Hands-On Senior Technical Lead & Software Architect

Posted 2 weeks ago

Worldwide

Summary

Python, PostgreSQL, Docker and Azure Portability We are seeking an exceptional, hands-on Senior Technical Lead and Software Architect to review, design, build and technically lead the implementation of a bounded operational-alpha application for a project owner-led project. This is not a review-only, advisory-only or oversight-only engagement. The selected professional will be accountable for translating an approved and frozen specification package into a functioning, tested, documented and portable application. The named Technical Lead must personally perform substantial architecture, code-review and implementation work, including the core backend, canonical data model, deterministic rules, evidence traceability, auditability, integration, automated testing and portability responsibilities. The application involves: • governed relational data • deterministic and version-controlled business rules • evidence traceability • reproducible calculations • auditable workflows • decision and authorization controls • controlled reporting • role-based access • complete audit history; and • portable deployment and restoration. The application must operate locally and remain portable across Microsoft Azure, other cloud providers, private infrastructure and future on-premises environments. The project must be built on its initial cloud-development environment, not permanently for that environment. This is not: • a generic dashboard project • a chatbot project • a cloud-migration-only assignment • a review-only architecture engagement; or • an engagement in which the named professional delegates the core work to junior personnel. The detailed application domain and confidential specifications will be disclosed to the selected candidate after execution of the required Non-Disclosure Agreement. Engagement Schedule This is a time-sensitive, fixed-price engagement. Immediate or near-immediate availability is strongly preferred. The complete operational-alpha application, technical package, independent-restoration evidence and migration-ready delivery must be completed no later than: July 17, 2026 Applicants who cannot realistically meet this date should not apply. Candidates must provide a credible milestone schedule covering: 1. specification review and implementation readiness 2. architecture and application foundation 3. canonical relational data model and migrations 4. functional application and deterministic-rule implementation 5. reporting, traceability and audit controls 6. automated testing and defect correction 7. portability and non-Azure restoration 8. technical documentation; and 9. final delivery and handover. Role Authority and Accountability The Senior Technical Lead will be the primary hands-on architecture, implementation and internal technical-review owner for the bounded operational-alpha build. The selected professional will: • review the complete frozen specification package before implementation • provide a concise written architecture and implementation-readiness assessment • identify genuine technical blockers, contradictions and material implementation risks • distinguish blocking defects from optional enhancements • validate and finalize the approved implementation architecture • translate frozen requirements into working source code, schemas, APIs, configurations, migrations, tests and deployment artifacts; • personally implement or materially contribute to the core application • critically review existing, personally written, AI-assisted and approved contributor code • remain accountable for technical integration across all approved components • prevent unauthorized redesign, architectural drift or scope expansion • maintain direct communication with the Founder throughout the engagement; and • deliver a complete, functioning and reproducible operational-alpha system. The Technical Lead may recommend narrowly scoped supporting assistance. No subcontractor or additional contributor may be used without prior written approval. Project owner authority remains final regarding product scope, frozen requirements, acceptance criteria, permitted dependencies, and authorized changes. Dual-Control Review Model The Senior Technical Lead is responsible for continuous architecture, code, integration and implementation review while personally building and technically leading the operational-alpha application. This responsibility includes reviewing: • the frozen specifications • architectural decisions • the canonical relational data model • repository organization • existing source code • personally created source code • AI-assisted source code • approved supporting contributions • database migrations • deterministic rules • dependencies • security controls • automated tests • technical documentation • deployment artifacts • portability evidence; and • final technical-delivery evidence. A separate independent QA/security reviewer will perform formal acceptance verification across: • source-code quality • secure configuration • deterministic-rule integrity • calculation reproducibility • evidence traceability • audit-history controls • automated testing • access controls • specification conformity • report accuracy • dependency and licensing risks • portability • restoration outside Azure; and • completeness of the final delivery package. The independent reviewer does not replace the Senior Technical Lead’s responsibility for implementation quality, completeness or correctness. The Technical Lead must: • cooperate fully with the independent reviewer • provide reproducible technical evidence • respond precisely to material findings • distinguish genuine defects from optional recommendations • correct implementation defects within the contracted scope; and • support independent reproduction of the application and test results. The Technical Lead may not solely self-certify final acceptance of the application. Final acceptance remains subject to Project owner approval following independent QA/security verification. Hands-On Implementation Responsibilities 1. Specification and Implementation-Readiness Review • Review the complete frozen specification package. • Confirm whether the specifications are implementable as written. • Identify material contradictions, omissions or technical blockers. • Distinguish implementation blockers from preferences or optional enhancements. • Produce a concise written readiness assessment. • Recommend only changes that are technically necessary. • Do not reopen frozen product decisions without a documented material reason and Founder authorization. 2. Architecture and Application Foundation • Validate and finalize the approved application architecture. • Establish the Project Owner-controlled repository structure. • Configure development, testing and delivery workflows. • Create the backend application foundation. • Establish API, domain, service, persistence and configuration layers. • Establish error-handling, logging and validation standards. • Document architectural decisions affecting portability, security, reproducibility or maintenance. • Ensure the application remains within the approved operational-alpha scope. 3. Python Application and API Implementation • Build the approved Python application architecture. • Implement APIs using FastAPI or an approved comparable framework. • Implement request and response validation. • Implement controlled configuration and environment handling. • Implement appropriate error handling and structured logging. • Create maintainable service, domain and persistence layers. • Prevent governed business logic from becoming improperly embedded in presentation or infrastructure layers. • Ensure deterministic functions behave consistently across supported environments. • Review and correct AI-assisted or contributor-created code before integration. 4. Canonical Relational Data Model • Implement the approved canonical relational data model in PostgreSQL. • Create schemas, constraints, indexes and integrity controls. • Implement SQLAlchemy models or approved equivalents. • Create complete Alembic migrations or approved equivalents. • Ensure database changes are versioned, reproducible and documented. • Preserve evidence lineage, ownership, source references, timestamps, decisions and audit history. • Prevent unauthorized or undocumented alteration of controlled records. • Implement migration and rollback controls where appropriate. 5. Deterministic Rules and Calculation Controls • Implement the approved deterministic business-rule logic. • Implement rule-pack identification and versioning. • Ensure identical approved inputs produce reproducible outputs. • Preserve the relationship among: o source evidence; o evidence version; o rule version; o calculation inputs; o calculation result; o authorized decision; and o report output. • Prevent unauthorized rule changes. • Record rule execution, overrides and applicable exceptions. • Implement tests proving calculation accuracy, version integrity and historical reproducibility. • Ensure no probabilistic or AI-generated output silently replaces governed deterministic logic. 6. Evidence Traceability and Auditability • Implement evidence-source and evidence-confidence records. • Preserve links among evidence, findings, calculations, decisions, owners, actions and reports. • Implement append-only or otherwise appropriately controlled audit-history mechanisms. • Record material changes, approvals, overrides, exceptions and reassessments. • Ensure historical results can be reproduced using the applicable data and rule versions. • Prevent silent alteration of controlled findings, decisions or outputs. • Clearly distinguish system-generated results from authorized human decisions. 7. Decision, Authorization and Workflow Controls • Implement approved ownership, review, decision, action, escalation and exception workflows. • Implement role-based access and authorization controls appropriate to the alpha. • Prevent unauthorized state changes. • Record approval, rejection, escalation, reassignment and reassessment events. • Preserve required decision history. • Ensure workflow states correspond accurately with governed backend records. 8. Controlled Reporting • Implement controlled report generation using the approved report-mapping specification. • Ensure all report values trace back to governed application records. • Prevent inconsistencies between stored calculations and displayed outputs. • Support approved controlled demonstration scenarios. • Clearly distinguish: o completed functionality o limitations o planned functionality; and o functionality not yet implemented. • Ensure reports cannot silently alter controlled scoring or evidence records. 9. Frontend and User Interaction Where included in the approved operational-alpha scope: • implement or technically lead the required React and TypeScript interface • integrate the interface with the governed API • ensure the frontend accurately represents backend states • prevent browser-side calculations from becoming an uncontrolled source of truth • implement clear validation, status, error and audit-history displays • maintain separation between presentation logic and governed application logic; and • support a controlled local demonstration workflow. React and TypeScript expertise is helpful but is not the primary selection criterion. The core selection priorities are senior Python, PostgreSQL, deterministic-rule, auditability, Docker, security and portability capability. 10. Automated Testing and Acceptance Evidence • Implement unit, integration, migration and workflow tests. • Implement deterministic-rule and calculation tests. • Implement permissions and unauthorized-change tests. • Implement evidence-traceability tests. • Implement report-consistency tests. • Implement API validation and error-handling tests. • Implement backup, restoration and portability tests. • Produce reproducible test results and acceptance evidence. • Correct material defects identified during implementation or independent review. • Support the independent QA/security reviewer in reproducing the build and tests. Superficial tests written only to create apparent coverage will not satisfy the engagement. 11. Security and Dependency Governance • Implement secure configuration and secrets handling. • Prevent credentials and secrets from being committed to repositories. • Apply least-privilege access appropriate to the alpha. • Review and document all direct dependencies. • Disclose all proposed open-source, commercial, third-party and background components. • Identify licensing, security, maintenance and portability risks. • Obtain written approval before introducing material third-party technology. • Avoid unnecessary services and dependencies. • Apply secure software-development practices. • Produce a software bill of materials or equivalent dependency register. • Review AI-assisted code for insecure or fabricated implementation. 12. Docker and Local Operation • Containerize approved components using Docker or OCI-compatible containers. • Provide complete Dockerfiles. • Provide Docker Compose or approved comparable local orchestration. • Ensure the application can be launched in a clean local environment. • Document all environment variables, configuration and startup procedures. • Ensure local operation does not depend on hidden Azure resources, credentials or services. • Provide a reproducible local demonstration configuration. • Verify that another qualified person can follow the documentation and start the application. 13. Azure Development and Resource Governance • Configure only those Azure resources required for approved implementation and testing. • Document the purpose, owner, dependency and planned removal of every resource. • Avoid unnecessary premium services, reservations, marketplace products and persistent infrastructure. • Prevent uncontrolled cost growth. • Identify and eliminate unnecessary Azure dependencies. • Ensure no Azure-specific component creates unavoidable vendor lock-in. • Maintain a documented replacement or migration path for every approved cloud-specific component. • Support complete export and removal of the Azure environment after verified non-Azure restoration. No paid third-party service or material Azure resource may be introduced without prior written approval. The public engagement does not authorize unrestricted infrastructure spending. 14. Portability and Independent Restoration Before the initial Azure environment is removed, the Technical Lead must prove that the delivered application can be restored and operated outside Azure. Required evidence must include: • complete source-code export • complete repository history • database schema and migration files • verified database export • approved demonstration data • container definitions • local orchestration configuration • configuration templates without live secrets • dependency manifests • build and installation instructions • restoration instructions • automated test results • successful startup outside Azure • successful database migration outside Azure • successful execution of approved workflows • successful deterministic-rule execution • successful generation of controlled reports • evidence that no hidden Azure dependency remains; and • cryptographic checksums for controlling delivery artifacts. The application will not be considered portable merely because its source code has been downloaded. 15. Backup, Export and Technical Handover The final delivery must include: • complete source code • complete private repository history • database schemas and migrations • API code and documentation • frontend code where applicable • deterministic-rule implementation • test suites and test results • configuration templates • Docker and orchestration files • infrastructure-as-code where used • database and controlled-data exports • dependency and licensing register • software bill of materials • architecture documentation • deployment documentation • local-launch instructions • restoration instructions • known-issues register • limitation register • migration and teardown instructions • all project-created diagrams and technical records • all required repository and access-control information; and • certified return or deletion of confidential project materials as required by contract. The Project Owner must retain complete control over repositories, cloud accounts, credentials, and project artifacts. Controlled Review and Acceptance Points Review Point 1 - Pre-Build Readiness • frozen-specification review • material-blocker assessment • architecture confirmation • dependency proposal • implementation plan; and • milestone confirmation. Review Point 2 - Application Foundation • repository structure • backend foundation • canonical data model • migrations • configuration approach • Docker foundation • security foundation; and • initial automated tests. Review Point 3 - Functional Implementation • deterministic rules • evidence traceability • workflows • decision controls • reporting • access controls • code-review findings; and • functional acceptance evidence. Review Point 4 - Portability and Final Delivery • complete test results • independent non-Azure restoration • technical documentation • dependency and licensing register • backup and export verification • final defect correction • migration and teardown package; and • complete handover. A separate independent QA/security reviewer will perform formal acceptance verification. The Senior Technical Lead must cooperate with that reviewer, provide required evidence and correct material implementation defects within the contracted scope. Required Technical Capability Applicants should demonstrate senior-level experience in most of the following: • hands-on software architecture and Technical Lead responsibility; • full-stack application delivery • Python application design and implementation • FastAPI or a comparable Python API framework • PostgreSQL and relational data modelling • SQLAlchemy and Alembic or equivalent tools • deterministic business-rule systems • version-controlled and reproducible calculations • evidence traceability and audit trails • role-based authorization and controlled workflows • React and TypeScript integration • Docker and OCI-compatible containers • Docker Compose or comparable local orchestration • Microsoft Azure architecture and resource governance • cloud-to-local, cloud-to-cloud or cloud-to-on-premises migration • infrastructure-as-code • CI/CD pipelines • automated unit, integration and acceptance testing • secure software-development practices • secure code review • configuration and secrets management • dependency and open-source licensing review • backup and restoration testing • technical documentation; and • complete technical handover. AI-Assisted Development The implementation may use controlled AI-assisted development tools. The Technical Lead must be capable of critically reviewing, correcting and governing AI-generated code, including identifying: • insecure configurations; • hallucinated or unsuitable dependencies • incorrect APIs or library usage • incomplete error handling • missing validation • superficial or missing tests • architectural drift • implementation conflicting with frozen specifications • hidden cloud dependencies • licensing risks • weak maintainability • fabricated functionality • non-reproducible calculations • non-traceable outputs; and • code that appears functional but cannot satisfy the acceptance criteria. AI-generated code must meet the same architecture, security, documentation, traceability and testing standards as human-written code. Confidential specifications, code, data or project materials may not be uploaded to an unapproved AI system. Candidate Requirements The selected candidate must: • personally perform the contracted Senior Technical Lead work • personally perform the core architecture and substantial core implementation • personally review the code throughout implementation • communicate clearly and directly with the Founder • provide precise written findings and implementation updates • distinguish material blockers from optional enhancements • work within the approved architecture and frozen requirements • avoid unauthorized product redesign or scope expansion • challenge material technical risks honestly • disclose all proposed background technology and reusable components • disclose all proposed third-party and open-source dependencies • obtain written approval before using any subcontractor • protect confidential information when using development or AI tools • work directly in Founder-controlled repositories and accounts • maintain reasonable Ontario/Eastern-time overlap • attend agreed live architecture, implementation and review sessions • cooperate with the independent QA/security reviewer • respond to and correct material implementation findings • meet the mandatory delivery date • deliver all stated artifacts; and • complete all contracted responsibilities within the agreed fixed price. Independent individuals are preferred. An agency may apply only where the named Senior Technical Lead will personally perform the architecture, core implementation, code review and technical integration. Substitution of the named professional or assignment of core responsibilities to junior personnel requires prior written approval. Fixed-Price Quotation Provide one total, all-inclusive fixed-price quotation for the complete scope described in this posting. The quotation must clearly identify: • total fixed price • any proposed milestone allocation • all included responsibilities and deliverables • number of live working and review sessions • number of written architecture or code-review cycles • assumptions • exclusions • earliest available start date • proposed milestone schedule • confirmation that final delivery can occur by July 17, 2026; • Ontario/Eastern-time availability • anticipated third-party costs • proposed cloud or infrastructure costs • the period during which material implementation defects will be corrected; and • any condition that could prevent completion. Responsibilities expressly stated in this posting may not later be treated as additional paid work unless the Founder approves a written change in scope. The fixed price must include reasonable corrections necessary to bring the candidate’s implementation and deliverables into conformity with the agreed specifications and acceptance criteria. Confidentiality and Intellectual Property Before receiving confidential specifications, the selected candidate must sign the client’s unilateral Non-Disclosure Agreement. Before beginning the engagement, the selected candidate must also sign a separate Independent Contractor Services and Intellectual Property Assignment Agreement. The services and IP agreement will address: • confidentiality and restricted use • scope and deliverables • ownership and assignment of project-created work product • source code, schemas, rules, tests, documentation and configuration; • disclosure of pre-existing and background intellectual property • approval of third-party and open-source dependencies • restrictions on subcontracting • restrictions on publicity, portfolios and case studies • restrictions on uploading confidential materials to unapproved AI systems • repository, credential and access controls • delivery of all project materials • warranties regarding authority to provide the work • correction of material defects • return or certified deletion of confidential information; and • survival of applicable confidentiality and IP obligations. The project name, application domain, architecture, source code, documents, screenshots, data, reports and results may not be publicly disclosed or used in a portfolio, case study, presentation, social-media post or marketing material without prior written authorization. Proposal Instructions Begin your proposal with: PORTABLE HANDS-ON TECHNICAL LEAD Proposals that do not begin with this exact phrase may not be reviewed. Then answer the following five questions directly. Screening Question 1 - Hands-On Implementation Describe one application that you personally architected and materially implemented that could operate across cloud and local or on-premises environments. State: • your exact role • the technical stack • the architecture you personally designed • the code or components you personally implemented • the portability controls used • the cloud-specific dependencies involved • how those dependencies were replaced or abstracted; and • what you personally delivered at completion. Do not describe only work performed by your team. Screening Question 2 - Deterministic Rules and Auditability How would you implement and verify that a Python/PostgreSQL application using deterministic business rules is: • versioned • reproducible • traceable • auditable • protected from unauthorized rule changes; and • capable of reproducing a historical result using the applicable data and rule versions? Identify the database, application, logging and testing controls you would use. Screening Question 3 - Azure Portability How would you prove that an application developed or tested in Azure had been successfully restored and operated outside Azure before the Azure environment was removed? Identify: • the exported artifacts • the clean target environment • the restoration procedure • the database tests • the application tests • the workflow tests • the reporting tests • evidence that no hidden Azure dependency remained; and • the final acceptance evidence you would provide. Screening Question 4 - Dual-Control Review Explain how you would: • review the frozen specifications before implementation • review existing, AI-assisted and personally written code during the build • document material architecture and code-review findings • provide reproducible evidence to an independent QA/security reviewer; • respond to independent findings; and • avoid improperly self-certifying final acceptance of your own implementation. Screening Question 5 - Delivery Plan and Mandatory Confirmations Provide a concise milestone plan showing how you would complete the operational-alpha scope by July 17, 2026. Identify: • your earliest start date • work you would personally complete • milestone dates • key dependencies • material risks • Founder decisions required • testing and restoration dates; and • final handover date. Confirm all of the following: • you will personally perform the Senior Technical Lead work • you will personally perform substantial core implementation • you will personally conduct continuous architecture and code review • you can sign a unilateral NDA; • you can sign a separate services and intellectual-property assignment agreement • you will work in Founder-controlled repositories and accounts; • you will not use unauthorized subcontractors • you will not upload confidential materials to unapproved AI systems • you will disclose all background technology and dependencies • you will cooperate with an independent QA/security reviewer • you can complete the work by July 17, 2026; and • your fixed-price quotation covers the complete scope described. Also provide: • your total fixed-price quotation • your earliest available start date • your proposed completion schedule • your Ontario/Eastern-time availability • two directly relevant project examples • your precise personal role on each project • supporting evidence where legally permissible; and • one professional reference relevant to senior hands-on architecture and implementation work. Generic proposals, AI-generated responses that do not address the questions, proposals focused primarily on advisory review, and proposals that do not demonstrate personal hands-on implementation experience will not be considered.

  • Less than 30 hrs/week
    Hourly
  • < 1 month
    Duration
  • Expert
    Experience Level
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
Python
PostgreSQL
Docker
Activity on this job
  • Proposals:10 to 15
  • Interviewing:
    0
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Jun 20, 2013
  • Canada
    Mississauga5:38 AM
  • $19K total spent
    113 hires, 10 active
  • 305 hours

Explore similar jobs on Upwork

Software DeveloperHourly‐ Posted 8 months ago
ASP.NET MVC
Django
Python
AngularJS
JavaScript
jQuery
WordPress
Google Chrome Extension
React
CRM Development
Microsoft Dynamics 365
Microsoft Dynamics CRM
Microsoft Dynamics Development
Microsoft PowerApps
Single Sign-On
Three.js
JavaScript
WordPress
AR Plugin
WooCommerce
3D Modeling

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo