Senior Platform Engineer

About The Position

Requirements

• Bachelor’s degree in a related discipline and 4 years’ experience in a related field. The right candidate could also have a different combination, such as a master’s degree and 2 years’ experience; a Ph.D. and up to 1 year of experience; or 16 years’ experience in a related field
• Python development (4+ years) with advanced async/await patterns, FastAPI, multiprocessing, and production performance optimization
• Model Context Protocol (MCP) — hands-on implementation experience with MCP servers, tool definitions, and client integration patterns; ability to read and extend the protocol specification independently
• AWS platform depth: ECS Fargate task lifecycle management, ElastiCache Redis (TLS, clustering, eviction policies), Secrets Manager, Route 53, ALB (sticky sessions, TLS termination), ECR, Aurora Postgres, SSM Parameter Store, CloudWatch, Kinesis Firehose
• Microsoft Entra ID / Azure AD integration: OIDC federation, group membership extraction via Graph API or JWT claims, RBAC pattern implementation
• Database integration and optimization: Oracle, PostgreSQL, Snowflake, SQL Server — including connection pooling, query optimization, and schema introspection
• Distributed systems patterns: circuit breakers, retry with exponential backoff, bulkhead isolation, Redis-backed distributed state, graceful degradation
• Container platform: Docker multi-stage builds, ECS task definitions, non-root container security, health endpoint implementation
• REST API security: JWT validation, rate limiting, input validation, PII detection and masking
• Observability: structured JSON logging, Prometheus client instrumentation, distributed tracing concepts, CloudWatch Logs Insights
• Version control and CI/CD (Git, GitHub Actions, automated testing pipelines)

Nice To Haves

• High-concurrency MCP server development with proven experience supporting enterprise-scale concurrent sessions
• Snowflake advanced optimization: warehouse sizing, query profiling, result caching, role-based access patterns
• Infrastructure-as-code with Terraform for AWS resource provisioning
• On-demand infrastructure provisioning: ephemeral container lifecycle, VPC-internal networking, dynamic credential injection
• Redis advanced patterns: sliding window rate limiting, distributed quota enforcement, pub/sub for session events
• Enterprise compliance: audit logging design, data governance patterns, OWASP Top 10 remediation
• Experience working with AI/LLM platforms, agentic frameworks, or AI developer tooling
• Familiarity with the MCP ecosystem: Anthropic Claude integration, MCP client patterns in Claude.ai, Claude Code, or Copilot Studio
• Security best practices including OWASP guidelines and secure coding practices
• DevOps experience including infrastructure automation and deployment strategies

Responsibilities

• Design, implement, and optimize the central AI Gateway MCP server — the single governed endpoint through which all AI client connections route, built on FastAPI + uvicorn for high-concurrency enterprise workloads
• Build and maintain the Redis ElastiCache session layer that binds Microsoft Entra identity to role-resolved MCP tool sets, including token lifecycle management, sliding TTL extension, per-user quota enforcement, and distributed rate limiting
• Implement the on-demand connector provisioning engine — a system that provisions compute containers with enterprise client drivers, establishes VPC-internal network paths, and retrieves credentials from AWS Secrets Manager automatically when a user’s AI agent declares intent to access a data source
• Build enterprise system connectors as MCP tool sets: Oracle DB, SharePoint Graph API, Rally, ServiceNow, and a vendor connector approval pipeline with ECR container image scanning and an Aurora-backed connector registry
• Implement comprehensive automated testing: unit, integration, load testing (1,000+ concurrent users), and chaos testing for connector fault tolerance
• Build and maintain the full observability stack: structured logging, Prometheus metrics, Kinesis Firehose → OpenSearch indexing, and Grafana dashboards for per-user, per-tool, per-session audit trails
• Design and implement CI/CD pipelines for all platform components via GitHub Actions, with automated container image builds, ECS task definition updates, and blue/green deployments
• Own security controls: Entra OIDC token validation, PII masking on all tool responses, WAF rule management, Secrets Manager integration with autorotation, and OWASP-aligned secure API design
• Maintain and extend the existing Snowflake MCP codebase that forms the foundation of the platform, including session management, RBAC, PII masking, configuration management, and secrets integration modules
• Develop troubleshooting and diagnostic tools for production support
• Create documentation, runbooks, and operational playbooks for platform support and maintenance

Benefits

• health care insurance (medical, dental, vision)
• retirement planning (401(k))
• paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO)
• flexible vacation with pay
• seven paid holidays
• up to 160 hours of paid wellness annually