[Remote] Principal Software Engineer

Note: The job is a remote job and is open to candidates in USA. DigitalOcean is a cutting-edge technology company focused on simplifying cloud services and AI for developers. They are seeking a Principal Software Engineer to lead the technical vision and architecture for Identity & Access Management and Key Management Services, ensuring robust security and high availability across their platform.

Responsibilities

• Define and drive the multi-year technical roadmap for IAM and KMS including authentication, authorization, secrets management, and cryptographic key lifecycle across DigitalOcean's global, multi-tenant cloud platform
• Design high-availability, low-latency identity and key management services in Go that handle massive, sustained load across global regions with strong consistency and full auditability
• Architect secure token exchange patterns and identity context injection for agentic AI workflows, building the IAM foundations that underpin DigitalOcean's emerging AI/ML platform offerings
• Design and deliver a robust, multi-tenant KMS, including envelope encryption, customer-managed key patterns, and HSM-backed key material, that gives customers deep, fine-grained control over their data security posture
• Drive the evolution of our Policy Engine (Rego/OPA) to support advanced resource-level permissions, dynamic scoping, network-aware access conditions, and the complex authorization demands of agentic workflows
• Partner with Inference, Billing, DOKS, and Platform Security to resolve architectural gaps that span multiple teams. Serve as the connective tissue between identity and the broader cloud platform and ensure security is an enabler of developer velocity, not an obstacle
• Establish cryptographic and identity engineering standards adopted org-wide. Lead design reviews for changes with cross-cutting platform risk and author RFCs that shape DigitalOcean's technical direction
• Mentor and develop senior and mid-level engineers across IAM and adjacent teams. Conduct deep code reviews, model architectural thinking, and build a culture of security-first engineering

Skills

• 10+ years of software engineering experience, with at least 4+ years focused on Identity (AuthN/AuthZ), Key Management, or high-scale distributed systems in a cloud or IaaS environment
• Expert-level proficiency in Go and deep experience with gRPC microservices architecture
• Deep knowledge of identity protocols (OIDC, OAuth2, SAML, SCIM) and access control models (RBAC, ABAC, PBAC), with a track record of delivering these at cloud scale
• Hands-on experience designing or operating key management infrastructure, including envelope encryption, HSM integration, and BYOK/CMEK patterns
• Proven ability to build systems that handle consensus, replication, and partitioning at scale with strong reliability and observability
• Deep experience with Kubernetes, SQL (MySQL), and Infrastructure as Code (Terraform)
• Demonstrated track record of driving ambiguous, multi-team platform initiatives from problem definition through to shipped, production capability
• Ability to write crisp RFCs, present architectural strategy to senior leadership, and align diverse teams around a shared technical direction
• Experience with SPIFFE/SPIRE or workload identity federation
• Familiarity with secrets management platforms (e.g., HashiCorp Vault)
• Contributions to open-source identity or cryptography projects

Benefits

• We provide employees with reimbursement for relevant conferences, training, and education.
• All employees have access to LinkedIn Learning's 10,000+ courses to support their continued growth and development.
• We will provide you with a competitive array of benefits to support you from our Employee Assistance Program to Local Employee Meetups to flexible time off policy, to name a few.
• You may qualify for a bonus in addition to base salary; bonus amounts are determined based on company and individual performance.
• We also provide equity compensation to eligible employees, including equity grants upon hire and the option to participate in our Employee Stock Purchase Program.

Company Overview

Company H1B Sponsorship