Platform Engineer
Posted 2 weeks ago by iXceed Solutions
Negotiable
Undetermined
Undetermined
Greater Glasgow Area
Summary: The Platform Engineer role requires an experienced professional to design, build, and operate Envoy and Kong gateway infrastructure for production traffic. The position demands strong Go development skills and extensive experience with Kubernetes, API gateways, and various cloud technologies. The engineer will also be responsible for implementing authorization policies and managing deployments in a multi-cluster environment. Collaboration with teams to migrate traffic and ensure production readiness is essential for this role.
Key Responsibilities:
- Design, build and operate Envoy and Kong gateway infrastructure serving production traffic across multiple lines of business
- Develop Go-based control-plane services - Ingress Registry, xDS controllers, Session Manager, Context Propagator
- Implement and maintain OPA policy bundles for coarse-grained authorization at the gateway layer
- Build and extend OpenTelemetry instrumentation pipelines (OTel Collector, Dynatrace OTLP ingest, Splunk SIEM forwarding)
- Manage GitOps-driven deployments via ArgoCD and Helm across multi-cluster Kubernetes environments
- Automate WAF rule management across Akamai and Cloudflare using WAF-as-code patterns
- Contribute to the platform operator console (TypeScript/React) for route management, drift detection, and session visibility
- Collaborate with LOB teams to onboard routes and migrate traffic from legacy ingress infrastructure
- Participate in incident response, runbook development, and production readiness reviews
- Champion software engineering best practices - code review, testing, documentation, and observability-first design
Key Skills:
- BS/MS degree in Computer Science or related technical field, or equivalent
- 8+ years of industry experience
- 5+ years hands-on experience with Envoy Proxy and/or Kong API Gateway
- Strong Go development skills
- Production Kubernetes experience (EKS and/or on-prem clusters)
- Deep understanding of OAuth 2.0 / OIDC / PKCE flows
- Experience with OPA (Open Policy Agent) policy authoring in Rego
- Hands-on with OpenTelemetry, Dynatrace, and Splunk SIEM integration
- Working knowledge of CDN/WAF platforms
- Experience with PostgreSQL and Kafka
- Strong CS fundamentals - networking, distributed systems, data structures & algorithms
- Nice to have: TypeScript/React experience, AWS infrastructure experience, Bitbucket Pipelines CI/CD
- Background in identity platforms
Salary (Rate): undetermined
City: Greater Glasgow Area
Country: undetermined
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: Other
Platform Engineer Onsite 5 days Required Skills BS/MS degree in Computer Science, related technical field, or equivalent, with 8+ years of industry experience 5+ years hands-on experience with Envoy Proxy (xDS/ADS, ext_authz, HTTP/2, gRPC, WebSocket) and/or Kong API Gateway (plugin development, DB-less mode, Admin API) Strong Go development skills - control-plane services, gRPC APIs, Kubernetes controllers (client-go), concurrency patterns Production Kubernetes experience (EKS and/or on-prem clusters) - Helm charts, HPA, PodDisruptionBudgets, NetworkPolicy, namespace isolation, ArgoCD GitOps Deep understanding of OAuth 2.0 / OIDC / PKCE flows, DPoP sender-constrained tokens, mTLS, and session management patterns Experience with OPA (Open Policy Agent) policy authoring in Rego and sidecar deployment patterns Hands-on with OpenTelemetry (traces, metrics, logs), Dynatrace, and Splunk SIEM integration Working knowledge of CDN/WAF platforms (Akamai Ion, Kona, Cloudflare) and WAF-as-code automation Experience with PostgreSQL (HA, connection pooling, PITR) and Kafka (MSK, Schema Registry, DLQ patterns) Familiarity with DNS steering (GeoDNS, Akamai GTM, health-check routing) and TLS certificate lifecycle (cert-manager, HSM/KMS) Strong CS fundamentals - networking (L3-L7), distributed systems, data structures & algorithms Experience building high-volume, low-latency, resilient infrastructure services Nice to have: TypeScript/React experience for operator dashboard development AWS infrastructure experience (EKS, MSK, Lambda, Direct Connect, Network Firewall) Bitbucket Pipelines CI/CD and GitOps delivery workflows Experience with CAEP (Continuous Access Evaluation Protocol) or similar session revocation mechanisms Background in identity platforms (ForgeRock, SAML federation, token exchange patterns) Job Description Day-to-day responsibilities: Design, build and operate Envoy and Kong gateway infrastructure serving production traffic across multiple lines of business Develop Go-based control-plane services - Ingress Registry, xDS controllers, Session Manager, Context Propagator Implement and maintain OPA policy bundles for coarse-grained authorization at the gateway layer Build and extend OpenTelemetry instrumentation pipelines (OTel Collector, Dynatrace OTLP ingest, Splunk SIEM forwarding) Manage GitOps-driven deployments via ArgoCD and Helm across multi-cluster Kubernetes environments Automate WAF rule management across Akamai and Cloudflare using WAF-as-code patterns Contribute to the platform operator console (TypeScript/React) for route management, drift detection, and session visibility Collaborate with LOB teams to onboard routes and migrate traffic from legacy ingress infrastructure Participate in incident response, runbook development, and production readiness reviews Champion software engineering best practices - code review, testing, documentation, and observability-first design