About the company
Predictive Cloud Ltd, offering Predbat (predbat.com), is a fast-growing home battery and solar energy optimisation platform. Predbat originated as an open-source project before being commercialised, and today helps hundreds of home battery and solar owners automatically optimise their energy usage, storage, and export decisions to save money and reduce carbon impact. We're growing our SaaS platform and infrastructure, and are looking for an experienced SRE engineer to assess and harden our systems across infrastructure-as-code, security, observability, and our Supabase-based backend.
Infrastructure Assessment and Hardening
Deliverable 1: Terraform Assessment and Improvement
Objective: Assess the existing Terraform infrastructure-as-code for the PredBat SaaS platform and implement improvements.
Scope:
- Review current Terraform codebase (src/predbat-saas-tf/) for structure, modularity, and best practices
- Refactor into well-defined, reusable modules where appropriate
- Ensure proper state management, locking, and backend configuration
- Add comprehensive documentation (README per module, variable descriptions, example usage)
- Implement or improve CI/CD validation (terraform fmt, validate, plan in PR pipelines)
- Produce a written assessment report with recommendations and prioritised actions
Acceptance Criteria:
- Terraform modules are self-contained with documented inputs/outputs
- terraform plan runs cleanly across all environments
- Assessment report delivered and reviewed
Deliverable 2: Security Assessment and Hardening
Objective: Assess the security posture of the PredBat SaaS platform and implement measures to strengthen it.
Scope:
- Review Kubernetes cluster security (RBAC, network policies, pod security standards)
- Assess secret management practices (SOPS/age encryption, Supabase secrets)
- Review ingress/egress rules and TLS configuration
- Assess container image security (base images, vulnerability scanning)
- Review authentication and authorisation flows (Supabase Auth, API keys)
- Assess CI/CD pipeline security (GitHub Actions, dependency management)
- Implement priority remediation measures
- Produce a security assessment report with findings categorised by severity (Critical/High/Medium/Low)
Acceptance Criteria:
- Security report delivered with clear findings and remediation plan
- Critical and High severity items remediated or mitigated
- Security scanning integrated into CI/CD where appropriate
Deliverable 3: Observability, Monitoring, and Alerting
Objective: Assess and improve the monitoring, alerting, and observability stack for the platform.
Scope:
- Review current Grafana Alloy / monitoring stack configuration
- Assess alert coverage and quality (signal-to-noise ratio, actionability)
- Identify monitoring gaps across infrastructure, application, and business metrics
- Implement or improve dashboards for key operational metrics
- Configure meaningful alerts with appropriate thresholds and escalation
- Ensure log aggregation covers all critical services
- Document runbooks for key alert scenarios
- Produce an observability maturity assessment with recommendations
Acceptance Criteria:
- Key services have dashboard coverage
- Critical failure scenarios have actionable alerts
- Runbooks documented for high-priority alerts
- Assessment report delivered
Deliverable 4: Supabase Assessment, Cost Monitoring, and Reporting
Objective: Assess the Supabase deployment, monitor costs, and produce recommendations for optimisation or migration.
Scope:
- Assess current Supabase usage patterns (database, auth, edge functions, storage, realtime)
- Analyse cost breakdown and identify optimisation opportunities
- Evaluate migration options if applicable (self-hosted Supabase, alternative platforms)
- Produce cost reports with trend analysis and projections
- Recommend cost controls, usage quotas, or architectural changes to manage spend
- Assess database performance (query patterns, indexing, connection pooling)
- Document findings and recommendations
Acceptance Criteria:
- Cost report delivered with breakdown by service and projections
- Optimisation recommendations documented with estimated savings
- Migration assessment (if applicable) with risk/benefit analysis
- Database performance recommendations delivered
Pay: £25.00-£50.00 per hour
Work Location: Remote