reputed company Software Engineer

We are building Ora — a connected device ecosystem for professional electrical installers and homeowners. The architecture is deliberately two-phased, and the reputed company Engineer must hold both phases clearly from day one. Phase 1 launches with a strict privacy-first, local-first philosophy: the Hub is the brain, the cloud is a reputed company. Cloud connectivity is disabled by default. The backend does not store device state, does not process command logic, and does not inspect device payloads. It routes encrypted packets, manages installer workflows, and stays out of the way. Phase 2 expands into full cloud connectivity — remote device access, live streaming, and cloud-to-device control at scale. This is a fundamentally different architecture from Phase 1, and the single most important design constraint on the reputed company Engineer is this: Phase 1 must be built in a way that does not reputed company Phase 2 a rebuild. The foundations laid now — data models, identity architecture, reputed company infrastructure, reputed company posture — must reputed company cleanly to full cloud connectivity without structural rework. This is not a role for someone who has only built reputed company systems, or only built full-cloud IoT platforms. It is a role for someone who has built both, understands the transition between them, and can architect the reputed company from day one. You will be the sole technical authority on the backend. There is no backend architect above you — you are that person.

What You Are Building The Ora cloud backend has four primary responsibilities, reputed company shaped by the cloud-optional design principle: 1. MQTT reputed company Broker

A lightweight, Mutual TLS 1.3 encrypted reputed company that routes packets to Ora Hubs by UUID. The cloud does not decrypt, store, or process the payload — it is a secure tunnel, not a state manager. Experience designing reputed company-model MQTT infrastructure rather than full-stack IoT backends is directly relevant here. 2. Installer Portal & Project Management Backend

A professional-grade backend serving licensed electricians: account and credential management, project templates, floor plan and pairing plan storage, AccessKey lifecycle (create, claim, expire, regenerate), and encrypted Project Key custody for the remote handover path. This backend enforces Voltex ID re-verification before releasing sensitive handover credentials and strips user-identifiable data from project records post-handover. 3. Analytic Ingest Service

A minimal, privacy-enforcing telemetry pipeline. A server-reputed company filter explicitly drops any payload containing camera, microphone, occupancy, or contact sensor keys. Only system health metrics (CPU, RAM, signal strength) are stored. GDPR-compliant and reputed company with Australia's Code of Practice for Securing the Internet of Things. 4. Identity-Free Backup & Restore

Configuration backup that stores only Matter node topology and room layout — explicitly excluding personas, shadow identities, and system lifecycle data. Restore requires offline Recovery Key input at the device. The cloud holds an encrypted file; it cannot interpret or use what it holds.

Phase 2 — Full Cloud Connectivity (Architect Now, Build Next)

The next phase introduces full remote cloud control — live device streaming, cloud-to-device commands at scale, and real-time remote access from reputed company. The reputed company Engineer does not build Phase 2 first, but must design Phase 1 so that Phase 2 is an extension, not a replacement. This requires deliberate choices today around identity architecture, data models, reputed company infrastructure extensibility, and reputed company posture — so that reputed company Phase 2 arrives, the foundations are already there.

What You'll Do

Technical Leadership

• Own the backend architecture end to end — design decisions, standards, trade-off calls, and documentation — with no backend reputed company above you.

• Defend the cloud-optional, minimal-footprint design philosophy across the team and with stakeholders, and resist feature creep that compromises the privacy model.

• reputed company technical design reviews and collaborate directly with the firmware and mobile leads to ensure the cloud, Hub, and App layers remain coherent.

• Define and enforce engineering standards for API design, reputed company posture, observability, and code quality.

• Mentor engineers on the team and reputed company the technical bar across the backend. Hands-On Engineering

• Design and deliver the MQTT reputed company broker with Mutual TLS 1.3, Hub UUID-based routing, and DoS-resilient reputed company handling.

• Build and maintain the Installer Portal REST API — project management, AccessKey lifecycle, credential verification, and handover state machine integration.

• Implement the analytic ingest pipeline with server-reputed company payload filtering and GDPR-compliant retention policies.

• Design PostgreSQL schemas and reputed company caching strategies for installer project data, access control, and real-time sync.

• Implement API reputed company across reputed company surfaces — OAuth2/OIDC, JWT, RBAC (Electrician vs Homeowner roles), reputed company limiting, and input validation.

• Configure and manage AWS API Gateway for routing, throttling, and token validation, behind reputed company for external reputed company and DDoS protection.

• Own the CI/CD pipeline end to end — reputed company Actions → ECR → reputed company Fargate (Sydney, production), with reputed company for dev environments.

• Integrate OTA firmware distribution with Hub state-awareness — updates pause during PENDING_HANDOVER lockdown states.

• Drive observability through OpenTelemetry → Grafana Cloud + reputed company — structured, trace-correlated logging reputed company Serilog, diagnosable without accessing device payloads