Platform Engineers

Required Skills BS/MS degree in Computer Science, related technical field, or equivalent with 8+ years of industry experience 5+ years hands-on experience with Envoy Proxy (xDS/ADS, ext_authz, HTTP/2, gRPC, WebSocket) and/or Kong API Gateway (plugin development, DB-less mode, Admin API) Strong Go development skills - control-plane services, gRPC APIs, Kubernetes controllers (client-go), concurrency patterns Production Kubernetes experience (EKS and/or on-prem clusters) - Helm charts, HPA, PodDisruptionBudgets, NetworkPolicy, namespace isolation, ArgoCD GitOps Deep understanding of OAuth 2.0 / OIDC / PKCE flows, DPoP sender-constrained tokens, mTLS, and session management patterns Experience with OPA (Open Policy Agent) policy authoring in Rego and sidecar deployment patterns Hands-on with OpenTelemetry (traces, metrics, logs), Dynatrace, and Splunk SIEM integration Working knowledge of CDN/WAF platforms (Akamai Ion, Kona, Cloudflare) and WAF-as-code automation Experience with PostgreSQL (HA, connection pooling, PITR) and Kafka (MSK, Schema Registry, DLQ patterns) Familiarity with DNS steering (GeoDNS, Akamai GTM, health-check routing) and TLS certificate lifecycle (cert-manager, HSM/KMS) Strong CS fundamentals - networking (L3-L7), distributed systems, data structures & algorithms Experience building high-volume, low-latency, resilient infrastructure services Nice to have TypeScript/React experience for operator dashboard development AWS infrastructure experience (EKS, MSK, Lambda, Direct Connect, Network Firewall) Bitbucket Pipelines CI/CD and GitOps delivery workflows Experience with CAEP (Continuous Access Evaluation Protocol) or similar session revocation mechanisms Background in identity platforms (ForgeRock, SAML federation, token exchange patterns) Job Descrip tion Design, build and operate Envoy and Kong gateway infrastructure serving production traffic across multiple lines of business Develop Go-based control-plane services - Ingress Registry, xDS controllers, Session Manager, Context Propagator Implement and maintain OPA policy bundles for coarse-grained authorization at the gateway layer Build and extend OpenTelemetry instrumentation pipelines (OTel Collector, Dynatrace OTLP ingest, Splunk SIEM forwarding) Manage GitOps-driven deployments via ArgoCD and Helm across multi-cluster Kubernetes environments Automate WAF rule management across Akamai and Cloudflare using WAF-as-code patterns Contribute to the platform operator console (TypeScript/React) for route management, drift detection, and session visibility Collaborate with LOB teams to onboard routes and migrate traffic from legacy ingress infrastructure Participate in incident response, runbook development, and production readiness reviews Champion software engineering best practices - code review, testing, documentation, and observability-first design