Principal Engineer, Identity Data Security and Trust
Leads architecture and strategy for Data Exfiltration Protection (DXP) and Data Movement Policy (DMP) systems. Bridges security policy with scalable enforcement in multi-cloud environments, requiring 12+ years experience in distributed systems and security expertise.
264k – 380k/yr
On-site12+ YOESecurity Engineering
About the role
Responsibilities
Lead the design and implementation of the Data Movement Policy (DMP) framework, ensuring it can handle complex multi-cloud and hybrid environments.
Define the roadmap for Data Exfiltration Protection (DXP), evolve and enhance ingress and egress controls, and intelligent anomaly detection for data egress.
Drive the technical effort to unify Context-Aware Access policies with egress perimeter controls, creating a single, cohesive policy engine for all data movement.
Author and review complex design documents for DMP and Perimeter Policy, ensuring high reliability, low latency, and auditability.
Partner with Product Management to refine the DXP product requirements and translate business goals into actionable engineering milestones.
Guide senior and staff engineers across multiple teams, fostering a culture of security-first engineering and rigorous design standards.
Requirements
12+ years of experience in software engineering, with at least 5 years in a principal or architect role focusing on infrastructure or security.
Deep understanding of network security protocols (TLS/SSL, HTTP/S, DNS), Zero Trust architectures, and Data Loss Prevention (DLP) technologies.
Proven track record of designing and deploying high-scale distributed systems (Java, Go, or C++).
Strong experience with cloud-native security controls in AWS, GCP, or Azure (e.g., VPC Service Controls, Private Link).
Effective deployment of AI models and tooling to improve team productivity and execution.
Excellent ability to communicate complex technical concepts to both executive leadership and individual contributors.
Skills
JavaGoC++AWSGCPAzureZero TrustDlpTls/SslVpc Service ControlsPrivate LinkAi Models
Principal-level individual contributor defining and owning network architecture strategy across Crusoe's AI infrastructure stack, from data center fabrics and RDMA to SDN, Kubernetes networking, and automation. Requires 12+ years experience with expert-level routing, SDN, and large-scale data center design.
265k – 310k/yr
On-site12+ YOESecurity Engineering
Principal Engineer, Authentication
DatabricksBellevue, WA +1
Principal Engineer leads Authentication strategy at Databricks, crafting secure, scalable systems with 10+ years in data security, 15+ in distributed systems, and MS/PhD required. Mentors teams and drives executive decisions.
266k – 366k/yr
Remote10+ YOESecurity Engineering
Principal Incident Responder
FluidstackSan Francisco, CA +1
Lead material incident response as the most senior commander. Build and run the full IR program including runbooks, on-call processes, agent-human coordination, and cross-functional remediation for AI infrastructure.
270k – 370k/yr
On-siteSecurity Engineering
Principal Security Engineer, Infrastructure Security
OpenAISan Francisco, CA +3
Leads architecture and implementation of planet-scale security services like authN/Z, proxies, and key management for OpenAI's GPU clusters, multi-cloud infra, and AI models. Requires expertise in secure distributed systems, cloud platforms, and cross-team leadership.
278k – 490k/yr
RemoteSecurity Engineering
Principal Security Engineer, Infrastructure Security
OpenAISan Francisco, CA +3
Principal Security Engineer leads security for OpenAI's infrastructure including GPU clusters, multi-cloud, datacenters, and Kubernetes. Drives strategy, builds controls against advanced threats, and mentors teams with deep cloud and on-prem expertise.