This is a remote position.
Kyckr is a B2B API platform that gives regulated businesses access to legally authoritative company data from 300+ corporate registries across 120 countries. Our customers are banks, fintechs, and compliance teams who rely on Kyckr to power their Know Your Business (KYB) and AML workflows. Data is sourced in real-time from official government registries and delivered through a normalised, machine-readable API.
We are a small, focused engineering team distributed across the UK, Philippines, and Australia. We operate on Azure and have been growing our use of Infrastructure-as-Code, Azure DevOps, and Kubernetes. We are at an interesting inflection point — modernising a complex legacy platform while building out a new Registry Hub architecture.
The Role
We are looking for a Senior Platform Engineer with solid DevOps experience to own our Azure cloud platform end-to-end. You will be the primary person responsible for the reliability, security, and evolution of our platform infrastructure — from CI/CD pipelines and Kubernetes to Azure governance policies and Infrastructure-as-Code.
This is a solo platform engineering role, meaning you will have significant ownership and autonomy. You will work closely with the CTO and the development team to ship changes safely, maintain observability, and continuously improve the platform. We are a pragmatic team — we value getting things done over process for its own sake.
The right person will be someone who is energised by breadth, comfortable making considered decisions independently, and can clearly communicate any trade-offs required.
What You’ll Be Doing
Platform & Infrastructure
Own and evolve our Azure Landing Zone architecture, implemented via the Azure Cloud Adoption Framework (CAF) Enterprise Scale module in Terraform.
Manage and extend our Bicep-based infrastructure-as-code across application services (Azure Functions, App Services, APIM, Service Bus, Durable Functions, Blob Storage, Key Vault, and more).
Maintain and improve Azure governance, including custom Azure Policy definitions, RBAC, and management group configuration.
Ensure all infrastructure deployments meet our mandatory tagging, naming conventions, and region-lock policies.
CI/CD & Developer Experience
Own our Azure DevOps pipeline estate — we have 33+ YAML pipeline definitions covering builds, releases, and acceptance tests across a large .NET monorepo and the newer Registry Hub.
Maintain and improve our self-hosted build agent infrastructure (VMSS-based pools) and Azure Container Registry integrations.
Work with developers to design and improve pipeline templates, reduce build times, and make deployments safer and more repeatable.
Support the team’s use of GitHub for tooling and Copilot organisation management alongside Azure DevOps.
Kubernetes & Container Platform
Manage our Kubernetes cluster (4 physical nodes), which orchestrates Docker containers running our web scraping infrastructure.
Maintain and improve container deployments, image builds, and the Azure Container Registry.
Ensure the scraping platform (fed via Azure Service Bus queues) is reliable and observable.
Security & Compliance
Manage secrets and access through Azure Key Vault, enforcing RBAC-based access models.
Maintain Azure Entra ID configurations, service principals, and managed identities.
Respond to policy compliance findings and drive remediation across the estate.
Ensure the platform is appropriately hardened for a regulated-industry customer base (FinTech, AML/KYC).
Monitoring & Observability
Maintain and improve our monitoring stack: Azure Application Insights, Azure Monitor alerting, and Grafana dashboards.
Ensure distributed tracing and logging is consistent and useful across Azure Functions and App Services.
Respond to platform incidents and lead post-incident reviews.
Collaboration & Documentation
Work asynchronously with a distributed team across three time zones.
Document infrastructure decisions, runbooks, and architecture changes in Confluence.
Contribute to ongoing architecture discussions, particularly around tenant isolation, SOAP migration sequencing, and our Registry Hub build-out.
