Website:
itfirm.co.za
Job details:
Job Description
Job Title : Senior Platform Architect (Level IV)
Experience : 12 Years
Location : fully remote
Department : Engineering Platform Architecture
Reports to : CTO
Role Overview
We are building a next-generation hybrid SaaS platform that delivers enterprise-grade analytics, monitoring, and security telemetry from complex on-premises environments into a secure, multi-tenant SaaS portal.
The architecture (as defined in the attached System Demo.pdf diagram) features a central multi-tenant SaaS layer (PostgreSQL + OpenSearch), multiple on-prem deployment modes (Hardened container, Virtual appliance, lightweight Agent), and a critical Outbound Security Gateway that supports both SaaS-bound and standalone SIEM/export use cases.
As our Senior Platform Architect (Level IV), you will own the end-to-end technical vision and execution of this architecture. You will translate the high-level component diagram into production-grade designs, lead a team of senior engineers, provide deep subject-matter expertise across hybrid cloud/on-prem systems, security-hardened components, and data pipelines, and mentor the broader engineering organization. This is a hands-on leadership role you will design, code prototypes, conduct architecture reviews, and drive implementation to successful production rollout.
Key Responsibilities
Own and evolve the reference architecture shown in the System Demo diagram, ensuring all major components are implemented with clarity, scalability, security, and operational excellence :
- Multi-tenant SaaS Portal (PostgreSQL + OpenSearch backend)
- Outbound Security Gateway in Hardened, Virtual, and Agent modes (standalone SIEM export + SaaS connectivity)
- Application Exposure Gateway, Monitoring Platform, Telemetry Ingestion, Evidence Repository, Analytics & Reporting layers
- Identity & Access (proprietary IdP + SAML/OIDC federation)
- Configuration & State management, Integration Services, User ID (JWT) flows
- Define and enforce technical standards for hardened deployments (immutable containers/VMs, least-privilege, zero-trust egress, distroless runtimes, seccomp/AppArmor).
- Lead the implementation of near-real-time and batch data pipelines from on-prem ? SaaS (CDC, streaming, buffering, encryption, transformation).
- Design multi-tenancy, data isolation, compliance controls (GDPR, SOC 2, data residency), and export-to-SIEM capabilities that work independently of the SaaS portal.
- Conduct architecture decision records (ADRs), threat modeling, and scalability/performance reviews.
- Mentor and grow a team of 8-15 engineers (Staff/Principal level); run architecture guilds, design reviews, and technical onboarding.
- Collaborate closely with Product, Security, and Compliance teams to balance customer requirements (enterprise SSO, air-gapped support, SIEM forwarding) with platform roadmap.
- Drive proof-of-concept work, vendor evaluations (e.g., Auth0/Cognito/Keycloak, OpenSearch managed services, gateway frameworks), and technology selection.
- Ensure the platform meets enterprise-grade SLAs for availability, latency, auditability, and operational observability.
Required Qualifications
- 12+ years of experience in software/systems architecture, with at least 5 years in senior/principal roles leading complex hybrid or multi-cloud platforms.
Deep expertise in at least three of the following domains :
- Hybrid SaaS / on-prem architectures (hardened containers, virtual appliances, agents)
- Secure outbound gateways, data diodes, or telemetry shipping (SIEM integration experience strongly preferred)
- Multi-tenant databases & search platforms (PostgreSQL + OpenSearch/Elasticsearch)
- Identity federation (SAML 2.0 + OIDC, SCIM provisioning)
- Cloud-native security (zero-trust, mTLS, immutable infrastructure, policy-as-code)
- Proven track record shipping production hybrid platforms at scale (100+ enterprise customers or equivalent complexity).
- Strong hands-on coding ability (Go, Java, Python, or TypeScript preferred) and infrastructure-as-code (Terraform, Kubernetes, Helm).
- Experience with regulated environments (finance, healthcare, government) and data-residency requirements.
Preferred Qualifications
- Previous experience with observability, security analytics, or SIEM-adjacent platforms (Datadog, Splunk, Elastic, Sentinel, etc.).
- Familiarity with change-data-capture (Debezium), event streaming (Kafka/Kinesis), and real-time analytics pipelines.
- Contributor or speaker in open-source communities around gateways, hardening, or multi-tenancy.
- Level IVa / Principal-level pedigree at a recognized high-growth SaaS or enterprise software company.
What Success Looks Like in the First 6-12 Months :
- Delivered a production-ready Outbound Security Gateway supporting all three modes (Hardened, Virtual, Agent) with both SaaS and standalone SIEM export paths.
- Completed the core multi-tenant SaaS portal backbone (auth, ingestion, analytics storage) aligned to the diagram.
- Mentored the team to a consistent high-quality architecture review process and raised overall engineering maturity.
- Established clear decision records and a living architecture runway for the next 18 months of roadmap features.
(ref:hirist.tech)
Click on Apply to know more.