Principal Engineer, Identity Data Security and Trust

Leads architecture and strategy for Data Exfiltration Protection (DXP) and Data Movement Policy (DMP) systems. Bridges security policy with scalable enforcement in multi-cloud environments, requiring 12+ years experience in distributed systems and security expertise.

264k – 380kMenlo Park, CASecurity EngineeringOnsite12+ YOE

Apply

About the role

Responsibilities

Lead the design and implementation of the Data Movement Policy (DMP) framework, ensuring it can handle complex multi-cloud and hybrid environments.
Define the roadmap for Data Exfiltration Protection (DXP), evolve and enhance ingress and egress controls, and intelligent anomaly detection for data egress.
Drive the technical effort to unify Context-Aware Access policies with egress perimeter controls, creating a single, cohesive policy engine for all data movement.
Author and review complex design documents for DMP and Perimeter Policy, ensuring high reliability, low latency, and auditability.
Partner with Product Management to refine the DXP product requirements and translate business goals into actionable engineering milestones.
Guide senior and staff engineers across multiple teams, fostering a culture of security-first engineering and rigorous design standards.

Requirements

12+ years of experience in software engineering, with at least 5 years in a principal or architect role focusing on infrastructure or security.
Deep understanding of network security protocols (TLS/SSL, HTTP/S, DNS), Zero Trust architectures, and Data Loss Prevention (DLP) technologies.
Proven track record of designing and deploying high-scale distributed systems (Java, Go, or C++).
Strong experience with cloud-native security controls in AWS, GCP, or Azure (e.g., VPC Service Controls, Private Link).
Effective deployment of AI models and tooling to improve team productivity and execution.
Excellent ability to communicate complex technical concepts to both executive leadership and individual contributors.

Skills

JavaGoC++AWSGCPAzureZero TrustDlpTls/SslVpc Service ControlsPrivate LinkAi Models

Similar roles

Security Engineering jobs

Crusoe

Principal Network Architect

Principal-level individual contributor defining and owning network architecture strategy across Crusoe's AI infrastructure stack, from data center fabrics and RDMA to SDN, Kubernetes networking, and automation. Requires 12+ years experience with expert-level routing, SDN, and large-scale data center design.

265k – 310kSan Francisco, CA +2Security EngineeringOn-site12+ YOEBGPBfd

Databricks

Principal Engineer, Authentication

Principal Engineer leads Authentication strategy at Databricks, crafting secure, scalable systems with 10+ years in data security, 15+ in distributed systems, and MS/PhD required. Mentors teams and drives executive decisions.

266k – 366kBellevue, WA +1Security EngineeringRemote10+ YOEKubernetesWeb Security

Fluidstack

Principal Incident Responder

Lead material incident response as the most senior commander. Build and run the full IR program including runbooks, on-call processes, agent-human coordination, and cross-functional remediation for AI infrastructure.

270k – 370kSan Francisco, CA +1Security EngineeringOn-siteKPI TrackingThreat Modeling

OpenAI

Principal Security Engineer, Infrastructure Security

Leads architecture and implementation of planet-scale security services like authN/Z, proxies, and key management for OpenAI's GPU clusters, multi-cloud infra, and AI models. Requires expertise in secure distributed systems, cloud platforms, and cross-team leadership.

278k – 490kSan Francisco, CA +3Security EngineeringRemoteAWSGCP

OpenAI

Principal Security Engineer, Infrastructure Security

Principal Security Engineer leads security for OpenAI's infrastructure including GPU clusters, multi-cloud, datacenters, and Kubernetes. Drives strategy, builds controls against advanced threats, and mentors teams with deep cloud and on-prem expertise.

278k – 490kSan Francisco, CA +3Security EngineeringRemoteAWSBmc