Platform Engineer

Mode: 5 days onsiteJob Description Hands-on platform engineer joining the client team, responsible for building and operating the centralized ingress layer that handles authentication, authorization, traffic management, and observability for all the client channels. Day-to-day responsibilities:

• Design, build and operate Envoy and Kong gateway infrastructure serving production traffic across multiple lines of business
• Develop Go-based control-plane services - Ingress Registry, xDS controllers, Session Manager, Context Propagator
• Implement and maintain OPA policy bundles for coarse-grained authorization at the gateway layer
• Build and extend OpenTelemetry instrumentation pipelines (OTel Collector, Dynatrace OTLP ingest, Splunk SIEM forwarding)
• Manage GitOps-driven deployments via ArgoCD and Helm across multi-cluster Kubernetes environments
• Automate WAF rule management across Akamai and Cloudflare using WAF-as-code patterns
• Contribute to the platform operator console (TypeScript/React) for route management, drift detection, and session visibility
• Collaborate with LOB teams to onboard routes and migrate traffic from Legacy ingress infrastructure
• Participate in incident response, runbook development, and production readiness reviews
• Champion software engineering best practices - code review, testing, documentation, and observability-first design
Required Skills
• BS/MS degree in Computer Science, related technical field, or equivalent with 8+ years of industry experience
• 5+ years hands-on experience with Envoy Proxy (xDS/ADS, ext_authz, HTTP/2, gRPC, WebSocket) and/or Kong API Gateway (plugin development, DB-less mode, Admin API)
• Strong Go development skills - control-plane services, gRPC APIs, Kubernetes controllers (client-go), concurrency patterns
• Production Kubernetes experience (EKS and/or on-prem clusters) - Helm charts, HPA, PodDisruptionBudgets, NetworkPolicy, namespace isolation, ArgoCD GitOps
• Deep understanding of OAuth 2.0/OIDC/PKCE flows, DPoP sender-constrained tokens, mTLS, and session management patterns
• Experience with OPA (Open Policy Agent) policy authoring in Rego and sidecar deployment patterns
• Hands-on with OpenTelemetry (traces, metrics, logs), Dynatrace, and Splunk SIEM integration
• Working knowledge of CDN/WAF platforms (Akamai Ion, Kona, Cloudflare) and WAF-as-code automation
• Experience with PostgreSQL (HA, connection pooling, PITR) and Kafka (MSK, Schema Registry, DLQ patterns)
• Familiarity with DNS steering (GeoDNS, Akamai GTM, health-check routing) and TLS certificate life cycle (cert-manager, HSM/KMS)
• Strong CS fundamentals - networking (L3-L7), distributed systems, data structures & algorithms
• Experience building high-volume, low-latency, resilient infrastructure services
Nice to have:
• TypeScript/React experience for operator dashboard development
• AWS infrastructure experience (EKS, MSK, Lambda, Direct Connect, Network Firewall)
• Bitbucket Pipelines CI/CD and GitOps delivery workflows
• Experience with CAEP (Continuous Access Evaluation Protocol) or similar session revocation mechanisms
• Background in identity platforms (ForgeRock, SAML federation, token exchange patterns).
  
  BS/MS degree in Computer Science, related technical field, or equivalent with 8+ years of industry experience
• 5+ years hands-on experience with Envoy Proxy (xDS/ADS, ext_authz, HTTP/2, gRPC, WebSocket) and/or Kong API Gateway (plugin development, DB-less mode, Admin API)
• Strong Go development skills - control-plane services, gRPC APIs, Kubernetes controllers (client-go), concurrency patterns
• Production Kubernetes experience (EKS and/or on-prem clusters) - Helm charts, HPA, PodDisruptionBudgets, NetworkPolicy, namespace isolation, ArgoCD GitOps
• Deep understanding of OAuth 2.0/OIDC/PKCE flows, DPoP sender-constrained tokens, mTLS, and session management patterns
• Experience with OPA (Open Policy Agent) policy authoring in Rego and sidecar deployment patterns
• Hands-on with OpenTelemetry (traces, metrics, logs), Dynatrace, and Splunk SIEM integration
• Working knowledge of CDN/WAF platforms (Akamai Ion, Kona, Cloudflare) and WAF-as-code automation
• Experience with PostgreSQL (HA, connection pooling, PITR) and Kafka (MSK, Schema Registry, DLQ patterns)
• Familiarity with DNS steering (GeoDNS, Akamai GTM, health-check routing) and TLS certificate life cycle (cert-manager, HSM/KMS)
• Strong CS fundamentals - networking (L3-L7), distributed systems, data structures & algorithms
• Experience building high-volume, low-latency, resilient infrastructure services
Nice to have:
• TypeScript/React experience for operator dashboard development
• AWS infrastructure experience (EKS, MSK, Lambda, Direct Connect, Network Firewall)
• Bitbucket Pipelines CI/CD and GitOps delivery workflows
• Experience with CAEP (Continuous Access Evaluation Protocol) or similar session revocation mechanisms
• Background in identity platforms (ForgeRock, SAML federation, token exchange patterns).