• Comfortable with the messy parts of Git: rebases, conflict resolution, history rewriting. 

• Good at troubleshooting, better at explaining tradeoffs to people with competing priorities. 

Preferred Qualifications:

• Prior lead role on a source control or CI platform migration. 

• GitLab certifications (CI/CD Associate, Implementation Specialist) or experience running self-managed GitLab at scale. 

• AWS or Azure certs (Solutions Architect, DevOps Engineer, Administrator). 

• Hybrid-cloud experience bridging Proxmox to AWS/Azure (Site-to-Site VPN, Direct Connect, ExpressRoute). 

• GitOps with Argo CD, Flux, or the GitLab Agent. 

• Service mesh (Istio, Linkerd) and ingress controllers. 

• Observability stack ownership (Prometheus, Grafana, OpenTelemetry, CloudWatch, Azure Monitor). 

• HashiCorp Vault and OIDC federation. 

• Supply-chain security: SLSA, Cosign/Sigstore, SBOMs (Syft, Trivy). 

• Proxmox Backup Server, Ceph, or Proxmox SDN. 

• Postgres or MySQL admin basics: migrations, backups, replication. 

• Compliance frameworks: NIST 800-53 / 800-171, CMMC, SOC 2, ISO 27001, FedRAMP, PCI-DSS. 

• Agile teams and coaching developers on platform usage.

Compensation Range: $110,000–$170,000 per year (California). This range represents the anticipated base pay for this role; the final offer may vary based on qualifications, experience, and location.

Benefits:

• Medical, Dental, & Vision - 100% covered premiums
• Equity - Stock Options
• 401(k) match
• WFH Hardware

Bolt is committed to building a diverse and inclusive environment in which we recognize and value each other’s differences as well as fostering a culture that promotes its core values: Professionalism, Integrity, and Respect. As an equal opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, or status as a protected veteran.