IoT Platform Architect – Backend Lead

This is a fully remote position, open to applicants in Pakistan.

📋 Description

• Develop a comprehensive end-to-end architecture for the IoT platform, encompassing device connectivity, MQTT/protocol ingestion, stream processing, time-series storage, REST/GraphQL API layer, and real-time WebSocket delivery.

• Establish a multi-tenant data model that ensures strict data isolation between customers, tenant-scoped API tokens, and row-level security.

• Create a device lifecycle management system, including provisioning, X.509/JWT authentication, device registry, status tracking, and decommissioning processes.

• Design the protocol abstraction layer to ensure that MQTT, Modbus, OPC-UA, CoAP, and HTTP devices conform to a unified internal data model.

• Develop a configurable rule engine that allows for event-condition-action rules for alerts, automations, and integrations without requiring customer coding.

• Plan and manage OTA firmware updates, including secure delivery, versioning, rollback capabilities, and fleet orchestration.

• Document Architecture Decision Records (ADRs) for every significant technical decision, ensuring comprehensive documentation.

• Design a scalable architecture that can transition from handling 100 devices in a pilot phase to over 500,000 devices in production without requiring structural changes.

• Create core platform services from the ground up, including device management, telemetry ingestion, rule engine, notification/alerting, OTA updates, and a multi-tenant API gateway.

• Develop REST and GraphQL APIs with a complete OpenAPI specification, maintaining version control from the outset.

• Implement WebSocket and SSE endpoints for delivering real-time telemetry to web and mobile clients.

• Build device command-and-control functions with acknowledgment, retry logic, and timeout management.

• Establish a device shadow service to provide access to the last-known state of every device, even when offline.

• Write unit, integration, and load tests, ensuring that no service reaches staging without appropriate test coverage.

• Take ownership of service reliability, including defining SLOs, creating alerting runbooks, and managing on-call incident responses.

• Provision and oversee all AWS environments (development, staging, production) using Terraform, avoiding manual operations.

• Configure AWS IoT Core, including MQTT endpoint, topic namespace, rules engine, and certificate management.

• Establish CI/CD pipelines via GitHub Actions for all backend services.

• Set up CloudWatch monitoring, log aggregation, and automated health alerts.

• Manage IAM for all team members by implementing least-privilege access and avoiding shared credentials.

• Ensure complete documentation of infrastructure handoff when a DevOps engineer joins during Phase 2.

⛳️ Requirements

• 7 to 12 years of experience in software or systems engineering, with at least 4 years focused on building IoT platform backends or connected product infrastructure.

• Expert-level, hands-on experience with AWS IoT Core or Azure IoT Hub, specifically in production deployments — this is a non-negotiable requirement.

• In-depth knowledge of MQTT, including versions 3.1 and 5.0, topic hierarchy design, QoS levels, retained messages, Last Will & Testament, and broker sizing and clustering — also non-negotiable.

• Proficient in Python and Node.js/TypeScript for developing production backend services, with Go being a significant advantage.

• Practical experience with time-series databases such as InfluxDB, TimescaleDB, or AWS Timestream.

• Proficient in using Terraform or AWS CloudFormation for programmatic cloud infrastructure provisioning, as opposed to console operations.

• Experience with multi-tenant SaaS backend architecture, focusing on data isolation patterns, tenant-scoped access control, and shared infrastructure design.

• Strong understanding of security fundamentals, including TLS/mTLS, X.509 certificates, OAuth 2.0, JWT, and secrets management using tools like Vault or AWS Secrets Manager.

• Familiarity with message brokers or streaming technologies, including Kafka, RabbitMQ, AWS Kinesis, or AWS IoT Rules Engine.

• Demonstrated ability to work independently at a senior level, making decisions, documenting rationale, and identifying risks without prompting — this is essential for remote discipline.

🏝️ Benefits

• Competitive salary and performance-based bonuses.

• Flexible work hours with remote work options.

• Comprehensive health, dental, and vision insurance plans.

• Professional development opportunities and support for continued education.

• Collaborative work environment with a focus on innovation and growth.