Interview Preparation

Appearance

Future Secure AI — SRE Interview Prep

Role: Site Reliability Engineer (Precision Sourcing → Future Secure AI) — remote/hybrid Australia, AWS+Azure, Kubernetes, Argo CD/GitOps, Terraform, CI/CD, Python/Node, Git.

Company note: Intel limited to LinkedIn (AI "digital workers" deployed securely on customer networks; 201-500 staff; enterprise-backed). Treat company signals as constrained—no external Q reuse.

Strengths to lean on: Domain Kubernetes migration (100+ services, SLO Helm charts, 99.9% uptime), GitOps with Argo CD, CI/CD modernization, IaC/automation (Terraform, AWS CDK), incident and compliance wins (SOC2/ISO), ownership mindset.

Gaps to mitigate: Explicit Azure depth; recent Terraform detail; concrete Python/Node automation examples. Offer a 30-60-90 ramp plan and map AWS patterns → Azure (load balancers, DNS, identity, secrets).

Q&A

Technical Depth

  1. Progressive delivery on EKS with Argo CD (multi-tenant)
    Use Argo CD ApplicationSets + Argo Rollouts/mesh canary; health gates on readiness/error rate/p95/SLO burn; rollbacks via Git revert; per-tenant quotas/PDBs. Domain: ECS→K8s migration hit ~9-minute deploys with safe rollback.

  2. Cross-cloud add-ons with Helm + Argo CD
    Base Helm values + cloud overlays (AWS ALB/Route53 vs Azure AGIC/DNS); drift alerts; Gatekeeper for allowed LB/TLS. Reuse Domain pattern; pair with Azure SME for LB/DNS nuances.

  3. Terraform modules/workspaces for EKS/AKS
    Interface modules with provider-specific impls; state isolated per env/region (s3+dynamo vs Azure storage+locks); policy-as-code gates; promotion via PRs/tags. Avinet/illion: reduced blast radius and audit risk during IaC migrations.

  4. Hardening Git→CI→Argo CD
    Signed commits/tags, branch protection, SLSA-ish provenance; least-priv Argo roles; SOPS/External Secrets; image allowlists/admission policies; audited reconcile logs. illion: SOC2/ISO passed with tfsec + container scanning.

  5. Python/Node automation for cluster ops
    Typed clients, retries/backoff, idempotent ops, structured logs; unit + KinD/minikube tests; CLI flags (dry-run/scope). Viator: AI Slack bot + GitLab token automation using feature flags and verbose logging.

  6. Faster container CI without losing supply-chain checks
    Profile, add BuildKit/buildx caching, parallel lint/test, registry cache, slim bases; keep SBOM/signing and vuln scans. Domain: Jenkins → sub-10-minute builds with SonarQube/Wiz intact.

System Design

  1. GitOps platform AWS+Azure with guardrails
    Argo CD per cluster/control-plane; ApplicationSets target env/region; namespace bundles (netpol, quotas, PDBs); Gatekeeper/Kyverno; External Secrets with KMS; bootstrap via cluster catalog repo. Mirrors Domain GitOps program.

  2. Cross-cloud secrets
    AWS SM / Azure KV + External Secrets Operator; KMS keys, short TTL, rotation hooks, least-priv identities; DX via templates/linter; audit via CMKs and drift alerts. Validate KV flow with Azure partner.

  3. Hybrid observability with costs controlled
    OTel collectors for metrics/traces with tuned sampling; logs filtered/short hot retention; golden-signal dashboards and SLO burn alerts; runbooks linked to alerts. Envato: 45% cost reduction; Domain: 99.9% uptime via SLOs.

  4. Multi-region failover for stateless service (GitOps traffic)
    Global traffic manager/DNS health probes; per-region Argo apps; traffic weights stored in Git; signals: SLO burn + synthetic checks; game days; rollback by reverting weights/config. Domain: MTTR ~15 minutes during migrations.

Leadership / Collaboration

  1. Coaching GitOps adoption
    Workshops, Helm templates, phased onboarding; targets for migration and deploy metrics; office hours. Domain: 50% workloads moved in 7 months, deploys 2/week → 5/day, satisfaction 4.7/5.

  2. Terraform refactor trust
    Start with read-only drift, extract modules with feature flags, small blast radius applies, transparent plans. Avinet/illion: modernised IaC without blocking delivery; auditors satisfied.

  3. Align standards without heavy governance
    Golden paths (repo templates, pipeline lib, policy bundle), light RFC, office hours; celebrate adopters, block only severe issues. Viator/Domain: bottoms-up adoption beat mandates.

Company-Specific

  1. Ship AI digital workers safely
    Treat models/agents as signed artifacts with SBOM; policy gates for PII/e2e; staged rollouts with tight SLOs; full audit trail. Leverage illion compliance + Domain secure pipelines.

  2. Hybrid reassurance for enterprises
    Show parity reference architecture (identity, logging, secrets, deploy guardrails) across AWS/Azure; publish RACI for incidents and data residency; acknowledge Azure ramp with a pairing plan and reuse AWS patterns.

Behavioral

  1. Closing an Azure gap
    Time-boxed deep dives, pair with Azure SME, lab mirrors prod, start with one service; communicate 30-60-90 ramp. Mirrors how I picked new stacks at illion.

  2. Incident during deploy
    Domain: 26-minute outage from 429 loop; used ELK to isolate, rolled back; added checklists linked to alerts and enforced backoff handling. Would pair with Argo sync waves + synthetics to prevent repeat.

  3. Modernising stale Terraform/CI
    illion: added Packer + tfsec + staged ECS migration; lead time 2h → 10m; audit findings zero. Pattern: add guardrails first, refactor second, optimise last.

If you want a PDF: I can render this to PDF; otherwise this markdown lives at outputs/future-secure-ai/future-secure-ai-study-guide.md.