About the role
You will own the Client Portal(s), the production environment that our clients, from major carbon credit registries to Environmental Project Developers, use to digitize methodologies and run verification workflows on the Hedera network. It is built on the open-source Hedera Guardian platform and our managed Guardian service. You will be the primary engineer keeping it current with upstream Guardian, building client-specific features, and operating it across development, UAT, and production.
This is a hands-on, full-ownership role. You will work across the entire stack: Angular front end, NestJS microservices, authentication, blockchain integration, and the CI/CD and cloud infrastructure that ships it all.
What you will work on
- Build and maintain the Angular portal: complex reactive forms, schema-driven document workflows, comparison views, large-document rendering (Monaco editor), and a polished, branded UI.
- Develop and extend NestJS backend microservices that talk over a NATS message bus and persist to MongoDB.
- Integrate and maintain enterprise authentication: Azure AD B2C / MSAL single sign-on, token lifecycle, automated user provisioning, and HashiCorp Vault for secrets.
- Periodically merge upstream Hedera Guardian releases into our fork, resolving non-trivial conflicts and keeping the portal current (most recently moving the platform up four minor versions in a single sync).
- Work with Hedera Hashgraph (SDK, Guardian Policy Workflow Engine, Verifiable Credentials, IPFS document storage) to support real carbon credit methodologies.
- Own deployment: Docker / docker-compose, Kubernetes manifests, Terraform, and Azure CI/CD pipelines across three environments.
- Build out automated test coverage, which is early-stage today.
Must-have skills
- 5+ years full-stack engineering, with deep TypeScript across both front end and back end.
- Angular (strong: RxJS, reactive forms, Angular Material, SCSS, component architecture). This is the largest part of the codebase.
- NestJS or a comparable Node.js backend framework, in a microservices architecture.
- MongoDB and message-broker-based service communication (NATS, RabbitMQ, Kafka, or similar).
- Docker and container-based deployment; comfortable operating a multi-service application.
- Real experience integrating OAuth/OIDC SSO (Azure AD B2C / MSAL strongly preferred) and reasoning about tokens, sessions, and auth edge cases.
- Able to work independently and own a production system end to end, including reading and merging a large unfamiliar upstream codebase.
Strongly preferred
- Hedera, Hedera Guardian, or other DLT / blockchain experience; familiarity with Verifiable Credentials / decentralized identity.
- Kubernetes, Terraform, and Azure (App Service, B2C) for infrastructure and deployment.
- IPFS or decentralized storage.
- Solidity / smart contracts (the platform includes on-chain contracts).
- Experience working in a fork of a fast-moving open-source project and managing the merge/upgrade cadence.
Nice to have
- Domain knowledge in ESG, carbon markets, dMRV (digital Measurement, Reporting, Verification), or environmental registries.
- Redis, Grafana/Prometheus observability, k6/JMeter load testing.
- Prior experience as the sole or lead maintainer of a customer-facing product.
What makes someone successful here
This is a wide-surface, low-headcount role. The right person is a strong generalist who is comfortable being the one who understands the whole system, from a CSS bug in a nested form to an Azure B2C token race to an upstream platform merge conflict. They should be self-directed, good at reverse-engineering undocumented code, and calm about owning production.