Sr. Platform Engineer-PH

Remote
Full Time
Pandoblox
Experienced

About the Role

Pandoblox delivers enterprise-quality data platforms to mid-market companies in weeks, not months — a lean team amplified by AI. We're hiring a Senior Platform Engineer to own the infrastructure the entire client-delivery pipeline runs on, and to evolve it so a small team can stand up and operate many concurrent, fully-isolated client environments without scaling headcount.

 

This is a senior IC role: ~70% hands-on platform/infra/DevOps, 20% architecture & security, 10% reliability. You live in Terraform, GCP IAM, CI/CD, and Cloud Run. The mandate isn't infrastructure for its own sake — it's infrastructure that gets client outcomes shipped faster, safer, and more repeatably.

This role goes deep on infrastructure, not up into the app layer. If you'd rather be shipping product features and UI, this is the wrong seat.

Responsibilities

In this role you'll get to...

  • execute and own the following 
    • IaC (signal-iac)— the Terraform/OpenTofu estate; provision a new client with a one-line flag flip. Every change is a PR with a plan diff; prod applies only through a gated workflow. Build the paved road so the delivery team onboards a client through a safe, gated path, not a ticket to you.
    • GCP multi-tenancy— a two-tier project model with one isolated project per client; physical, per-project isolation enforced by IAM.
    • Runtime isolation at scale— the shared services (signal-agents,signal-mcp, Supabase) serve every client at once, so one client's load can never degrade another: per-tenant quotas, fairness, noisy-neighbor protection.
    • Identity & secrets— the keyless model (Workload Identity Federation, impersonated service accounts). No long-lived keys, no secrets in Git, no path from laptop to prod.
    • CI/CD— GitHub Actions: build-once-promote, OIDC/keyless auth, trunk-based with environment promotion.
    • Observability & cost— SLOs, freshness/failure alerting, evidence-first incident response, and per-client cost attribution so margin stays visible as clients stack up.
  • collaborate with the project team 
  • perform other duties or responsibilities  needed by the role

Requirements:

On day one, we'll expect you to...

  • have 8+ years of platform / infra / DevOps / SRE, owning cloud architecture end-to-end
  • have expertise in  Terraform / OpenTofu — production modules, multi-env, gated apply
  • possess deep GCP — IAM & SA design, WIF, Cloud Run, networking, Secret Manager, BigQuery admin
  • have strong CI/CD — GitHub Actions (or equivalent), OIDC/keyless, build-once-promote, trunk-based
  • have expertise in security & identity judgment — keyless, least-privilege, gated-prod posture you own
  • have experience in multi-tenant isolation at both the data and runtime tiers
  • provide proactive observability & incident response — alerting, SLOs, evidence-first debugging, on-call coverage
  • be experienced in per-client cost attribution / FinOps instincts
  • work with AWS alongside GCP (QuickSight reporting path, Secrets Manager)
  • possess a delivery-first mindset: infra right-sized to delivery outcomes, not over-engineered
  • have excellent written and verbal English communication skills
  • have a fully functional and up-to-date computer with which to perform duties
  • be willing to install next generation end point protection on the computer
  • be a current resident of the Philippines and can perform work from there
  • be willing to work within US Pacific timezone (8am - 5pm PST, 12AM - 9AM Manila time) or during client hours as required
  • be willing to undergo a 90-days probationary period upon initial hire

Required Stack: Terraform/OpenTofu, GCP (Cloud Run, BigQuery, IAM, WIF, Secret Manager), GitHub Actions, Supabase, Vercel,  AWS (Quick, Secrets Manager), Claude (Anthropic API), and modern, opinionated, no legacy click-ops.

These are preferred experiences:

  • Multi-client/consulting delivery pipelines
  • Supabase/Vercel ops 
  • Cloud Run cold-start & scaling tuning 
  • AI-agent / LLM runtime infra (MCP, model APIs) 
  • AI-augmented engineering workflows
This is a remote, work from home job.
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*