C4 Group

Data Acquisition and Control Platform Architect

C4 Group

contract

Posted on:

Location Type: Hybrid

Location: MünchenGermany

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AnsibleConsulDockerGrafanaKubernetesNode.jsPostgresPrometheusVault

About the role

  • Architecture engagement to define and validate a modern frontend/backend architecture for an on-premise data acquisition and control platform
  • Scope: on-premise, isolated network deployment using services such as Docker, Nomad, Consul and Ansible (without Kubernetes), compatible with future multi-node clusters
  • Design of an end-to-end architecture for Modbus and non-Modbus data ingestion, transformation, storage (e.g. InfluxDB v3 and Postgres or comparable time-series and relational databases) and exposure via APIs and web frontend
  • Definition of the target backend application architecture and its logical building blocks (e.g. device I/O, transformation, configuration, gateway/API), with clear responsibilities and boundaries
  • Design of the API layer (REST), including resource model, versioning strategy, error model and contract governance
  • Design of the authentication and authorization model, integrating LDAP/OpenLDAP and a dedicated identity provider (e.g. Keycloak) using OpenID Connect for user authentication and OAuth2 access tokens for API and service-to-service authorization
  • Definition of RBAC and authorization concepts for operators, admins, partners and technical services, including role/permission matrix and token/claims usage
  • Specification of secure credential and secrets management: tools such as Ansible Vault, certificates/PKI, Modbus credentials, database credentials and API tokens
  • Definition of the data model and persistence strategy across time-series and relational data stores
  • Development of a target deployment and infrastructure architecture that starts with a single-node dev/lab PoC and can grow to a small on-prem cluster
  • Evaluation and introduction of container orchestration tooling (e.g. Nomad) as well as service discovery and service-mesh tooling (e.g. Consul/Consul Connect)
  • Design of an observability concept: metrics, logging, tracing, dashboards and alerts using tools such as Prometheus, Grafana, and Alertmanager
  • Delivery of a refined, consistent set of architecture documents, decision records and an implementation roadmap

Requirements

  • Strong experience as a Solution or Software Architect for on-premise, backend-focused systems (data platforms or industrial/OT integrations)
  • Deep understanding of modular backend architectures and API design, including versioning, error models and contract management
  • Experience designing architectures around containerized workloads using Nomad and Consul (or similar orchestrators/service discovery tools)
  • Solid knowledge of authentication and authorization: LDAP/OpenLDAP integration, Keycloak (or similar IdPs) with OpenID Connect and OAuth2, RBAC design and token/claims-based access control
  • Experience designing security and secrets management in on-premise environments, including TLS/mTLS, PKI concepts and tools such as Ansible Vault
  • Familiarity with time-series and relational databases (e.g. InfluxDB v3 and Postgres), including backup/restore and data modelling
  • Understanding of observability practices and tooling (e.g. Prometheus, Grafana, Alertmanager, logging stacks, distributed tracing)
  • Ability to write clear architecture documentation, decision records and diagrams
  • Excellent communication and facilitation skills for workshops and stakeholder alignment
  • Experience with industrial protocols (Modbus) and edge/OT data scenarios is a strong plus
  • Experience with on-premise deployments in isolated networks
  • Language: English (fluent); German is a plus
Benefits
  • 300 hours remote
  • 100 hours on-site
  • 20 hours travel
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
API designbackend architecturedata modelingsecurity managementRBAC designcontainer orchestrationobservability practicesdata ingestiontransformationstorage
Soft Skills
communication skillsfacilitation skillsstakeholder alignmentdocumentation writing