DevSecOps & Kubernetes
Alongside our own products we offer time-based engineering: DevSecOps, Kubernetes and security — delivered by René Zingerle under Rothirsch Tech. GmbH. No page builder, no black-box SaaS, but infrastructure built and operated to production standards.
The focus is onon-premise and hybrid Kubernetes and a security-first, GDPR-compliant architecture with verifiable hardening. CI/CD and GitOps are built as an in-house capability, not bought in as an opaque service.
Services
- Kubernetes engineering — bare-metal cluster design, highly available control planes, upgrades, RBAC, NetworkPolicy, Pod Security Standards, Helm/Kustomize.
- DevSecOps & CI/CD — GitLab CI and Jenkins Shared Library, ArgoCD GitOps, semantic versioning. Shift-left security: secret scanning, SAST, SCA, container scans, DAST and centralised vulnerability management.
- Infrastructure-as-Code — Ansible frameworks, Terraform (modular, remote state), Helm charts, Kustomize overlays, migration of legacy Puppet.
- Secrets & IAM — HashiCorp Vault (HA, Kubernetes auth), External Secrets Operator, Keycloak SSO, OpenLDAP, PKI / cert-manager.
- Monitoring & observability — Prometheus/Grafana with custom alert rules, ELK stack, Icinga2, SLO design.
- Software-defined networking — in production via Calico/CNI (BGP, overlay, NetworkPolicy, low-disruption CNI migration).
- Linux & network security — nftables, StrongSwan VPN, Bind9, hardening, kernel tuning, patch management.
- Mail infrastructure — Postfix, Dovecot, Amavis, SpamAssassin, ClamAV, DKIM/DMARC/SPF.
Verifiable reference projects
Our own production systems are the evidence — all intellectual property belongs to Rothirsch Tech. GmbH and may be represented as own work:
- OpenDC — 8-node Kubernetes (3 HA control planes + 5 workers), over 35 customer deployments, full GitOps.
- Provisioning pipeline — Ansible-driven automation from webhook to live service.
- HashiCorp Vault (3-node HA) — production secrets management with Kubernetes auth.
- Tagfalter &Community Sites — operated managed platforms with paying customers.
Terms
| Parameter | Default |
|---|
| Location | Remote preferred, on-site by arrangement (Austria / Germany) |
| Hourly rate | from €105, project-dependent (open to discussion) |
| Day rate | from €840 (remote, weekdays) |
| Duration | preferably 6–24 months with extension option |
| Availability | full- or part-time (min. ~20 h/week for continuity) |
| Contracting party | Rothirsch Tech. GmbH (no personal employment; work contract) |
Certifications
- CISSP — Certified Information Systems Security Professional (ISC²)
- SSCP — Systems Security Certified Practitioner (ISC²)
- GDPR for Security Professionals (ISC²)
- CKA — Certified Kubernetes Administrator(in preparation)
- DevOps and DevSecOps bootcamps completed (2026)
- 15+ years Linux / DevOps, 10+ years running an own on-premise infrastructure company
Enquiry or references:contact@rothirsch.tech — references available on request.