Role Type : Contract (Inside IR35)
Required Skills:
* 5+ years hands-on experience with Envoy Proxy (xDS/ADS, ext_authz, HTTP/2, gRPC, WebSocket) and/or Kong API Gateway (plugin development, DB-less mode, Admin API)
* Strong Go development skills - control-plane services, gRPC APIs, Kubernetes controllers (client-go), concurrency patterns
* Production Kubernetes experience (EKS and/or on-prem clusters) - Helm charts, HPA, PodDisruptionBudgets, NetworkPolicy, namespace isolation, ArgoCD GitOps
* Deep understanding of OAuth 2.0 / OIDC / PKCE flows, DPoP sender-constrained tokens, mTLS, and session management patterns
* Experience with OPA (Open Policy Agent) policy authoring in Rego and sidecar deployment patterns
* Hands-on with OpenTelemetry (traces, metrics, logs), Dynatrace, and Splunk SIEM integration
* Working knowledge of CDN/WAF platforms (Akamai Ion, Kona, Cloudflare) and WAF-as-code automation
* Experience with PostgreSQL (HA, connection pooling, PITR) and Kafka (MSK, Schema Registry, DLQ patterns)
* Familiarity with DNS steering (GeoDNS, Akamai GTM, health-check routing) and TLS certificate lifecycle (cert-manager, HSM/KMS)
* Strong CS fundamentals - networking (L3-L7), distributed systems, data structures & algorithms
* Experience building high-volume, low-latency, resilient infrastructure services
* BS/MS degree in Computer Science, related technical field, or equivalent with 8+ years of industry experience
Nice to have:
* TypeScript/React experience for operator dashboard development
* AWS infrastructure experience (EKS, MSK, Lambda, Direct Connect, Network Firewall)
* Bitbucket Pipelines CI/CD and GitOps delivery workflows
* Experience with CAEP (Continuous Access Evaluation Protocol) or similar session revocation mechanisms
* Background in identity platforms (ForgeRock, SAML federation, token exchange patterns)
£400.00 - £450.00 per day












