Senior Python Backend Developer

1. Role and tech stack

We are seeking a Senior Python Backend Developer to design and build a configurable management and GRC (Governance, Risk and Compliance) platform aimed at banks, financial institutions, and large enterprises. The platform is a microservices system: an API Gateway for routing and authentication, an Identity and Access Management service, and a Core service that hosts a set of generic, customer-configurable object types and dimensions, so a customer can map the platform to their own domain (risks, incidents, controls, policies, assets, and so on) without any custom development. The expected stack is Django and FastAPI (both), PostgreSQL 17 as the database, SQLAlchemy 2 async or the Django ORM for data access, Pydantic v2 for DTOs and validation, and JWT (RS256) for tokens. A thin reverse-proxy or gateway layer is required for cross-service routing and identity propagation.

2. Authentication, security and gateway-trust architecture

Deep authentication experience is required: RS256 JWT issuance and validation, short-lived access tokens with single-use refresh-token rotation, server-side session revocation, secure cookie handling (HttpOnly, Secure, SameSite=Strict), and gateway-trust architectures where the Gateway validates a JWT once at the edge and forwards trusted identity headers to downstream services. You must understand defense-in-depth: header-injection prevention, CR/LF sanitization on every forwarded value, optimistic concurrency via record-version checks, ORM-parameterised SQL only, fixed-window rate limiting on sensitive endpoints, constant-time secret comparisons, and structured audit logging that never leaks stack traces. Familiarity with OAuth2 / OIDC and the OWASP Top 10 is expected. The platform must be defensible to a bank auditor.

3. Clean code, robust patterns and PostgreSQL expertise

Clean code is non-negotiable. We expect SOLID principles, dependency-injection patterns (FastAPI Depends or Django app composition), strict separation of concerns (controller / service / repository), comprehensive type hints under Python 3.12+, Pydantic v2 for request and response DTOs, async / await throughout the request path, and tight error-handling middleware that maps exceptions to safe HTTP responses. Strong PostgreSQL expertise is required: SCD Type 2 (Slowly Changing Dimension) live + history tables, composite primary keys, sequence-generated identifiers, multi-statement transactions, advisory locks, savepoints, and full audit-trail patterns with per-change reason records. The codebase must be defensive: input validation at every boundary, explicit invariant checks (fail loudly when schema state looks corrupt rather than papering over it), and zero tolerance for SQL string concatenation or untrusted-input interpolation.

4. Domain awareness, collaboration and quality

GRC domain awareness is a strong plus. Bank auditors will scrutinise the audit trail, version history, optimistic-concurrency behaviour, and compliance flows you build, so every data-changing operation must be traceable end-to-end. You will collaborate closely with a senior architect; every design decision is recorded in markdown notes, every API contract is locked before code is written, and every PR description states what changed and why. A test-driven mindset is expected: unit tests for pure logic, integration tests against a real PostgreSQL instance, and self-audits in a structured red-team style with severity-ranked findings (critical / high / medium / low). Strong written communication, ability to push back on under-specified requirements, and willingness to revisit your own code with a security-auditor mindset round out the profile.

Pay: Rs200,000.00 - Rs300,000.00 per month

Work Location: In person