About the RolePandoblox delivers enterprise-quality data platforms to mid-market companies in weeks, not months — a lean team amplified by AI. We're hiring a Senior Platform Engineer to own the infrastructure the entire client-delivery pipeline runs on, and to evolve it so a small team can stand up and operate many concurrent, fully-isolated client environments without scaling headcount.This is a senior IC role: ~70% hands-on platform/infra/DevOps, 20% architecture & security, 10% reliability. You live in Terraform, GCP IAM, CI/CD, and Cloud Run. The mandate isn't infrastructure for its own sake — it's infrastructure that gets client outcomes shipped faster, safer, and more repeatably.This role goes deep on infrastructure, not up into the app layer. If you'd rather be shipping product features and UI, this is the wrong seat.ResponsibilitiesIn this role you'll get to...execute and own the following IaC (signal-iac)— the Terraform/OpenTofu estate; provision a new client with a one-line flag flip. Every change is a PR with a plan diff; prod applies only through a gated workflow. Build the paved road so the delivery team onboards a client through a safe, gated path, not a ticket to you.GCP multi-tenancy— a two-tier project model with one isolated project per client; physical, per-project isolation enforced by IAM.Runtime isolation at scale— the shared services (signal-agents, signal-mcp, Supabase) serve every client at once, so one client's load can never degrade another: per-tenant quotas, fairness, noisy-neighbor protection.Identity & secrets— the keyless model (Workload Identity Federation, impersonated service accounts). No long-lived keys, no secrets in Git, no path from laptop to prod.CI/CD— GitHub Actions: build-once-promote, OIDC/keyless auth, trunk-based with environment promotion.Observability & cost— SLOs, freshness/failure alerting, evidence-first incident response, and per-client cost attribution so margin stays visible as clients stack up.collaborate with the project teamperform other duties or responsibilities needed by the roleRequirements:On day one, we'll expect you to...have 8+ years of platform / infra / DevOps / SRE, owning cloud architecture end-to-endhave expertise in Terraform / OpenTofu — production modules, multi-env, gated applypossess deep GCP — IAM & SA design, WIF, Cloud Run, networking, Secret Manager, BigQuery adminhave strong CI/CD — GitHub Actions (or equivalent), OIDC/keyless, build-once-promote, trunk-basedhave expertise in security & identity judgment — keyless, least-privilege, gated-prod posture you ownhave experience in multi-tenant isolation at both the data and runtime tiersprovide proactive observability & incident response — alerting, SLOs, evidence-first debugging, on-call coveragebe experienced in per-client cost attribution / FinOps instinctswork with AWS alongside GCP (QuickSight reporting path, Secrets Manager)possess a delivery-first mindset: infra right-sized to delivery outcomes, not over-engineeredhave excellent written and verbal English communication skillshave a fully functional and up-to-date computer with which to perform dutiesbe willing to install next generation end point protection on the computerbe a current resident of the Philippines and can perform work from therebe willing to work within US Pacific timezone (8am - 5pm PST, 12AM - 9AM Manila time) or during client hours as requiredbe willing to undergo a 90-days probationary period upon initial hireRequired Stack: Terraform/OpenTofu, GCP (Cloud Run, BigQuery, IAM, WIF, Secret Manager), GitHub Actions, Supabase, Vercel, AWS (Quick, Secrets Manager), Claude (Anthropic API), and modern, opinionated, no legacy click-ops.These are preferred experiences:Multi-client/consulting delivery pipelinesSupabase/Vercel opsCloud Run cold-start & scaling tuningAI-agent / LLM runtime infra (MCP, model APIs)AI-augmented engineering workflowsThis is a remote, work from home job.