Pre-launch Security & Production-readiness Review — Django/DRF Multi-tenant SaaS

Role Overview

We are seeking an experienced Full-Stack/Security Engineer to perform a comprehensive review of our multi-tenant B2B SaaS platform, designed for managing renewable-energy assets in the Australian electricity market. As we prepare to onboard our first paying customers, your expertise will ensure that our codebase is secure and production-ready, focusing on critical areas such as data isolation, authentication, and deployment hardening.

Responsibilities

• Conduct a thorough review of multi-tenant data isolation to ensure robust separation of tenant data across all layers, including API views, ORM queries, background jobs, and AI-assistant features.
• Evaluate authentication, authorization, and security measures, including login middleware, role-based access control, CSRF/XSS protection, session configuration, secrets management, and SQL generation/validation.
• Assess production-readiness and deployment hardening, focusing on Django settings, Docker configurations, dependency vulnerabilities, error-handling, and data-ingestion pipeline resilience.
• Perform a code-health spot-check to identify and flag violations of our core principles: avoiding silent error-swallowing and ensuring deterministic calculations.
• Deliver a detailed report of findings, ranked by severity, with specific, actionable recommendations.
• Provide a 30-minute walkthrough of Critical/High-severity findings with our team.

Required Skills

• Proven experience with Django, Django REST Framework, and PostgreSQL in production environments.
• Strong background in security assessments, particularly within multi-tenant SaaS platforms.
• Familiarity with AWS services, Docker, Redis, Celery, and CI/CD practices using GitHub Actions.
• Excellent analytical and documentation skills to communicate findings clearly and effectively.
• Based in the APAC timezone and fluent in English.

Nice to Have

• Knowledge of the energy market, especially within the context of renewable energy management.