Senior Go Developer — Legacy Codebase Audit (Insurtech)

About the project

We're preparing to rebuild an inherited Go microservices codebase for an insurtech client (US market). The code was written by a previous team and handed over "as is." Before we commit to refactoring or rewriting, we need an independent technical audit from an experienced Go developer. Your report will drive the per-service decision: accept as-is, refactor, or rewrite.

Scope

Audit ~11 Go repositories (microservices + shared SDK/utils modules) across four dimensions:

1. Security — vulnerabilities, hardcoded secrets, dependencies with known CVEs, service-to-service auth.
2. Code quality — architecture, technical debt, error handling, test coverage, idiomatic Go.
3. Performance — goroutine/resource leaks, DB usage (N+1, pooling, timeouts, transactions), context handling.
4. Readiness for handover — how maintainable the code is for a new team (docs, CI/CD, migrations, bus factor).

Stack: Go 1.17 and 1.20 (both EOL — upgrade will be a separate recommendation), gRPC, Kong API Gateway, protobuf contracts, a dedicated secrets service, microservices architecture.

Toolchain: go vet, staticcheck, golangci-lint, gosec, govulncheck, osv-scanner, go test -cover -race — automated pass plus manual review of security-critical paths and architecture.

Deliverables

1. Audit report (markdown) — findings by severity (Critical/High/Medium/Low/Info), each with repo, file:line, impact, recommendation.
2. Readiness matrix per service (security / quality / tests / performance / readiness).
3. Executive summary — top risks and a strategy recommendation (accept / refactor / rewrite) per service.

You

• 5+ years of production Go.
• Real experience auditing or deep-reviewing large, unfamiliar codebases.
• Confident with Go static analyzers and vulnerability scanners.
• Solid on microservices, gRPC, and DB work.
• Write clear, prioritized reports — interpretation, not raw tool output.
• Self-directed: we provide the spec and access, you deliver without hand-holding.

Nice to have: fintech/insurtech background, EOL Go migration experience, Kong/protobuf familiarity.