Cox Automotive’s Engineering & Technology organization is building a centralized Enterprise AI Integration Platform — the governed infrastructure layer that allows every team in the organization to connect AI agents (Claude, Copilot Studio, Claude Code) to enterprise data sources in a secure, observable, and self-service way. This Senior Platform Engineer will own the technical implementation of that platform: the central AI gateway server, the on-demand connector provisioning engine, the identity-driven session layer, and the observability stack that gives the organization full visibility into every AI tool call made against production data.
This is one of a small number of roles at Cox Automotive working at the intersection of enterprise infrastructure engineering and Model Context Protocol (MCP) — the protocol rapidly becoming the standard interface between AI agents and enterprise systems. The work is novel, the surface area is broad, and the organizational impact is significant.
What You'll Do:
- Design, implement, and optimize the central AI Gateway MCP server — the single governed endpoint through which all AI client connections route, built on FastAPI + uvicorn for high-concurrency enterprise workloads
- Build and maintain the Redis ElastiCache session layer that binds Microsoft Entra identity to role-resolved MCP tool sets, including token lifecycle management, sliding TTL extension, per-user quota enforcement, and distributed rate limiting
- Implement the on-demand connector provisioning engine — a system that provisions compute containers with enterprise client drivers, establishes VPC-internal network paths, and retrieves credentials from AWS Secrets Manager automatically when a user’s AI agent declares intent to access a data source
- Build enterprise system connectors as MCP tool sets: Oracle DB, SharePoint Graph API, Rally, ServiceNow, and a vendor connector approval pipeline with ECR container image scanning and an Aurora-backed connector registry
- Implement comprehensive automated testing: unit, integration, load testing (1,000+ concurrent users), and chaos testing for connector fault tolerance
- Build and maintain the full observability stack: structured logging, Prometheus metrics, Kinesis Firehose → OpenSearch indexing, and Grafana dashboards for per-user, per-tool, per-session audit trails
- Design and implement CI/CD pipelines for all platform components via GitHub Actions, with automated container image builds, ECS task definition updates, and blue/green deployments
- Own security controls: Entra OIDC token validation, PII masking on all tool responses, WAF rule management, Secrets Manager integration with autorotation, and OWASP-aligned secure API design
- Maintain and extend the existing Snowflake MCP codebase that forms the foundation of the platform, including session management, RBAC, PII masking, configuration management, and secrets integration modules
- Develop troubleshooting and diagnostic tools for production support
- Create documentation, runbooks, and operational playbooks for platform support and maintenance
Who You Are:
Minimum Requirements:
- Bachelor’s degree in a related discipline and 4 years’ experience in a related field. The right candidate could also have a different combination, such as a master’s degree and 2 years’ experience; a Ph.D. and up to 1 year of experience; or 16 years’ experience in a related field
- Python development (4+ years) with advanced async/await patterns, FastAPI, multiprocessing, and production performance optimization
- Model Context Protocol (MCP) — hands-on implementation experience with MCP servers, tool definitions, and client integration patterns; ability to read and extend the protocol specification independently
- AWS platform depth: ECS Fargate task lifecycle management, ElastiCache Redis (TLS, clustering, eviction policies), Secrets Manager, Route 53, ALB (sticky sessions, TLS termination), ECR, Aurora Postgres, SSM Parameter Store, CloudWatch, Kinesis Firehose
- Microsoft Entra ID / Azure AD integration: OIDC federation, group membership extraction via Graph API or JWT claims, RBAC pattern implementation
- Database integration and optimization: Oracle, PostgreSQL, Snowflake, SQL Server — including connection pooling, query optimization, and schema introspection
- Distributed systems patterns: circuit breakers, retry with exponential backoff, bulkhead isolation, Redis-backed distributed state, graceful degradation
- Container platform: Docker multi-stage builds, ECS task definitions, non-root container security, health endpoint implementation
- REST API security: JWT validation, rate limiting, input validation, PII detection and masking
- Observability: structured JSON logging, Prometheus client instrumentation, distributed tracing concepts, CloudWatch Logs Insights
- Version control and CI/CD (Git, GitHub Actions, automated testing pipelines)
Preferred Experience
- High-concurrency MCP server development with proven experience supporting enterprise-scale concurrent sessions
- Snowflake advanced optimization: warehouse sizing, query profiling, result caching, role-based access patterns
- Infrastructure-as-code with Terraform for AWS resource provisioning
- On-demand infrastructure provisioning: ephemeral container lifecycle, VPC-internal networking, dynamic credential injection
- Redis advanced patterns: sliding window rate limiting, distributed quota enforcement, pub/sub for session events
- Enterprise compliance: audit logging design, data governance patterns, OWASP Top 10 remediation
- Experience working with AI/LLM platforms, agentic frameworks, or AI developer tooling
- Familiarity with the MCP ecosystem: Anthropic Claude integration, MCP client patterns in Claude.ai, Claude Code, or Copilot Studio
- Security best practices including OWASP guidelines and secure coding practices
- DevOps experience including infrastructure automation and deployment strategies
Drug Testing:
To be employed in this role, you'll need to clear a pre-employment drug test. Cox Automotive does not currently administer a pre-employment drug test for marijuana for this position. However, we are a drug-free workplace, so the possession, use or being under the influence of drugs illegal under federal or state law during work hours, on company property and/or in company vehicles is prohibited.
Compensation:
Compensation includes a base salary in the range of $101,500.00 - $169,100.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company’s needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
EOE, including disability/vets
