Senior Platform Engineer
🇺🇸 United States
Stellar
Management
Python
Docker
AWS
Azure
PostgreSQL
Oracle
Git
Terraform
Snowflake
GitHub
Machine Learning
Design
Redis
Backend
Devops
SQL
Testing
Security Engineer
$101,500.00 - $169,100.00
Senior Platform Engineer
from 🇺🇸 United States
$101,500.00 - $169,100.00
Company
Cox Automotive - USAJob Family Group
Job Profile
Management Level
Flexible Work Option
Travel %
Work Shift
Compensation
Compensation includes a base salary in the range of $101,500.00 - $169,100.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.Job Description
Cox Automotive’sEngineering & Technology organization is building a centralized Enterprise AI Integration Platform — the governed infrastructure layer that allows every team in the organization to connect AI agents (Claude, Copilot Studio, Claude Code) to enterprise data sources in a secure, observable, and self-service way. ThisSenior Platform Engineer will own the technical implementation of that platform: the central AI gateway server, the on-demand connector provisioning engine, the identity-driven session layer, and the observability stack that gives the organization full visibility into every AI tool call made against production data.Â
Â
This is one of a small number of roles at Cox Automotive working at the intersection of enterprise infrastructure engineering and Model Context Protocol (MCP) — the protocol rapidly becoming the standard interface between AI agents and enterprise systems. The work is novel, the surface area is broad, and the organizational impact is significant.Â
Â
What You'll Do:
- Design, implement, and optimize the central AI Gateway MCP server — the single governed endpoint through which all AI client connections route, built on FastAPI + uvicorn for high-concurrency enterprise workloadsÂ
- Build and maintain the Redis ElastiCache session layer that binds Microsoft Entra identity to role-resolved MCP tool sets, including token lifecycle management, sliding TTL extension, per-user quota enforcement, and distributed rate limitingÂ
- Implement the on-demand connector provisioning engine — a system that provisions compute containers with enterprise client drivers, establishes VPC-internal network paths, and retrieves credentials from AWS Secrets Manager automatically when a user’s AI agent declares intent to access a data sourceÂ
- Build enterprise system connectors as MCP tool sets: Oracle DB, SharePoint Graph API, Rally, ServiceNow, and a vendor connector approval pipeline with ECR container image scanning and an Aurora-backed connector registryÂ
- Implement comprehensive automated testing: unit, integration, load testing (1,000+ concurrent users), and chaos testing for connector fault toleranceÂ
- Build and maintain the full observability stack: structured logging, Prometheus metrics, Kinesis Firehose → OpenSearch indexing, and Grafana dashboards for per-user, per-tool, per-session audit trailsÂ
- Design and implement CI/CD pipelines for all platform components via GitHub Actions, with automated container image builds, ECS task definition updates, and blue/green deploymentsÂ
- Own security controls: Entra OIDC token validation, PII masking on all tool responses, WAF rule management, Secrets Manager integration with autorotation, and OWASP-aligned secure API designÂ
- Maintain and extend the existing Snowflake MCP codebase that forms the foundation of the platform, including session management, RBAC, PII masking, configuration management, and secrets integration modulesÂ
- Develop troubleshooting and diagnostic tools for production supportÂ
- Create documentation, runbooks, and operational playbooks for platform support and maintenanceÂ
Â
Who You Are:
Minimum Requirements:Â
- Bachelor’s degree in a related discipline and 4 years’ experience in a related field. The right candidate could also have a different combination, such as a master’s degree and 2 years’ experience; a Ph.D. and up to 1 year of experience; or 16 years’ experience in a related field
- Python development (4+ years) with advanced async/await patterns, FastAPI, multiprocessing, and production performance optimizationÂ
- Model Context Protocol (MCP) — hands-on implementation experience with MCP servers, tool definitions, and client integration patterns; ability to read and extend the protocol specification independentlyÂ
- AWS platform depth: ECS Fargate task lifecycle management, ElastiCache Redis (TLS, clustering, eviction policies), Secrets Manager, Route 53, ALB (sticky sessions, TLS termination), ECR, Aurora Postgres, SSM Parameter Store, CloudWatch, Kinesis FirehoseÂ
- Microsoft Entra ID / Azure AD integration: OIDC federation, group membership extraction via Graph API or JWT claims, RBAC pattern implementationÂ
- Database integration and optimization: Oracle, PostgreSQL, Snowflake, SQL Server — including connection pooling, query optimization, and schema introspectionÂ
- Distributed systems patterns: circuit breakers, retry with exponential backoff, bulkhead isolation, Redis-backed distributed state, graceful degradationÂ
- Container platform: Docker multi-stage builds, ECS task definitions, non-root container security, health endpoint implementationÂ
- REST API security: JWT validation, rate limiting, input validation, PII detection and maskingÂ
- Observability: structured JSON logging, Prometheus client instrumentation, distributed tracing concepts, CloudWatch Logs InsightsÂ
- Version control and CI/CD (Git, GitHub Actions, automated testing pipelines)Â
Preferred ExperienceÂ
- High-concurrency MCP server development with proven experience supporting enterprise-scale concurrent sessionsÂ
- Snowflake advanced optimization: warehouse sizing, query profiling, result caching, role-based access patternsÂ
- Infrastructure-as-code with Terraform for AWS resource provisioningÂ
- On-demand infrastructure provisioning: ephemeral container lifecycle, VPC-internal networking, dynamic credential injectionÂ
- Redis advanced patterns: sliding window rate limiting, distributed quota enforcement, pub/sub for session eventsÂ
- Enterprise compliance: audit logging design, data governance patterns, OWASP Top 10 remediationÂ
- Experience working with AI/LLM platforms, agentic frameworks, or AI developer toolingÂ
- Familiarity with the MCP ecosystem: Anthropic Claude integration, MCP client patterns in Claude.ai, Claude Code, or Copilot StudioÂ
- Security best practices including OWASP guidelines and secure coding practicesÂ
- DevOps experience including infrastructure automation and deployment strategiesÂ
Drug Testing
Benefits
About Us
Â
Â
Â








