Java Full Stack Developer

About the company

BT Group is one of the UK’s leading communications organisations and serves as the parent company for brands such as BT, EE, Openreach, and Plusnet. Its mission is to connect people and businesses in a meaningful way. The company supports consumers, small and large businesses, public sector organisations, and other communications providers.

The broader group focuses on strategic direction, value creation, operational simplification, and the use of technology and AI to improve how work gets done and to support sustainable growth. BT Group’s culture is built around being customer-first challengers who are committed, clear, and connected.

Working here means being part of a business that plays an important role in the UK, with the chance to influence decisions and help shape the future of a major company.

Role overview

This position is centered on designing, building, and taking ownership of the core business-logic services within the Cognium platform. These services manage critical platform functions such as agent definition, user access, pricing, and compliance. Although they are not part of the platform’s fastest execution path, they act as the source of truth for the entire system. Errors in these services can affect every downstream invocation, so the role involves work in a highly sensitive enterprise data environment.

Design and development responsibilities

• Create and maintain RESTful and gRPC APIs for services including Agent Registry, Workspace Manager, Policy Manager, and Cost Manager using domain-driven design practices.
• Build the Cedar policy integration layer by converting business rules into Cedar-based ABAC/RBAC expressions, adding a dry-run simulator endpoint, and handling policy versioning with rollback support.
• Develop SCIM 2.0 endpoints for Azure AD user and group provisioning, including idempotent upsert behaviour and reconciliation workflows.
• Implement event-sourced audit log producers so that each state change emits a Kafka event with SHA-256 hash-chain continuation for tamper-resistant tracking.
• Build agent lifecycle state enforcement in the Agent Registry with Cedar-protected transitions across Draft, Validated, Staged, Active, Deprecated, and Archived states, while preserving complete transition history.
• Create cost attribution consumers that read Kafka cost events, calculate micropence-level allocation across the org, workspace, team, agent, and invocation hierarchy, and store results in ClickHouse.
• Develop NATS JetStream consumers for near real-time policy invalidation so that Cedar cache flushes are propagated across the platform within 5 seconds of any policy update.
• Prepare unit, integration, and contract test coverage for all API surfaces, targeting 80% unit test coverage and using Testcontainers for integration testing.

Data, persistence, and architecture

• Design PostgreSQL schemas with row-level security to support multi-tenant isolation, ensuring all entities are scoped by org_id and workspace_id.
• Write CockroachDB-compatible SQL for globally consistent metadata such as agent manifests, Cedar policies, and IAM records.
• Implement Redis-based distributed locking and caching for budget enforcement counters using atomic INCR operations, along with prompt cache management.
• Develop ClickHouse queries for cost rollups, RAGAS evaluation trends, and audit log search.
• Apply domain-driven design concepts such as bounded contexts, aggregates, repositories, domain events, and anti-corruption layers.
• Use event sourcing patterns including event store design, replay, snapshotting, and eventual consistency handling.
• Apply CQRS to separate commands and queries, and build read-model projections from Kafka event streams.
• Design APIs with REST resource modelling, OpenAPI 3.x spec-first development, versioning, and backward compatibility in mind.
• Implement gRPC services with Protobuf schema design, server/client streaming, interceptors, and error propagation handling.
• Support distributed workflows using saga patterns with compensating actions and outbox-based event publishing.

Security, integration, and platform work

• Integrate Spring Security with JWT validation for Keycloak-issued tokens and Cedar policy checks on every protected endpoint.
• Build an Azure AD SCIM 2.0 webhook receiver with signature validation, idempotency controls, and retry management.
• Create a Vault dynamic secret client that requests tool credentials at runtime and handles lease renewal and rotation without restarting pods.
• Enforce data residency by ensuring workspace region tags influence downstream LLM routing and storage decisions through Cedar conditions.
• Work with messaging and streaming technologies including Kafka, NATS JetStream, and Redis pub/sub and key-value cache behaviour.
• Support observability through Micrometer metrics, histogram percentiles, and Dynatrace OTLP export.

Technical requirements

• Strong hands-on experience with Java 17 or newer, including records, sealed classes, virtual threads, and structured concurrency.
• Practical experience with Spring Boot 3.x, including Spring Data JPA, Spring Security, Spring AMQP, and Spring Batch.
• Solid knowledge of JPA and Hibernate, especially multi-tenancy approaches, discriminator columns, schema-per-tenant setups, entity graphs, and query tuning.
• Comfort working with Maven or Gradle in multi-module builds with reproducible dependency management.
• Experience using Testcontainers to validate applications against live PostgreSQL, CockroachDB, Redis, and Kafka instances.
• Understanding of distributed messaging, streaming, caching, and locking patterns.
• Familiarity with PostgreSQL 16, CockroachDB, Neo4j, and ClickHouse for transactional and analytical workloads.
• Knowledge of API and protocol design for REST, gRPC, WebSocket, and SSE-based systems.

Additional technical expectations

• Ability to build secure, multi-tenant enterprise services with strong consistency and auditability.
• Experience designing resilient integrations, idempotent workflows, and event-driven systems.
• Comfort with platform-scale architecture where business logic is treated as the system of record.
• Ability to write clear, maintainable code and create robust automated test coverage.

Eligibility

Any graduate can apply.

Important note

The role details indicate Bangalore as the professional location. No salary, stipend, joining date, duration, or vacancy count has been specified in the source.