Job Description :

Job Title : Senior Platform Architect (Level IV)

Experience : 12 Years

Location : fully remote

Department : Engineering Platform Architecture

Reports to : CTO

Role Overview :

We are building a next-generation hybrid SaaS platform that delivers enterprise-grade analytics, monitoring, and security telemetry from complex on-premises environments into a secure, multi-tenant SaaS portal.

The architecture (as defined in the attached System Demo.pdf diagram) features a central multi-tenant SaaS layer (PostgreSQL + OpenSearch), multiple on-prem deployment modes (Hardened container, Virtual appliance, lightweight Agent), and a critical Outbound Security Gateway that supports both SaaS-bound and standalone SIEM/export use cases.

As our Senior Platform Architect (Level IV), you will own the end-to-end technical vision and execution of this architecture. You will translate the high-level component diagram into production-grade designs, lead a team of senior engineers, provide deep subject-matter expertise across hybrid cloud/on-prem systems, security-hardened components, and data pipelines, and mentor the broader engineering organization. This is a hands-on leadership role you will design, code prototypes, conduct architecture reviews, and drive implementation to successful production rollout.

Key Responsibilities :

Own and evolve the reference architecture shown in the System Demo diagram, ensuring all major components are implemented with clarity, scalability, security, and operational excellence :

- Multi-tenant SaaS Portal (PostgreSQL + OpenSearch backend)

- Outbound Security Gateway in Hardened, Virtual, and Agent modes (standalone SIEM export + SaaS connectivity)

- Application Exposure Gateway, Monitoring Platform, Telemetry Ingestion, Evidence Repository, Analytics & Reporting layers

- Identity & Access (proprietary IdP + SAML/OIDC federation)

- Configuration & State management, Integration Services, User ID (JWT) flows

- Define and enforce technical standards for hardened deployments (immutable containers/VMs, least-privilege, zero-trust egress, distroless runtimes, seccomp/AppArmor).

- Lead the implementation of near-real-time and batch data pipelines from on-prem ? SaaS (CDC, streaming, buffering, encryption, transformation).

- Design multi-tenancy, data isolation, compliance controls (GDPR, SOC 2, data residency), and export-to-SIEM capabilities that work independently of the SaaS portal.

- Conduct architecture decision records (ADRs), threat modeling, and scalability/performance reviews.

- Mentor and grow a team of 8-15 engineers (Staff/Principal level); run architecture guilds, design reviews, and technical onboarding.

- Collaborate closely with Product, Security, and Compliance teams to balance customer requirements (enterprise SSO, air-gapped support, SIEM forwarding) with platform roadmap.

- Drive proof-of-concept work, vendor evaluations (e.g., Auth0/Cognito/Keycloak, OpenSearch managed services, gateway frameworks), and technology selection.

- Ensure the platform meets enterprise-grade SLAs for availability, latency, auditability, and operational observability.

Required Qualifications :

- 12+ years of experience in software/systems architecture, with at least 5 years in senior/principal roles leading complex hybrid or multi-cloud platforms.

Deep expertise in at least three of the following domains :

- Hybrid SaaS / on-prem architectures (hardened containers, virtual appliances, agents)

- Secure outbound gateways, data diodes, or telemetry shipping (SIEM integration experience strongly preferred)

- Multi-tenant databases & search platforms (PostgreSQL + OpenSearch/Elasticsearch)

- Identity federation (SAML 2.0 + OIDC, SCIM provisioning)

- Cloud-native security (zero-trust, mTLS, immutable infrastructure, policy-as-code)

- Proven track record shipping production hybrid platforms at scale (100+ enterprise customers or equivalent complexity).

- Strong hands-on coding ability (Go, Java, Python, or TypeScript preferred) and infrastructure-as-code (Terraform, Kubernetes, Helm).

- Experience with regulated environments (finance, healthcare, government) and data-residency requirements.

Preferred Qualifications :

- Previous experience with observability, security analytics, or SIEM-adjacent platforms (Datadog, Splunk, Elastic, Sentinel, etc.).

- Familiarity with change-data-capture (Debezium), event streaming (Kafka/Kinesis), and real-time analytics pipelines.

- Contributor or speaker in open-source communities around gateways, hardening, or multi-tenancy.

- Level IVa / Principal-level pedigree at a recognized high-growth SaaS or enterprise software company.

What Success Looks Like in the First 6-12 Months :

- Delivered a production-ready Outbound Security Gateway supporting all three modes (Hardened, Virtual, Agent) with both SaaS and standalone SIEM export paths.

- Completed the core multi-tenant SaaS portal backbone (auth, ingestion, analytics storage) aligned to the diagram.

- Mentored the team to a consistent high-quality architecture review process and raised overall engineering maturity.

- Established clear decision records and a living architecture runway for the next 18 months of roadmap features.