Principal Architect
$235,200–$294,000 year
Hybrid · Boston, Massachusetts, United States
Job Summary
Lead the IAM and KMS platform strategy for DigitalOcean as a Senior IC6, owning multi-year roadmaps and architecture across authentication, authorization, secrets management, and cryptographic key lifecycle. Design high-availability, low-latency services in Go for global regions with strong consistency and full auditability; architect secure token exchange patterns for agentic AI workflows; deliver a robust multi-tenant KMS with envelope encryption and HSM-backed key material; evolve policy engines (Rego/OPA) for complex authorization scenarios; partner with cross-functional teams to ensure security enables developer velocity; set engineering standards, conduct deep code reviews, and mentor senior and mid-level engineers. Also expected: strong experience in distributed systems, cryptography, cloud-native tooling, and clear technical communication.
Required Qualifications
- 10+ years of software engineering experience
- 4+ years focused on Identity (AuthN/AuthZ), Key Management, or high-scale distributed systems in a cloud or IaaS environment
- Expert-level proficiency in Go and deep experience with gRPC microservices architecture
- Deep knowledge of identity protocols (OIDC, OAuth2, SAML, SCIM) and access control models (RBAC, ABAC, PBAC)
- Hands-on experience designing or operating key management infrastructure, including envelope encryption, HSM integration, and BYOK/CMEK patterns
- Experience with Kubernetes, MySQL, and Terraform
- Proven ability to drive ambiguous, multi-team platform initiatives from problem definition through to shipped, production capability
- Ability to write crisp RFCs, present architectural strategy to senior leadership, and align diverse teams around a shared technical direction
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.