Lead Software Engineer

This is a fully remote position, open to applicants in Philippines.

📋 Description

• Take full ownership of the backend architecture from start to finish, making design decisions, establishing standards, making trade-offs, and documenting processes, all without a backend lead overseeing you.

• Advocate for a cloud-optional, minimal-footprint design philosophy among the team and stakeholders, while resisting feature creep that could undermine the privacy model.

• Lead technical design reviews and work closely with the firmware and mobile leads to ensure coherence across the cloud, Hub, and App layers.

• Define and uphold engineering standards related to API design, security posture, observability, and code quality.

• Provide mentorship to engineers within the team and elevate the technical standards across the backend.

• Design and implement the MQTT relay broker featuring Mutual TLS 1.3, Hub UUID-based routing, and resilient connection handling against DoS attacks.

• Develop and maintain the Installer Portal REST API, handling project management, AccessKey lifecycle, credential verification, and integration with handover state machines.

• Create the analytic ingest pipeline with server-side payload filtering and GDPR-compliant data retention policies.

• Design PostgreSQL schemas and Redis caching strategies for installer project data, access control, and real-time synchronization.

• Implement API security measures across all surfaces, including OAuth2/OIDC, JWT, RBAC (differentiating between Electrician and Homeowner roles), rate limiting, and input validation.

• Configure and manage AWS API Gateway for routing, throttling, and token validation, utilizing Cloudflare for enhanced security and DDoS protection.

• Oversee the CI/CD pipeline from end to end — using GitHub Actions, ECR, and ECS Fargate (Sydney, production), with Render for development environments.

• Integrate OTA firmware distribution with awareness of Hub state, ensuring updates are paused during PENDING_HANDOVER lockdown states.

• Promote observability through OpenTelemetry, Grafana Cloud, and Sentry, creating structured, trace-correlated logging via Serilog, ensuring diagnostics can be performed without accessing device payloads.

⛳️ Requirements

• Over 10 years of backend engineering experience, including a minimum of 3 years in a technical lead role where you defined architecture rather than just contributed to it.

• Demonstrated experience in designing and deploying a connected device backend, with expertise in building the cloud layer of an IoT system, and the ability to articulate every decision made regarding protocol selection, relay vs. state-store models, provisioning flows, command pipelines, and security posture. Experience with transitioning from an edge-first to a fully cloud-connected architecture is a plus.

• Profound understanding of IoT communication protocols, particularly MQTT and/or AMQP at the infrastructure level, encompassing broker design, QoS trade-offs, session management, connection resilience, and mTLS. Experience with AWS IoT Core and custom broker implementations is highly valued, especially as AWS IoT Core becomes relevant in Phase 2.

• A security-first engineering mindset, with an understanding of Zero-Trust models, end-to-end encryption architectures where the relay cannot inspect the payload, RBAC for multiple persona types, and IoT-specific threat modeling. Familiarity with Australia's IoT Code of Practice is a bonus.

• Proficiency in C# and .NET 10, including Clean Architecture, CQRS, modern asynchronous patterns, dependency injection, hosted services, and performance-sensitive REST API design. Experience with lightweight data access via Dapper or similar (allowing full SQL control without heavy ORM) is required. Knowledge of Node.js or Go for auxiliary services will also be considered.

• Expertise in production-grade PostgreSQL, including schema design, advanced indexing, query optimization, and the ability to maintain a deliberately lean schema. Experience with MS SQL is an added advantage.

• Proficient in utilizing Redis for real-time state management, pub/sub, and session management, including Redis Streams for event-driven patterns.

• Experience with container deployment in production environments, specifically using Docker and AWS ECS Fargate, including management of the GitHub Actions to ECR to ECS pipeline from commit to production.

• Strong written and verbal communication skills, enabling you to draft design proposals, lead technical design reviews, and articulate architectural trade-offs to non-technical stakeholders with clarity and precision.

🏝️ Benefits

• Competitive salary and benefits package.

• Opportunity to collaborate with a dynamic and innovative team.

• Professional growth and development opportunities.