IoT Backend Platform Engineer

Overview

Hybrid
$73 - $85
Contract - Independent
Contract - W2
Contract - 4 Month(s)

Skills

MQTT
Amazon S3
Amazon Web Services
Apache Kafka
JSON
Terraform
PKI
Microservices
Kubernetes
Python
QoS
RBAC
Continuous Integration
Continuous Delivery
Analytics
Docker
TLS
JavaScript
FOCUS
Ethernet
CHAOS
Change Data Capture
C
Storage
Recovery
GitHub
Java
Ansible

Job Details

We have an opening for a IoT Backend Platform Engineer. Start date is 12/1 and will last for 4+ MONTHS. This is a temp to perm role

Locals preferred, but if not local must be ok with travel to Dallas once per month

Hybrid, and onsite in Dallas; once in a month or as needed
Pay Rate is 73-85/hr

Skills (EXPERT/ADVANCED/NONE):
IIoT Backend platform Engineer
Go/Java/Javascript/C/Python
Kubernetes
JSON Schema
Security - PKI, certificates, least privilege, network segmentation, Vault/KMS, audit logging
CI/CD (GitHub Actions or similar) - build/test, canary/blue green, artifacts, automated rollbacks
APIs
Questions (must reply YES to #2-7):

  1. Local to Dallas?
  2. If not, are you able to travel to the client site at least once a month with expenses paid?
  3. Do you have IIoT Backend platform Engineer experience?
  4. Do you have 5+ years building production backend services in Go/Java/Javascript/C/Python?
  5. Do you have deep MQTT understanding?
  6. Are you a Time Series Database/historian: hypertables, compression, retention, continuous aggregates, performance, backup/restore?
  7. Do you have schema registry with JSON Schema?


Description:

IIoT Platform (On Prem Kubernetes, MQTT, TimescaleDB, Schema Registry)
About the role develop the backend of Nexus: build resilient microservices that speak MQTT, enforce data contracts via Forge, and deliver high throughput, reliable ingest into TimescaleDB on on prem Kubernetes. Drive service SLIs/SLOs, security, and multi tenant operations. Partner with OT (often via Ignition) while keeping the focus on backend reliability and developer experience. Optional secure hybrid to AWS for backup/analytics.

Key responsibilities
Backend services and APIs
o Build stateless, performant services (Go/Java/Python) for ingest, validation, enrichment, and persistence.
o Define versioned contracts (REST/gRPC), ensure backward compatibility, idempotency, and robust retries.
o Provide shared libraries for schema validation, authN/Z, tracing.
MQTT messaging
o Implement producer/consumer services with QoS 0/1, retained messages, shared subs, session persistence.
o Design tenant aware topic hierarchies, ACLs, and secure device onboarding.
o Enforce TLS/mTLS, certificate rotation; optimize throughput with batching and backpressure.
Data contracts (Forge) and CI enforcement
o Model telemetry/events with JSON Schema; strict compatibility rules and gated CI checks.
o Validate in the data plane; route bad payloads to DLQ with replay tooling.
o Lead producer/consumer versioning and migrations.
Time series storage (TimescaleDB)
o Design hypertables, compression, retention; high throughput ingest with ordering, dedupe, upserts.
o Optimize reads via continuous aggregates and indexes; own backup/restore and PITR.
On prem Kubernetes
o Ship Helm charts; manage Deployments/StatefulSets, HPA/VPA, probes, resource tuning.
o Establish end to end observability (metrics/traces/logs), actionable alerts; GitOps for promotion/rollback.
Security, multi tenancy, and reliability
o Zero trust defaults: mTLS, RBAC hardening, network policies, per tenant isolation.
o Secrets/PKI management (Vault/KMS), audit logging; ingress/egress controls and rate limits.
o Define SLIs/SLOs; canary/blue green, chaos testing; runbooks, on call, post mortems; DLQ/quarantine and replay.
Collaboration and delivery
o Strong PR hygiene, branch protections, semantic versioning, release tagging in GitHub.
o Document ADRs, runbooks, and APIs; align OT tag models/payloads with backend contracts.
Required qualifications
5+ years building production backend services in Go/Java/Javascript/C/Python.
Deep MQTT understanding (EMQX/HiveMQ/Mosquitto): QoS 0/1, retained, shared subs, sessions, ACLs, TLS/mTLS.
On prem Kubernetes or docker: Helm, compose, observability, autoscaling, GitOps, secure multi tenant ops.
Time Series Database/historian: hypertables, compression, retention, continuous aggregates, performance, backup/restore.
Schema registry with JSON Schema; CI enforced compatibility.
CI/CD (GitHub Actions or similar): build/test, canary/blue green, artifacts, automated rollbacks.
Security: PKI, certificates, least privilege, network segmentation, Vault/KMS, audit logging.

Nice to have
Ignition (Transmission/Engine), OPC UA/ModbEtherNet/IP.
Kafka/Pulsar and MQTT bridges; CDC/outbox patterns.
IaC (Terraform/Ansible), Rancher/OpenShift; edge (K3s).
Service mesh (Istio/Linkerd) for mTLS/traffic policy.
Hybrid AWS for backup/analytics (ECR/S3/Glacier, secure tunneling).

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.