Track Lead - JBoss Application Server, Apache Tomcat

Job Summary

We are looking for a seasoned Senior Middleware Lead to own and drive our strategic migration of on-premises middleware infrastructure to Google Cloud Platform (GCP). The candidate will bring hands-on expertise across key middleware technologies — IBM MQ, Apache Tomcat, Apache HTTP Server / ActiveMQ / Camel, Apigee API Gateway, TIBCO Business Works / EMS — and translate that expertise into robust cloud-native designs, enabling the organisation to achieve agility, resilience, and cost efficiency on GCP. This is an end-to-end ownership role: from current-state assessment through HLD/LLD authoring, hands-on migration execution, and post-go-live steady-state operations.

Key Responsibilities

• Current-State Assessment & Migration Planning • Conduct a comprehensive discovery of all on-premises middleware: IBM MQ queues/channels/topics, Tomcat application deployments, Apache HTTP virtual-host configurations, TIBCO flows, and Apigee proxies.
• Build a detailed middleware inventory including versions, dependencies, integrations, SLA requirements, and business criticality.
• Define migration strategies per workload — Rehost, Replatform, Refactor, or Replace — and document decisions with justification.
• Produce a phased Migration Roadmap with milestones, resource plans, risk register, and rollback procedures.
• Estimate effort, timeline, and cost for each migration wave; present to senior stakeholders for sign-off. 2.2 Architecture Design – HLD & LLD • Author High-Level Design (HLD) documents covering the target GCP middleware landscape: topology diagrams, integration patterns, security architecture, network flows, and DR strategy.
• Produce Low-Level Design (LLD) documents detailing:
• IBM MQ → Cloud Pub/Sub or MQ on GKE: queue/topic mapping, message schemas, dead-letter handling, poison-message strategy.
• Apache Tomcat → GKE / Cloud Run: containerisation approach, Dockerfile, JVM tuning, session management, health probes.
• Apache HTTP Server → Cloud Load Balancing / Cloud Armor: virtual-host migration, SSL termination, rewrite rules, WAF policies.
• Apigee On-Prem / Apigee Edge → Apigee X: proxy bundle migration, environment configs, KVMs, target servers, monetisation policies.
• TIBCO Business Works / EMS → Cloud Pub/Sub, Dataflow, or containerised TIBCO on GKE: flow decomposition, topic mapping, adapter replacement.
• Ensure all designs adhere to GCP Well-Architected Framework principles: security, reliability, performance, cost-optimisation, and operational excellence.
• Maintain living architecture documents version-controlled in a shared repository (Confluence / Git). 2.3 Hands-On Migration Execution • Lead the end-to-end migration of middleware workloads across phased sprints, working hands-on with the engineering team.
• Containerise Tomcat-based applications using Docker and deploy on GKE with Helm charts; configure HPA and resource limits.
• Migrate IBM MQ topologies to Cloud Pub/Sub or IBM MQ on GKE; validate message ordering, durability, and exactly-once semantics.
• Migrate Apache HTTP Server configurations to GCP Cloud Load Balancing, configuring SSL policies, URL maps, Cloud Armor security policies, and backend services.
• Execute Apigee proxy migration from Edge/on-prem to Apigee X; reconfigure OAuth 2.0 flows, API products, developer apps, and analytics.
• Re-platform TIBCO BW processes to cloud-native equivalents (Cloud Dataflow pipelines, Pub/Sub topics) or containerise on GKE with TIBCO runtime.
• Implement hybrid connectivity for phased cutovers using Cloud Interconnect, Cloud VPN, and VPC peering.
• Conduct performance and load testing of migrated workloads; tune configurations to meet or exceed on-prem SLAs. 2.4 Security & Compliance • Enforce zero-trust security for middleware: mTLS between services, OAuth 2.0 / OpenID Connect via Apigee, API key management, and IAM least-privilege.
• Configure VPC Service Controls, Private Service Connect, and Cloud Armor policies to protect middleware endpoints.
• Manage secrets (keystore passwords, MQ credentials, TIBCO certificates) via GCP Secret Manager and Hashi Corp Vau

Skill Requirements

• Current-State Assessment & Migration Planning • Conduct a comprehensive discovery of all on-premises middleware: IBM MQ queues/channels/topics, Tomcat application deployments, Apache HTTP virtual-host configurations, TIBCO flows, and Apigee proxies.
• Build a detailed middleware inventory including versions, dependencies, integrations, SLA requirements, and business criticality.
• Define migration strategies per workload — Rehost, Replatform, Refactor, or Replace — and document decisions with justification.
• Produce a phased Migration Roadmap with milestones, resource plans, risk register, and rollback procedures.
• Estimate effort, timeline, and cost for each migration wave; present to senior stakeholders for sign-off. 2.2 Architecture Design – HLD & LLD • Author High-Level Design (HLD) documents covering the target GCP middleware landscape: topology diagrams, integration patterns, security architecture, network flows, and DR strategy.
• Produce Low-Level Design (LLD) documents detailing:
• IBM MQ → Cloud Pub/Sub or MQ on GKE: queue/topic mapping, message schemas, dead-letter handling, poison-message strategy.
• Apache Tomcat → GKE / Cloud Run: containerisation approach, Dockerfile, JVM tuning, session management, health probes.
• Apache HTTP Server → Cloud Load Balancing / Cloud Armor: virtual-host migration, SSL termination, rewrite rules, WAF policies.
• Apigee On-Prem / Apigee Edge → Apigee X: proxy bundle migration, environment configs, KVMs, target servers, monetisation policies.
• TIBCO Business Works / EMS → Cloud Pub/Sub, Dataflow, or containerised TIBCO on GKE: flow decomposition, topic mapping, adapter replacement.
• Ensure all designs adhere to GCP Well-Architected Framework principles: security, reliability, performance, cost-optimisation, and operational excellence.
• Maintain living architecture documents version-controlled in a shared repository (Confluence / Git). 2.3 Hands-On Migration Execution • Lead the end-to-end migration of middleware workloads across phased sprints, working hands-on with the engineering team.
• Containerise Tomcat-based applications using Docker and deploy on GKE with Helm charts; configure HPA and resource limits.
• Migrate IBM MQ topologies to Cloud Pub/Sub or IBM MQ on GKE; validate message ordering, durability, and exactly-once semantics.
• Migrate Apache HTTP Server configurations to GCP Cloud Load Balancing, configuring SSL policies, URL maps, Cloud Armor security policies, and backend services.
• Execute Apigee proxy migration from Edge/on-prem to Apigee X; reconfigure OAuth 2.0 flows, API products, developer apps, and analytics.
• Re-platform TIBCO BW processes to cloud-native equivalents (Cloud Dataflow pipelines, Pub/Sub topics) or containerise on GKE with TIBCO runtime.
• Implement hybrid connectivity for phased cutovers using Cloud Interconnect, Cloud VPN, and VPC peering.
• Conduct performance and load testing of migrated workloads; tune configurations to meet or exceed on-prem SLAs. 2.4 Security & Compliance • Enforce zero-trust security for middleware: mTLS between services, OAuth 2.0 / OpenID Connect via Apigee, API key management, and IAM least-privilege.
• Configure VPC Service Controls, Private Service Connect, and Cloud Armor policies to protect middleware endpoints.
• Manage secrets (keystore passwords, MQ credentials, TIBCO certificates) via GCP Secret Manager and Hashi Corp Vau

Other Requirements

• Current-State Assessment & Migration Planning • Conduct a comprehensive discovery of all on-premises middleware: IBM MQ queues/channels/topics, Tomcat application deployments, Apache HTTP virtual-host configurations, TIBCO flows, and Apigee proxies.
• Build a detailed middleware inventory including versions, dependencies, integrations, SLA requirements, and business criticality.
• Define migration strategies per workload — Rehost, Replatform, Refactor, or Replace — and document decisions with justification.
• Produce a phased Migration Roadmap with milestones, resource plans, risk register, and rollback procedures.
• Estimate effort, timeline, and cost for each migration wave; present to senior stakeholders for sign-off. 2.2 Architecture Design – HLD & LLD • Author High-Level Design (HLD) documents covering the target GCP middleware landscape: topology diagrams, integration patterns, security architecture, network flows, and DR strategy.
• Produce Low-Level Design (LLD) documents detailing:
• IBM MQ → Cloud Pub/Sub or MQ on GKE: queue/topic mapping, message schemas, dead-letter handling, poison-message strategy.
• Apache Tomcat → GKE / Cloud Run: containerisation approach, Dockerfile, JVM tuning, session management, health probes.
• Apache HTTP Server → Cloud Load Balancing / Cloud Armor: virtual-host migration, SSL termination, rewrite rules, WAF policies.
• Apigee On-Prem / Apigee Edge → Apigee X: proxy bundle migration, environment configs, KVMs, target servers, monetisation policies.
• TIBCO Business Works / EMS → Cloud Pub/Sub, Dataflow, or containerised TIBCO on GKE: flow decomposition, topic mapping, adapter replacement.
• Ensure all designs adhere to GCP Well-Architected Framework principles: security, reliability, performance, cost-optimisation, and operational excellence.
• Maintain living architecture documents version-controlled in a shared repository (Confluence / Git). 2.3 Hands-On Migration Execution • Lead the end-to-end migration of middleware workloads across phased sprints, working hands-on with the engineering team.
• Containerise Tomcat-based applications using Docker and deploy on GKE with Helm charts; configure HPA and resource limits.
• Migrate IBM MQ topologies to Cloud Pub/Sub or IBM MQ on GKE; validate message ordering, durability, and exactly-once semantics.
• Migrate Apache HTTP Server configurations to GCP Cloud Load Balancing, configuring SSL policies, URL maps, Cloud Armor security policies, and backend services.
• Execute Apigee proxy migration from Edge/on-prem to Apigee X; reconfigure OAuth 2.0 flows, API products, developer apps, and analytics.
• Re-platform TIBCO BW processes to cloud-native equivalents (Cloud Dataflow pipelines, Pub/Sub topics) or containerise on GKE with TIBCO runtime.
• Implement hybrid connectivity for phased cutovers using Cloud Interconnect, Cloud VPN, and VPC peering.
• Conduct performance and load testing of migrated workloads; tune configurations to meet or exceed on-prem SLAs. 2.4 Security & Compliance • Enforce zero-trust security for middleware: mTLS between services, OAuth 2.0 / OpenID Connect via Apigee, API key management, and IAM least-privilege.
• Configure VPC Service Controls, Private Service Connect, and Cloud Armor policies to protect middleware endpoints.
• Manage secrets (keystore passwords, MQ credentials, TIBCO certificates) via GCP Secret Manager and Hashi Corp Vau