Lead Software Engineer

We are building Ora — a connected device ecosystem for professional electrical installers and homeowners. The architecture is deliberately two-phased, and the Lead Engineer must hold both phases clearly from day one. Phase 1 launches with a strict privacy-first, local-first philosophy: the Hub is the brain, the cloud is a relay. Cloud connectivity is disabled by default. The backend does not store device state, does not process command logic, and does not inspect device payloads. It routes encrypted packets, manages installer workflows, and stays out of the way. Phase 2 expands into full cloud connectivity — remote device access, live streaming, and cloud-to-device control at scale. This is a fundamentally different architecture from Phase 1, and the single most important design constraint on the Lead Engineer is this: Phase 1 must be built in a way that does not make Phase 2 a rebuild. The foundations laid now — data models, identity architecture, relay infrastructure, security posture — must extend cleanly to full cloud connectivity without structural rework. This is not a role for someone who has only built relay systems, or only built full-cloud IoT platforms. It is a role for someone who has built both, understands the transition between them, and can architect the bridge from day one. You will be the sole technical authority on the backend. There is no backend architect above you — you are that person. What You Are Building The Ora cloud backend has four primary responsibilities, all shaped by the cloud-optional design principle: 1. MQTT Relay Broker A lightweight, Mutual TLS 1.3 encrypted relay that routes packets to Ora Hubs by UUID. The cloud does not decrypt, store, or process the payload — it is a secure tunnel, not a state manager. Experience designing relay-model MQTT infrastructure rather than full-stack IoT backends is directly relevant here. 2. Installer Portal & Project Management Backend A professional-grade backend serving licensed electricians: account and credential management, project templates, floor plan and pairing plan storage, AccessKey lifecycle (create, claim, expire, regenerate), and encrypted Project Key custody for the remote handover path. This backend enforces Voltex ID re-verification before releasing sensitive handover credentials and strips user-identifiable data from project records post-handover. 3. Analytic Ingest Service A minimal, privacy-enforcing telemetry pipeline. A server-side filter explicitly drops any payload containing camera, microphone, occupancy, or contact sensor keys. Only system health metrics (CPU, RAM, signal strength) are stored. GDPR-compliant and aligned with Australia's Code of Practice for Securing the Internet of Things. 4. Identity-Free Backup & Restore Configuration backup that stores only Matter node topology and room layout — explicitly excluding personas, shadow identities, and system lifecycle data. Restore requires offline Recovery Key input at the device. The cloud holds an encrypted file; it cannot interpret or use what it holds. Phase 2 — Full Cloud Connectivity (Architect Now, Build Next) The next phase introduces full remote cloud control — live device streaming, cloud-to-device commands at scale, and real-time remote access from anywhere. The Lead Engineer does not build Phase 2 first, but must design Phase 1 so that Phase 2 is an extension, not a replacement. This requires deliberate choices today around identity architecture, data models, relay infrastructure extensibility, and security posture — so that when Phase 2 arrives, the foundations are already there. What You'll Do Technical Leadership • Own the backend architecture end to end — design decisions, standards, trade-off calls, and documentation — with no backend lead above you. • Defend the cloud-optional, minimal-footprint design philosophy across the team and with stakeholders, and resist feature creep that compromises the privacy model. • Lead technical design reviews and collaborate directly with the firmware and mobile leads to ensure the cloud, Hub, and App layers remain coherent. • Define and enforce engineering standards for API design, security posture, observability, and code quality. • Mentor engineers on the team and raise the technical bar across the backend. Hands-On Engineering • Design and deliver the MQTT relay broker with Mutual TLS 1.3, Hub UUID-based routing, and DoS-resilient connection handling. • Build and maintain the Installer Portal REST API — project management, AccessKey lifecycle, credential verification, and handover state machine integration. • Implement the analytic ingest pipeline with server-side payload filtering and GDPR-compliant retention policies. • Design PostgreSQL schemas and Redis caching strategies for installer project data, access control, and real-time sync. • Implement API security across all surfaces — OAuth2/OIDC, JWT, RBAC (Electrician vs Homeowner roles), rate limiting, and input validation. • Configure and manage AWS API Gateway for routing, throttling, and token validation, behind Cloudflare for external security and DDoS protection. • Own the CI/CD pipeline end to end — GitHub Actions → ECR → ECS Fargate (Sydney, production), with Render for dev environments. • Integrate OTA firmware distribution with Hub state-awareness — updates pause during PENDING_HANDOVER lockdown states. • Drive observability through OpenTelemetry → Grafana Cloud + Sentry — structured, trace-correlated logging via Serilog, diagnosable without accessing device payloads