Angebot: 46785 - KU - Senior IT Architect – On-Prem Data Acquisition Platform (Backend, Security, APIs) - parttime

Projektbeschreibung

 für nachfolgende Tätigkeit suchen wir 1 Bewerber mit folgenden Qualifikationen - vielleicht wären Sie dafür verfügbar oder können eine Empfehlung aussprechen:

Mit der Nutzung der männlichen Form des Wortes „Berater / Entwickler etc.“ sind alle Geschlechtsformen weiblich/männlich/divers gemeint

Mit dieser Anfrage suchen wir einen Senior IT Architect – On-Prem Data Acquisition Platform (Backend, Security, APIs)

Bitte beachten Sie, dass nur sozialversicherungspflichtige Angestellte oder Nearshore Ressourcen berücksichtigt werden können (Kundenanforderung!!!)

Abgabefrist: 28.01. - 10:00 Uhr

Tätigkeit:

Project Description

o Architecture engagement to define and validate a modern frontend/backend architecture for an on-premise data acquisition and control platform.

o Scope: on-premise, isolated network deployment using services such as Docker, Nomad, Consul and Ansible (without Kubernetes), compatible with future multi-node clusters.

o Design of an end-to-end architecture for Modbus and non-Modbus data ingestion, transformation, storage (e.g. InfluxDB v3 and Postgres or comparable time-series and relational databases) and exposure via APIs and web frontend.

o Definition of the target backend application architecture and its logical building blocks (e.g. device IO, transformation, configuration, gateway/API), with clear responsibilities and boundaries, and the option to realise these either within a single modular backend service or as a small set of services as the platform evolves.

o Design of the API layer (REST), including resource model, versioning strategy, error model and contract governance.

o Design of the authentication and authorization model, integrating LDAP/OpenLDAP and a dedicated identity provider (e.g. Keycloak or a similar IdP) using OpenID Connect for user authentication and OAuth2 access tokens for API and service-to-service authorization.

o Definition of RBAC and authorization concepts for operators, admins, partners and technical services, including role/permission matrix and token/claims usage.

o Specification of secure credential and secrets management: tools such as Ansible Vault, certificates/PKI, Modbus credentials, database credentials and API tokens.

o Definition of the data model and persistence strategy across time-series and relational data stores (e.g. InfluxDB v3 and Postgres or comparable systems).

o Development of a target deployment and infrastructure architecture that starts with a single-node dev/lab PoC on one on-prem server and can grow to a small on-prem cluster for the backend application and databases.

o Evaluation and, where appropriate, introduction of container orchestration tooling (e.g. Nomad or similar) as well as service discovery and, if multiple services are introduced, service-mesh tooling (e.g. Consul/Consul Connect).

o Design of an observability concept: metrics, logging, tracing, dashboards and alerts across backend, frontend, databases and platform, using tools such as Prometheus, Grafana, Alertmanager and a logging stack.

o Delivery of a refined, consistent set of architecture documents, decision records and an implementation roadmap aligned with the internal stepwise implementation plan.

Job Description

The external consultant takes on the following tasks within the project, which are carried out independently:

o Facilitate workshops with stakeholders (engineering, operations, security) to clarify requirements and constraints for the new architecture.

o Derive and document the target logical decomposition of the backend (device IO, transformation, configuration, gateway/API) and key workflows (read/write cycles, scheduling, backpressure, retries), regardless of whether these are implemented in one backend deployment or in several services.

o Design API contracts and the resource model for operators, external systems and internal callers; capture these in OpenAPI and architecture diagrams.

o Define end-to-end authentication and authorization flows, including integration with LDAP/OpenLDAP and Keycloak (or an equivalent IdP), OpenID Connect login flows for end users, and OAuth2-based access tokens for API and service-to-service calls.

o Design secrets and certificate management based on tools such as Ansible Vault and existing PKI processes; define rotation and audit requirements.

o Specify the data model for devices, registers, measurements, configuration, alarms and historical events, and map it to appropriate time-series and relational databases (e.g. InfluxDB v3 and Postgres or comparable systems).

o Define deployment topology and evolution path: from a single-node dev/lab PoC on one on-prem server to a small on-prem cluster for the backend application and databases (for example using container orchestration tooling such as Nomad, or similar), with the option to add service discovery and, if multiple services are introduced, service-mesh capabilities (e.g. Consul/Consul Connect).

o Define non-functional requirements and architecture tactics for resilience, failover, backup/restore and scaling strategies for critical backend components and databases.

o Design an observability baseline including metrics, logging, tracing and standard dashboards, with clear expectations for what backend and frontend must expose.

o Propose a test and quality strategy at architecture level (test pyramid, integration and E2E scenarios, migration validation).

o Produce and maintain key architecture artefacts: architecture overview, cluster diagrams, architecture decision records and a refined stepwise implementation roadmap, including decisions and options around single-service vs multi-service backend deployment.

o Provide guidance and guardrails for developers: coding and architecture patterns, module/service boundaries, error handling and API standards.

o Identify technical and delivery risks (e.g. auth complexity, module boundaries, observability gaps) and document mitigations.

Stundensatzvorgabe:

Conditions: The consultant should be based within 100km of Essen and be available to work onsite at the client on request.

Skills

o Strong experience as Solution or Software Architect for on-prem, backend-heavy systems (data platforms or industrial/OT integrations).

o Deep understanding of modular backend architectures and API design, including versioning, error models and contract management.

o Experience designing architectures around containerised workloads using Nomad and Consul (or similar orchestrators/service discovery tools), both for single-service backends and for small sets of cooperating services.

o Solid knowledge of authentication and authorization: LDAP/OpenLDAP integration, Keycloak or similar IdPs with OpenID Connect and OAuth2, RBAC design and token/claims-based access control.

o Experience designing security and secrets management in on-prem environments, including TLS/mTLS, PKI concepts and tools such as Ansible Vault or equivalent.

o Familiarity with time-series and relational databases (e.g. InfluxDB v3 and Postgres or comparable systems), including backup/restore and data modelling for telemetry and configuration.

o Understanding of observability practices and tooling (e.g. Prometheus, Grafana, Alertmanager, logging stacks, distributed tracing concepts).

o Ability to write clear architecture documentation, decision records and diagrams.

o Excellent communication and facilitation skills for workshops and stakeholder alignment.

o Experience with industrial protocols (Modbus) and edge/OT data scenarios is a strong plus.

o Experience with on-premise deployments in isolated networks.

o Language: English, German is a plus.

Auslastung:

100 Std. München

300 Std. Remote

Honorar:

1. € 75,00 - 95,00 ai / Std. bei Remote - bitte verraten Sie uns zu welchem Honorar wir Sie anbieten dürfen

bei vor Ort werden € 17,00 / Std. ad on gezahlt

Zahlungsziel:

30 Tage

Sonstiges

Beginn

01.02.2026

Laufzeit / Ende

31.12.2026

Ort

300 Std. Remote, 100 Std. Münchenc