Java Engineer / Java Platform Engineer

Job Title : Java Engineer / Java Platform Engineer

Location : TX / Dallas

Duration : 3 Months CTH

Job Description :

IIoT Platform (On Prem Kubernetes, MQTT, TimescaleDB, Schema Registry)

About the role develop the backend of Nexus : build resilient microservices that speak MQTT, enforce data contracts via Forge, and deliver high throughput, reliable ingest into TimescaleDB on on prem Kubernetes. Drive service SLIs / SLOs, security, and multi tenant operations. Partner with OT (often via Ignition) while keeping the focus on backend reliability and developer experience. Optional secure hybrid to AWS for backup / analytics.

Key Responsibilities

Backend services and APIs

Build stateless, performant services (Go / Java / Python) for ingest, validation, enrichment, and persistence.

Define versioned contracts (REST / gRPC), ensure backward compatibility, idempotency, and robust retries.

Provide shared libraries for schema validation, authN / Z, tracing.

MQTT messaging

Implement producer / consumer services with QoS 0 / 1, retained messages, shared subs, session persistence.

Design tenant aware topic hierarchies, ACLs, and secure device onboarding.

Enforce TLS / mTLS, certificate rotation; optimize throughput with batching and backpressure.

Data contracts (Forge) and CI enforcement

Model telemetry / events with JSON Schema; strict compatibility rules and gated CI checks.

Validate in the data plane; route bad payloads to DLQ with replay tooling.

Lead producer / consumer versioning and migrations.

Time series storage (TimescaleDB)

Design hypertables, compression, retention; high throughput ingest with ordering, dedupe, upserts.

Optimize reads via continuous aggregates and indexes; own backup / restore and PITR.

On prem Kubernetes

Ship Helm charts; manage Deployments / StatefulSets, HPA / VPA, probes, resource tuning.

Establish end to end observability (metrics / traces / logs), actionable alerts; GitOps for promotion / rollback.

Security, multi tenancy, and reliability

Zero trust defaults : mTLS, RBAC hardening, network policies, per tenant isolation.

Secrets / PKI management (Vault / KMS), audit logging; ingress / egress controls and rate limits.

Define SLIs / SLOs; canary / blue green, chaos testing; runbooks, on call, post mortems; DLQ / quarantine and replay.

Collaboration and delivery

Strong PR hygiene, branch protections, semantic versioning, release tagging in GitHub.

Document ADRs, runbooks, and APIs; align OT tag models / payloads with backend contracts.

Required qualifications

5+ years building production backend services in Go / Java / Javascript / C / Python.

Deep MQTT understanding (EMQX / HiveMQ / Mosquitto) : QoS 0 / 1, retained, shared subs, sessions, ACLs, TLS / mTLS.

On prem Kubernetes or docker : Helm, compose, observability, autoscaling, GitOps, secure multi tenant ops.

Time Series Database / historian : hypertables, compression, retention, continuous aggregates, performance, backup / restore.

Schema registry with JSON Schema; CI enforced compatibility.

CI / CD (GitHub Actions or similar) : build / test, canary / blue green, artifacts, automated rollbacks.

Security : PKI, certificates, least privilege, network segmentation, Vault / KMS, audit logging.

Nice to have

Ignition (Transmission / Engine), OPC UA / Modbus / EtherNet / IP.

Kafka / Pulsar and MQTT bridges; CDC / outbox patterns.

IaC (Terraform / Ansible), Rancher / OpenShift; edge (K3s).

Service mesh (Istio / Linkerd) for mTLS / traffic policy.

Hybrid AWS for backup / analytics (ECR / S3 / Glacier, secure tunneling).

Keywords : MQTT, Java, Python, Kubernetes, JSON , CI / CD, API, JavaScript