Contract SRE / Platform Engineer — (GitHub, Datadog, ServiceNow, Jira, CircleCI, Jenkins)
Költségvetés: $10.0 - $15.0
HOURLY / PART_TIME
⭐ 4.96 (34)
United States
devops, jenkins, git, cicd
What this is
We're a seed-stage company building cryptographic incident-evidence infrastructure for regulated firms. Our product connects to a customer's existing stack — source control, monitoring, deployment pipelines, and delivery destinations like ServiceNow and Jira — and produces signed receipts attributing incidents to code changes.
Our biggest risk isn't the application UI. It's the moment our Connections layer meets a real vendor system — where a correlation field is named something we didn't expect, a workflow got renamed, a webhook secret rotated, or a squash-merge changed which commit SHA shows up. Each of our integrations ships with a "validate this against the customer's actual system before go-live" step. We want that validation done once, by you, before a customer does it for us.
What you'll do
Stand up the real constellation — your own sandboxes, not mocks:
A GitHub org with real repos, PRs, squash/rebase/merge-commit histories, and Actions workflows
A Datadog trial (and/or Sentry) emitting real alerts
A ServiceNow developer instance and a Jira/JSM sandbox
CircleCI and a Jenkins box you control
A Slack workspace and webhook/email endpoints
Then run every connect flow, correlation match, and go-live step as an adversarial customer — someone who does the slightly-wrong, entirely-realistic thing:
Point a connection at the wrong correlation field, a field that exists but isn't populated, or one populated inconsistently
Rename a workflow / environment after connecting and confirm the system surfaces it instead of silently guessing
Rotate a signing secret mid-stream and verify the rotation-overlap behaves and old signatures stop verifying
Push squash merges and confirm deploy events still join to the right change (or land "unlinked" honestly, never guessed)
Send unsigned, replayed, malformed, and stale webhook deliveries and confirm they're rejected and logged, never acted on
Drive the correlation matcher toward zero / ambiguous / wrong-tenant matches and confirm it attaches to the right ticket or none
Confirm every "source reads Live only after a real event" and "read-only, never writes back" claim actually holds against the live vendor
Deliverable
A findings report an engineer can act on: environment setups documented (so we can reproduce them), each behavior verified or flagged, with repro steps, the vendor-side configuration that triggered it, and severity — weighted toward anything where we'd attach to the wrong record, trust an unverified event, or write back to a system we promised we'd only read.
You're a strong fit if you
Work as an SRE / platform / DevOps engineer and have wired up these systems for real — webhooks, OAuth apps, CI/CD pipelines, ServiceNow/Jira integrations
Are comfortable spinning up and configuring vendor sandboxes independently, from their docs
Think like an operator who's seen integrations break in production — you know the difference between "works in the demo" and "works on a customer's actual Jenkins with their quoting and their agents"
Can script harnesses (bash/Python) to generate events, sign payloads, and replay traffic
Bonus: exposure to HMAC/webhook signing, correlation/matching logic, or regulated-industry change-management (ServiceNow/JSM in anger)
Not a fit if you're primarily an app QA tester (we have that role separately), need the environments handed to you pre-built, or want an advisory/architecture engagement — this is hands-on-keyboard integration testing.
To apply
Skip the generic pitch. In under a page, tell us:
An integration you've built or operated that broke in a way that only showed up against the real vendor system — what the gap was between "worked in staging" and "worked in production," and how you'd have caught it earlier.
Which of the systems above you can stand up yourself, and roughly how fast.
Strong applicants move to a short paid trial: stand up one integration (your choice from our stack) against a real sandbox, run the connect + go-live flow, and send us the findings. Two hours of real work tells us more than any interview.
Megnyitás Upworkön