DevSecOps & Kubernetes

Alongside our own products we offer time-based engineering: DevSecOps, Kubernetes and security — delivered by René Zingerle under Rothirsch Tech. GmbH. No page builder, no black-box SaaS, but infrastructure built and operated to production standards.

The focus is onon-premise and hybrid Kubernetes and a security-first, GDPR-compliant architecture with verifiable hardening. CI/CD and GitOps are built as an in-house capability, not bought in as an opaque service.

Services

  • Kubernetes engineering — bare-metal cluster design, highly available control planes, upgrades, RBAC, NetworkPolicy, Pod Security Standards, Helm/Kustomize.
  • DevSecOps & CI/CD — GitLab CI and Jenkins Shared Library, ArgoCD GitOps, semantic versioning. Shift-left security: secret scanning, SAST, SCA, container scans, DAST and centralised vulnerability management.
  • Infrastructure-as-Code — Ansible frameworks, Terraform (modular, remote state), Helm charts, Kustomize overlays, migration of legacy Puppet.
  • Secrets & IAM — HashiCorp Vault (HA, Kubernetes auth), External Secrets Operator, Keycloak SSO, OpenLDAP, PKI / cert-manager.
  • Monitoring & observability — Prometheus/Grafana with custom alert rules, ELK stack, Icinga2, SLO design.
  • Software-defined networking — in production via Calico/CNI (BGP, overlay, NetworkPolicy, low-disruption CNI migration).
  • Linux & network security — nftables, StrongSwan VPN, Bind9, hardening, kernel tuning, patch management.
  • Mail infrastructure — Postfix, Dovecot, Amavis, SpamAssassin, ClamAV, DKIM/DMARC/SPF.

Verifiable reference projects

Our own production systems are the evidence — all intellectual property belongs to Rothirsch Tech. GmbH and may be represented as own work:

  • OpenDC — 8-node Kubernetes (3 HA control planes + 5 workers), over 35 customer deployments, full GitOps.
  • Provisioning pipeline — Ansible-driven automation from webhook to live service.
  • HashiCorp Vault (3-node HA) — production secrets management with Kubernetes auth.
  • Tagfalter &Community Sites — operated managed platforms with paying customers.

Terms

ParameterDefault
LocationRemote preferred, on-site by arrangement (Austria / Germany)
Hourly ratefrom €105, project-dependent (open to discussion)
Day ratefrom €840 (remote, weekdays)
Durationpreferably 6–24 months with extension option
Availabilityfull- or part-time (min. ~20 h/week for continuity)
Contracting partyRothirsch Tech. GmbH (no personal employment; work contract)

Certifications

  • CISSP — Certified Information Systems Security Professional (ISC²)
  • SSCP — Systems Security Certified Practitioner (ISC²)
  • GDPR for Security Professionals (ISC²)
  • CKA — Certified Kubernetes Administrator(in preparation)
  • DevOps and DevSecOps bootcamps completed (2026)
  • 15+ years Linux / DevOps, 10+ years running an own on-premise infrastructure company

Enquiry or references:contact@rothirsch.tech — references available on request.