Senior Platform Engineer

Position Summary

Rekor is hiring a Senior Platform Engineer to absorb growing scale and turn it into durable capability. Our engineering organization has accelerated delivery significantly through AI-assisted development, and we need a platform engineer who can keep pace with that throughput while maintaining the security, change management, and audit controls our SOC 2 posture requires.

This is a hands-on role on a small, high-leverage platform team. You will own large parts of our AWS footprint, our CI/CD pipelines (Jenkins, GitHub Actions, and ArgoCD), our container platforms (EKS and ECS), and the controls that keep all of it auditable. You will partner directly with cloud, ML, embedded, and QA teams across our Scout, Discover, and Command product lines.

What You’ll Do

Keep Delivery Velocity High

• Own and continuously improve our CI/CD platform across Jenkins, GitHub Actions, and ArgoCD. Build reusable workflows, templated pipelines, and GitOps delivery patterns so engineers ship through paved paths rather than reinventing them.
• Eliminate platform bottlenecks that slow product teams down. Where engineers are waiting on infrastructure changes, fix the underlying capability so they don’t have to wait next time.
• Build and maintain reusable Terraform, AWS CDK, and CloudFormation modules so new services come up with the right defaults and don’t require platform involvement on every change.
• Provide self-service patterns for common needs: new services, queues, databases, edge ingestion, ML inference, and async workers.

Make AI-Accelerated Development Safe

• Treat the pipeline as the safety net. Wire SAST, secret scanning, IaC policy checks (Checkov, tfsec, OPA), dependency scanning, and license compliance into CI as non-negotiable gates.
• Build supply chain controls into the platform: signed artifacts, SBOM generation, and provenance tracking that hold up under audit.
• Catch the predictable failure modes of AI-generated code (hardcoded secrets, over-permissioned IAM, misconfigured storage, vulnerable dependencies) automatically, before they reach production.
• Make the secure path the easy path. If a control requires engineers to remember it, it will eventually be skipped.

Keep Us Audit-Ready Year-Round

• Treat SOC 2 evidence as a continuous output of the platform, not a once-a-year scramble. Change approvals, access reviews, deployment logs, and configuration history should all be queryable on demand.
• Codify access management with least-privilege defaults across AWS accounts, Kubernetes, and CI/CD systems. Drive periodic access reviews through automation.
• Maintain documented change management workflows that satisfy auditor requirements without slowing engineers down.
• Own secrets management end-to-end: rotation, scoping, audit trails, and remediation paths.
• Partner with Security and Compliance on annual audit cycles. Provide evidence on demand and close findings before they become repeat findings.

Operate AWS at Production Scale

• Architect and maintain AWS infrastructure across our multi-account organization (Scout, Shared, Command, Discover, IT, Finance) with clear isolation, cost attribution, and blast-radius control.
• Operate EKS and ECS as production-grade platforms, including upgrades, autoscaling, and platform-level security policies.
• Drive cost efficiency through right-sizing, reserved capacity strategy, autoscaling and scheduled scaling policies, and architectural choices. Implement cost monitoring and budget alerts that surface anomalies early, and make cost data visible to the teams that can act on it.
• Own observability defaults across CloudWatch and our broader telemetry stack so product teams get metrics, structured logs, and traces without per-service work. Cloud-native instrumentation should be a paved path, not a project.
• Design and maintain alerting in PagerDuty so on-call engineers get paged only on actionable, relevant signals. Drive down alert fatigue, tune thresholds with the teams that own the services, and keep every paging alert tied to a runbook and a clear owner.

Operate and Influence

• Get up to speed quickly across our infrastructure, our toolchain, and our product lines. Take meaningful ownership early.
• Run on-call alongside the rest of the platform team. Lead blameless post-mortems on platform incidents and feed learnings back into the roadmap.
• Mentor and influence engineering practices across the org through RFCs, docs, runbooks, and direct partnership with product teams.

Ideal Profile

A senior platform engineer who has done this exact job before: keeping a real production environment fast, secure, and auditable on a small team. You are pragmatic about scope. You know when to build something durable and when to ship a workable fix and move on. You bring strong opinions and you hold them loosely.

You are comfortable being a force multiplier for an engineering org that ships quickly. You don’t need a large team around you to be effective, and you don’t need a perfect environment to do good work.

Required

• Bachelor’s degree in Computer Science, Information Technology, or related field, or equivalent practical experience.
• 6+ years (Senior) or 9+ years (Staff) in platform engineering, infrastructure engineering, or senior DevOps roles. Title isn’t the filter; demonstrable scope and impact are.
• Deep AWS expertise across compute, networking, IAM, data services, and managed services. Strong opinions on multi-account architecture.
• Strong IaC experience with Terraform, AWS CDK, or CloudFormation, including module design, versioning, and testing.
• CI/CD platform ownership with Jenkins, GitHub Actions, ArgoCD, or equivalent, including reusable workflows, templated pipelines, and GitOps-based delivery to Kubernetes.
• Production experience operating Kubernetes (EKS) and ECS at scale, including upgrades, autoscaling, and security policies.
• Hands-on experience implementing observability and alerting in cloud-native environments (CloudWatch, PagerDuty, Prometheus/Grafana, OpenTelemetry, or equivalents). A track record of building actionable, relevant alerts and driving down alert fatigue—not adding to it.
• Direct, hands-on experience supporting a SOC 2 control environment. You know what auditors ask for and how to produce it without a fire drill.
• Hands-on with policy-as-code and pipeline security tooling (Checkov, tfsec, OPA, Trivy, Snyk, or equivalents).
• Strong scripting and platform coding in Python, Go, TypeScript/Node.js, or Bash. Comfortable writing internal services and tools, not just glue scripts.
• Working knowledge of supply chain security: signed artifacts, SBOM generation, dependency provenance.
• Excellent written communication. Documentation, RFCs, and runbooks are part of the job.

Strongly Preferred

• Hands-on experience supporting AI-assisted development workflows in a regulated environment. Understanding the failure modes of AI-generated code and how to guardrail them.
• Experience with progressive delivery patterns: canary, blue/green, feature flags, automated rollback.
• Familiarity with CJIS or other public-sector compliance frameworks beyond SOC 2.
• Workloads spanning cloud, edge, and embedded contexts. Comfort with the operational realities of fielded hardware.
• Relevant certifications: AWS (e.g., Solutions Architect, DevOps Engineer Professional, Security Specialty) or Kubernetes (CKA, CKAD, or CKS).
• Prior experience in a regulated or mission-critical industry: public safety, transportation, fintech, healthcare, or defense.

Rekor is an equal opportunity employer M/F/D/V. It is the policy of Rekor Systems not to discriminate or allow the harassment of employees or applicants on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected veteran status, or any other characteristic protected by law in all employment practices. Rekor Systems’ Executive Leadership Team is fully committed to the principles of equal employment opportunity and affirmative action and supports the successful implementation of the Company’s Affirmative Action Programs.