Senior Platform Engineer

About Maria Health

Maria Health is the Philippines first online HMO broker. We help over 1,000 small businesses take care of more than 20,000 employees — making sure their HMO actually works the day they need it.

The industry we operate in still runs on email threads, Excel files, and PDFs that get re-typed by hand at three different companies before someone can see a doctor. When that breaks, real people get hurt. A new employee shows up to a clinic and isn't in the system. A parent waits weeks for a card. A finance team chases a renewal quote that should have taken a day.

We're building the platform that ends that.

We hold a broker license from the Insurance Commission of the Philippines, and our investors include Wavermaker, Hustle Fund, Gobi Ventures & Insular Life — one of the country's largest insurers, with a seat on our board. Compliance, security, and audit-readiness aren't afterthoughts; they're the product.

About the Role

As a Senior Platform Engineer, you will be instrumental in bringing AI into HMO operations through the platform we're building. You'll partner with the Product Lead and Application Engineer to translate the architectural direction into a working system, refining engineering decisions as the platform meets real conditions. This is the core engineering role on a small team where what you build defines what the platform becomes.

Scope of Work

• Own the AWS infrastructure that the platform runs on — architect, build, deploy, and operate it end to end
• Design the workflow orchestration that ties multi-step transactions together, operate the Bedrock services that power the AI workloads, and manage the database, edge, and deployment layers underneath
• Tune the platform for cost, secure it against breach and misuse, monitor it across every layer, troubleshoot issues that span the stack, and make sure it can be audited and understood by whoever needs to review it later
• Work with the Application Engineer and Product Lead to build infrastructure that is scalable, observable, and ready to support new workflows as the platform grows

Responsibilities

• Provision and maintain AWS infrastructure (compute, storage, networking, security)
• Build and operate the data ingestion pipeline from insurer sources into the platform
• Author and maintain Step Functions workflows that orchestrate the platform's transactional processes
• Set up CI/CD pipelines so application code can deploy reliably
• Configure logging, monitoring, and alerting across all services
• Manage infrastructure cost and right-size resources as usage grows
• Harden the environment: network isolation, encryption at rest and in transit, access control
• Design and test backup and disaster recovery procedures for production data (RDS, S3, knowledge base vector stores)
• Make the system auditable and well-documented: maintain access logs, evidence collection, and security control documentation that any future security engineer, internal reviewer, or external regulator can readily consume
• Partner with the Product Lead on architecture decisions, weighing trade-offs between AWS services, model choices, and orchestration patterns, and flag infrastructure constraints early in product planning
• Partner with the Application Engineer on what the platform exposes — defining the interfaces, environments, and deployment paths the application layer relies on, and agreeing on conventions for environment variables, secrets handling, logging, and error reporting
• Document the platform for the team: keep architecture diagrams, runbooks, and infrastructure decisions current so the Product Lead can plan and the Application Engineer can self-serve common operations
• Respond to infrastructure incidents within agreed response windows

Must-Haves

• 5+ years in platform engineering, DevOps, SRE, or backend infrastructure — with real ownership of an AWS environment, not just contributing to one
• Hands-on AWS in production: Lambda, Step Functions, S3, RDS, API Gateway, VPC, IAM, KMS, Secrets Manager
• Step Functions experience — multi-step workflows with retries, error handling, and human approval steps
• Amazon Bedrock in production — Knowledge Bases, Guardrails, Agents, Evaluations, batch inference
• A working understanding of LLM patterns: RAG, tool use, guardrails, agents
• PostgreSQL on RDS as an operator — backups, point-in-time recovery, tuning, failover
• Disaster recovery you've actually run, not just designed
• Docker, CI/CD (GitHub Actions or CodePipeline), and Cloudflare at the edge
• Security and observability as defaults — encryption, least-privilege IAM, structured logging, CloudWatch
• The instinct to keep cloud spend honest — right-sizing, batch scheduling, prompt caching
• Comfort with audit tooling — CloudTrail, AWS Config, IAM Access Analyzer

Preferred Skills

• Infrastructure as Code for reproducible environments, change tracking, and audit traceability
• Incident response practices: runbooks for handling outages, and blameless post-incident reviews to capture lessons and prevent recurrence
• Operational practices for AI workloads: automated quality checks on AI outputs, visibility into what the AI is doing in production, version control for prompts, and dashboards tracking token usage and cost
• Familiarity with other technologies and frameworks beyond the current stack, for evaluating future additions as the platform evolves

Compensation & Logistics

• ₱107,000–₱150,000/month, calibrated to experience
• Manila-based, hybrid
• Full HMO coverage, equipment, and conference budget