vCluster Labs
AI
EngineeringTechLead(vNode)
Neural analysis suggests this role is
optimal for Lead candidates.
“Engineering Tech Lead (vNode) at vCluster Labs. Skills: vNode technical execution, Container runtimes and isolation, Kubelet integration surface, Go systems programming, Linux isolation fluency. Owning the vNode technical execution. Drive the architecture for how vNode wraps containerd, integrates with the kubelet, and exposes safe isolation primitives”
What You'll Achieve.
Ship the work that decides whether AI Clouds and regulated enterprises can adopt vNode as their default isolation layer; Drive the architecture for how vNode wraps containerd, integrates with the kubelet, and exposes safe isolation primitives; Set the bar for what ships, what gets deferred, and what gets redesigned; Close the loop between what AI Cloud operators need and what vNode actually does in production
Industry & Context.
Reason about their failure modes
What They're Looking For.
Must Have
Deep container runtime experience, Shipped production work against containerd directly, Kubernetes node-level depth, Worked inside the kubelet, the CRI layer, or a node-resident agent, Go systems programming chops, Write production Go for systems-level code, Linux isolation fluency, Shipped against user namespaces, seccomp-bpf, capabilities, and Landlock, Tech Lead instincts
Nice to Have
Direct experience with Kata Containers, gVisor, or another sandboxed/isolated runtime, Upstream contribution history, Meaningful commits to containerd, runc, Kata, gVisor, Kubernetes SIG-Node, or related projects, Tenant Isolation domain expertise, Built or operated infrastructure where the threat model includes hostile workloads on shared hosts, Public technical voice, Talks, posts, or RFCs that move the conversation on container isolation
What You'll Do.
Owning the vNode technical execution
Drive the architecture for how vNode wraps containerd
integrates with the kubelet
and exposes safe isolation primitives
Set the bar for what ships
and what gets redesigned
Lead the work where vNode meets containerd
Explain (and improve) exactly what happens between a Pod spec and a process running under a constrained user namespace with a tight seccomp profile
Own how vNode plugs into the node lifecycle: CRI
kubelet device plugins
and the rough edges between Kubernetes' node model and a runtime that does not assume one tenant per node
Run technical design reviews
Set the pattern for testing isolation guarantees
Mentor the engineers shipping alongside you
Run vNode against vCluster Platform tenant clusters internally before customers see it
Close the loop between what AI Cloud operators need and what vNode actually does in production
Contribute upstream where it matters (containerd
Write the technical posts that explain why namespace-based isolation is the right answer
Represent vCluster Labs at KubeCon-class venues
How You'll Work.
Team & Collaboration
Partner directly with the vNode founding engineers; Mentor the engineers shipping alongside you; Bring the team along
Communication Scope
Write the technical posts that explain why namespace-based isolation is the right answer
Process & Methodology
Set technical direction by writing the design doc, Prototyping the hard part
Full Job Description
As an Engineering Tech Lead at vCluster Labs, you aren't just shipping container runtime features; you are defining how Kubernetes operators get VM-grade tenant isolation without the VM tax. vNode replaces virtual kubelets and microVMs with a runtime built on Linux user namespaces and seccomp, and the person in this seat owns where that runtime goes next. You will partner directly with the vNode founding engineers, run the technical bar for the team, and ship the work that decides whether AI Clouds and regulated enterprises can adopt vNode as their default isolation layer. As an Engineering Tech Lead, your role will include: - Owning the vNode technical execution: Drive the architecture for how vNode wraps containerd, integrates with the kubelet, and exposes safe isolation primitives. You will set the bar for what ships, what gets deferred, and what gets redesigned. - Going deep on container runtimes and isolation: Lead the work where vNode meets containerd, Kata Containers, gVisor, runc, and the kernel. You will be the person who can explain (and improve) exactly what happens between a Pod spec and a process running under a constrained user namespace with a tight seccomp profile. - Shipping the kubelet integration surface: Own how vNode plugs into the node lifecycle: CRI, kubelet device plugins, cgroups v2, eviction, and the rough edges between Kubernetes' node model and a runtime that does not assume one tenant per node. - Raising the engineering bar: Run technical design reviews, set the pattern for testing isolation guarantees, and mentor the engineers shipping alongside you. You are not a people manager, but you are the engineer the team copies. - Being Customer Zero for vNode: Run vNode against vCluster Platform tenant clusters internally before customers see it. You will close the loop between what AI Cloud operators need and what vNode actually does in production. - Representing vNode externally: Contribute upstream where it matters (containerd, runc, Kubern
Applying for this Engineering Tech Lead (vNode) role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about vCluster Labs?
Real rants from real employees. Read before you apply.