Logo for Pandoblox

Sr. Platform Engineer-PH

Key Facts

Remote From: 
Full time
Senior (5-10 years)
English

Other Skills

  • Communication

Roles & Responsibilities

  • 8+ years of platform / infra / DevOps / SRE experience
  • Expertise in Terraform / OpenTofu
  • Deep GCP knowledge including IAM, WIF, Cloud Run
  • Strong CI/CD experience with GitHub Actions or equivalent

Requirements:

  • Execute and own the IaC (signal-iac) with Terraform/OpenTofu
  • Manage GCP multi-tenancy with isolated client projects
  • Implement identity and secrets management with keyless models
  • Ensure proactive observability and incident response

Job description

About the Role

Pandoblox delivers enterprise-quality data platforms to mid-market companies in weeks, not months — a lean team amplified by AI. We're hiring a Senior Platform Engineer to own the infrastructure the entire client-delivery pipeline runs on, and to evolve it so a small team can stand up and operate many concurrent, fully-isolated client environments without scaling headcount.

 

This is a senior IC role: ~70% hands-on platform/infra/DevOps, 20% architecture & security, 10% reliability. You live in Terraform, GCP IAM, CI/CD, and Cloud Run. The mandate isn't infrastructure for its own sake — it's infrastructure that gets client outcomes shipped faster, safer, and more repeatably.

This role goes deep on infrastructure, not up into the app layer. If you'd rather be shipping product features and UI, this is the wrong seat.

Responsibilities

In this role you'll get to...

  • execute and own the following 
    • IaC (signal-iac)— the Terraform/OpenTofu estate; provision a new client with a one-line flag flip. Every change is a PR with a plan diff; prod applies only through a gated workflow. Build the paved road so the delivery team onboards a client through a safe, gated path, not a ticket to you.
    • GCP multi-tenancy— a two-tier project model with one isolated project per client; physical, per-project isolation enforced by IAM.
    • Runtime isolation at scale— the shared services (signal-agents,signal-mcp, Supabase) serve every client at once, so one client's load can never degrade another: per-tenant quotas, fairness, noisy-neighbor protection.
    • Identity & secrets— the keyless model (Workload Identity Federation, impersonated service accounts). No long-lived keys, no secrets in Git, no path from laptop to prod.
    • CI/CD— GitHub Actions: build-once-promote, OIDC/keyless auth, trunk-based with environment promotion.
    • Observability & cost— SLOs, freshness/failure alerting, evidence-first incident response, and per-client cost attribution so margin stays visible as clients stack up.
  • collaborate with the project team 
  • perform other duties or responsibilities  needed by the role

Requirements:

On day one, we'll expect you to...

  • have 8+ years of platform / infra / DevOps / SRE, owning cloud architecture end-to-end
  • have expertise in  Terraform / OpenTofu — production modules, multi-env, gated apply
  • possess deep GCP — IAM & SA design, WIF, Cloud Run, networking, Secret Manager, BigQuery admin
  • have strong CI/CD — GitHub Actions (or equivalent), OIDC/keyless, build-once-promote, trunk-based
  • have expertise in security & identity judgment — keyless, least-privilege, gated-prod posture you own
  • have experience in multi-tenant isolation at both the data and runtime tiers
  • provide proactive observability & incident response — alerting, SLOs, evidence-first debugging, on-call coverage
  • be experienced in per-client cost attribution / FinOps instincts
  • work with AWS alongside GCP (QuickSight reporting path, Secrets Manager)
  • possess a delivery-first mindset: infra right-sized to delivery outcomes, not over-engineered
  • have excellent written and verbal English communication skills
  • have a fully functional and up-to-date computer with which to perform duties
  • be willing to install next generation end point protection on the computer
  • be a current resident of the Philippines and can perform work from there
  • be willing to work within US Pacific timezone (8am - 5pm PST, 12AM - 9AM Manila time) or during client hours as required
  • be willing to undergo a 90-days probationary period upon initial hire

Required Stack: Terraform/OpenTofu, GCP (Cloud Run, BigQuery, IAM, WIF, Secret Manager), GitHub Actions, Supabase, Vercel,  AWS (Quick, Secrets Manager), Claude (Anthropic API), and modern, opinionated, no legacy click-ops.

These are preferred experiences:

  • Multi-client/consulting delivery pipelines
  • Supabase/Vercel ops 
  • Cloud Run cold-start & scaling tuning 
  • AI-agent / LLM runtime infra (MCP, model APIs) 
  • AI-augmented engineering workflows
This is a remote, work from home job.

Platform Engineer Related jobs

Other jobs at Pandoblox

We help you get seen. Not ignored.

We help you get seen faster — by the right people.

🚀

Auto-Apply

We apply for you — automatically and instantly.

Save time, skip forms, and stay on top of every opportunity. Because you can't get seen if you're not in the race.

AI Match Feedback

Know your real match before you apply.

Get a detailed AI assessment of your profile against each job posting. Because getting seen starts with passing the filters.

Upgrade to Premium. Apply smarter and get noticed.

Upgrade to Premium

Join thousands of professionals who got noticed and hired faster.