Job Description
Own the end-to-end technical design for a cloud-agnostic engineering platform with AI-assisted capabilities, aligned to a regulated environment control and DDD domain segregation. You'll set the reference architecture, guide build decisions, and ensure the solution is operable, secure, and auditable.
What success looks like (outcomes)
* A clear target architecture that teams can implement without interpretation gaps.
* DDD-aligned boundaries: domains are separated, ownership is clear, and integration is deliberate.
* Tooling choices are justified and consistent with governance (SCM/CI/IaC/GitOps/IDP).
* AI capability is introduced safely: scoped permissions, traceability, and human approvals.
Key responsibilities
* Define the platform reference architecture (cloud-agnostic) covering:
o SCM/CI strategy (GitHub vs Bitbucket and implications)
o IaC approach (Terraform/OpenTofu vs Pulumi usage guidelines)
o Kubernetes baseline (multi-cluster, tenancy, networking, secrets)
o GitOps with ArgoCD and promotion strategies
o Container registry strategy and governance
o IDP approach (Backstage/Compass) and operating model
* Drive DDD adoption:
o Domain boundaries, context maps, ownership model, and anti-corruption layers where needed
* Define non-functional requirements and controls:
o Security, resilience, observability, change management, audit evidence, SDLC controls
* Establish architecture governance:
o Decision records, architecture reviews, standards, and cross-team alignment
* Align stakeholders across bank tech, security, risk/compliance, and delivery teams.
* Design the AI-assisted ops capability with guardrails:
o Approved automation patterns (PR creation, suggested changes, safe rollback)
o Risk classification of automated actions
o Human in the loop review requirements and traceability to incidents/tickets
Required experience/must-haves
* Proven technical architecture experience in highly regulated environments (financial services strongly preferred).
* Strong understanding of modern delivery platforms: Kubernetes, GitOps (ArgoCD), CI/CD, IaC.
* Experience designing cloud-agnostic architectures and avoiding vendor lock-in.
* Strong grasp of DDD and practical domain segregation (not just theory).
* Ability to translate governance constraints into workable engineering practices.
* Strong stakeholder management and documentation skills (bank audiences, audit audiences).
Nice-to-haves
* Experience implementing Internal Developer Portals (Backstage and/or Compass) at scale.
* Experience with AI/LLM-assisted developer tooling in enterprise contexts (guardrails, controls, model governance, prompt/RAG on runbooks).
* Familiarity with security frameworks and evidence-led delivery practices.
NOTE: Hybrid, 4 days office per week.