Principal Cloud Security Architect

eBay•San Jose, CA

1d•$186,400 - $321,500

About The Position

At eBay, we're more than a global ecommerce leader — we’re changing the way the world shops and sells. Our platform empowers millions of buyers and sellers in more than 190 markets around the world. We’re committed to pushing boundaries and leaving our mark as we reinvent the future of ecommerce for enthusiasts. Our customers are our compass, authenticity thrives, bold ideas are welcome, and everyone can bring their unique selves to work — every day. We're in this together, sustaining the future of our customers, our company, and our planet. Join a team of passionate thinkers, innovators, and dreamers — and help us connect people and build communities to create economic opportunity for all. About the team and role: We are seeking an exceptional Principal Security Architect to join eBay's Security Engineering leadership team at a critical inflection point. A hands-on, Principal Software Development Engineer role developed for a pragmatic systems thinker. This person will architect, build, and implement security solutions that scale globally across our Kubernetes clusters and Cloud environment. The role places you as the key technical leader driving our Security transformation. Your directive is to eliminate complexity, pioneer simple and scalable solutions, and embed security controls directly into eBay’s extensive infrastructure with near-zero adoption toil. This is a unique opportunity to join a major enterprise during a high-visibility, executive-sponsored transformation. You won't be managing tickets; your role involves engineering the foundational security solutions for one of the world's largest e-commerce platforms. If you are ready for maximum impact, to harness innovative AI for security, and to solve an extensive technical challenge, we want to hear from you. Executive Directive and Impact This Principal Architect role reports directly to the Vice President of Global Engineering. This structure is intentionally composed to grant you the vital transparency, authority, and executive support to cut through bureaucracy, secure rapid consensus from peer organizations, and ensure your architectural vision is realized. Your work will directly translate into the important measures reviewed at the executive level.

Requirements

8+ years in backend/systems engineering; building distributed services and controllers.
Kubernetes Fundamentals: Hands-on experience building controllers/Operators/CRDs.
Identity Architecture: Proven understanding of enterprise-level IDM/IAM systems (e.g., federated identity, role-based access control, provisioning) and PAM solutions.
Tokenization or Encryption-as-a-Service solutions at scale.
Linux & Networking Mastery: Solid grasp of TCP/IP, Linux, and container networking.
Operational Excellence: Experience running and maintaining high-scale services in public/private cloud environments.

Nice To Haves

Deep SDN/CNI expertise (Cilium, Calico, Istio) and experience with Envoy filter development.
Familiarity with eBPF for network observability or security policy enforcement.
Experience with security policy engines (OPA/Gatekeeper).
Exposure to event pipelines (Kafka, PubSub) for high-volume controller communication.

Responsibilities

Cloud-Native Architecture & Engineering (Hands-On Implementation)
Control Plane Engineering: Design, build, and maintain highly reliable control-plane services that orchestrate network policy and segmentation across thousands of Kubernetes clusters.
Identity and Data Protection: Architect and implement scalable, low-toil solutions for key security primitives, including Tokenization, Identity and Access Management (IDM/IAM), and Privileged Access Management (PAM) systems, ensuring these solutions integrate frictionlessly into developer workflows.
Unification and Standardization: Architect solutions to unify disparate security systems (e.g., policy engines, data stores) into a single, cohesive security enforcement pipeline using modern techniques like eBPF and standardized policy engines.
Networking and CNI Integration: Drive integration at scale with SDN/CNI layers (Istio/Envoy/Calico/Cilium) and Linux networking fundamentals (iptables/nftables, BGP).
Low Adoption Toil: Ensure all delivered solutions are production-ready, highly observable, and built for easy adoption, minimizing the manual burden on our development teams.
Lead the strategic adoption of AI/ML methods as a superpower for scale and speed. Target automation for configuration and policy enforcement fan-out across distributed systems.
System Reliability: Define rollout quality strategies, config management, and schema migrations. You will drive systemic improvements through blameless postmortems.
Mentorship and Multiplier: Coach senior and junior engineers on systems design, reliable operations, and testing practices. You will influence standard methodologies across SRE, Security, and Cloud teams.
Secure Adoption Enthusiast: Work directly with peer organizations to drive adoption of your reference implementations. Your success is measured by the number of teams voluntarily adopting your solutions.