Senior Platform Engineer
Tech Economy · Boston, NY · 3 wk ago
Engineering$141k–$154k/yrFull-time
Description & Requirements
- Core Platform Service Development, Deployment, and Operations (80%)
- Design, build, test, deploy, and operate core platform services to production quality standards (Auth, RBAC, Session, Audit, Notifications, File, Search).
- Own service APIs and contracts end-to-end: versioning, backwards compatibility, and consumer impact management across product squads.
- Write and maintain Postgres schemas and Alembic migrations using the expand/contract pattern; never ship a breaking schema change without a backwards-compatible transition.
- Implement and enforce authentication and authorization patterns: JWT, refresh token rotation, RBAC, SAML/OIDC, and service-to-service auth where required.
- Design and operate Redis-backed patterns: caching, session storage, rate limiting, pub/sub, and distributed lock coordination where needed.
- Build and operate event-driven capabilities using Kafka domain events (CloudEvents envelope, schema registry integration) where platform services publish and consume.
- Instrument services with structured logs, distributed tracing, and Prometheus metrics from day one using OpenTelemetry and FastAPI instrumentation.
- Write and maintain Helm charts for owned services; contribute to Kubernetes manifests in the platform-infra repository (health checks, resource limits, HPA readiness).
- Participate in on-call rotation for platform incidents; drive incident response to resolution and maintain runbooks for owned services.
- Other (20%)
- Set and enforce engineering standards for platform service development: testing, observability, security, reliability, and operational hygiene.
- Conduct thorough code reviews; enforce standards on PRs and raise the bar for production practices across the platform estate.
- Mentor mid-level and junior platform engineers through pairing, design guidance, and ongoing review feedback.
- Use AI coding assistants to accelerate service scaffolding, API/router generation, migration drafts, and test creation; review all generated code against production and security standards before committing.
- Use LLMs to generate first-draft documentation (runbooks, service docs, API notes) and operational checklists; validate and refine outputs before publishing.
- Collaborate with the Security Engineer on Vault integration (Vault Agent Injector) and/or Azure Key Vault, dynamic secrets usage, policy scoping, mTLS policy, and software supply chain security requirements.
About You
- Bachelor’s degree in Computer Science, Engineering, Information Systems, or a related field (or equivalent practical experience).
- 6+ years of experience building and operating backend services, APIs, or platform components in production environments, including on-call responsibility.
- Demonstrated experience owning production backend services end-to-end (design, build, test, deploy, monitor, and operate), including on-call operational responsibility.
- Production experience building and operating REST and event-driven microservices at scale in a Kubernetes environment.
- Experience designing and operating data stores in Postgres, including schema migration practices, query optimisation, and performance tuning.
- Experience implementing authentication and authorization systems (JWT, refresh token rotation, RBAC, SAML/OIDC) in production environments.
- Demonstrated ability to mentor other engineers and raise engineering standards through code review and shared conventions.
- Backend/Platform Engineering
- Strong Python proficiency: FastAPI, Pydantic v2, SQLAlchemy 2.0 async, Alembic, pytest, Ruff, mypy (strict).
- Production microservices: REST APIs, event-driven patterns, idempotency, retries, backwards-compatible versioning, and consumer contract discipline.
- PostgreSQL: query plan analysis, indexing strategies, partitioning approaches, and schema evolution patterns for high-availability systems.
- Redis: caching strategies, session storage, pub/sub, and rate limiting patterns; understands operational trade-offs and failure modes.
- Azure Kafka: producing/consuming domain events, CloudEvents envelope conventions, schema registry integration, and consumer group semantics.
- Docker: multi-stage builds, non-root containers, image scanning (e.g., Trivy), and secure base-image practices.
- Kubernetes: Helm charts, pod lifecycle, probes/health checks, resource requests/limits, and HPA concepts; comfortable operating services on-cluster.
- Observability: OpenTelemetry instrumentation, structured logging (structlog), distributed tracing, and Prometheus metrics for FastAPI services; experience with Azure Monitor a plus.
- Secrets and security: familiarity with HashiCorp Vault (Vault Agent Injector, dynamic secrets, policy scoping) and/or Azure Key Vault, and secure service-to-service patterns.
- Generative AI and agentic systems
- Uses AI coding assistants (Cursor, GitHub Copilot, or equivalent) to accelerate feature development and reduce repetitive boilerplate; reviews all generated code against production and security standards before committing.
- Uses agents to generate first-draft Pydantic schemas, SQLAlchemy models, and FastAPI router skeletons; refines outputs to match domain conventions and security requirements.
- Uses LLM assistance to draft unit and integration test cases; validates coverage gaps and supplements with manually authored tests.
- Understands how platform services (Auth, RBAC, Audit) interact with the Agent Gateway and what security constraints (permissions, auditability, data minimisation) that interaction requires.
- General
- Treats every service as a production system from the first commit: tests, observability, documentation, and runbooks are not optional.
- Communicates blockers early and escalates appropriately; does not quietly struggle for days before raising a risk.
- Uses AI tooling to move faster, but applies critical judgement and rigorous review to all generated code and documentation before it enters the codebase.
- Keeps runbooks and service documentation current as services evolve; treats operability as part of delivery.
U.S. Compensation Information
- This role includes base salary, annual discretionary performance bonus, and a 401(k) plan with an annual employer contribution based on years of service and Bain’s best in class benefits package.
- The estimated annualized compensation for this role varies based on location and experience, ranging from $140,875 - $192,250 annually.
- The role also offers a discretionary annual performance bonus, 401(k) plan with employer contribution, and Bain’s best-in-class benefits including full premium coverage for medical, dental, and vision, generous paid time off, and more.