Principal Engineer, AI Platform

About The Position

Requirements

• 12+ years of software engineering experience, with at least 4 years at staff or principal scope.
• Deep expertise in distributed systems: event-driven architectures, durable execution, service mesh, and multi-tenant platform design.
• Production experience with authentication and authorization infrastructure: OAuth 2.0, OIDC, SPIFFE/SPIRE or equivalent workload identity, token exchange (RFC 8693), and policy engines (OPA, OpenFGA, or comparable).
• Strong security engineering fundamentals: credential vaulting, secrets management (OpenBao/Vault), audit trail design, and least-privilege access at scale.
• Fluency in at least one compiled, systems-capable language (Go preferred, Rust or C++ acceptable); comfort reading and writing Go microservices is essential.
• Track record of owning multi-service platform architecture across a full product lifecycle.
• Exceptional written communication: design documents and architecture reviews that are clear, precise, and influence without authority.
• Hands-on experience building LLM-integrated systems: agent orchestration, tool-use frameworks, MCP (Model Context Protocol), or equivalent agent-to-tool middleware.
• Experience with plugin or extension runtime design: WASM sandboxing, gRPC sidecar patterns, subprocess isolation, or comparable capability security models.
• Familiarity with knowledge graph systems (Neo4j or comparable), vector databases, and hybrid retrieval (semantic + keyword + graph).
• Experience operating Kubernetes-based platforms: scheduling, workload identity, sidecar injection, and multi-tenancy isolation.

Responsibilities

• Own the end-to-end technical architecture across Geppetto, EMA, Hodor, Multipass, Vektor, and Roost, ensuring coherence and well-defined integration seams.
• Drive architectural decisions for agent identity and workload authorization, translating security requirements into implementable designs.
• Establish patterns for AI agent authentication, credential reception, tool execution, and auditing, maintaining correctness across the stack.
• Lead design reviews for new capabilities, evaluate build vs. buy decisions, and identify technical risks.
• Design and implement Cluster API and provider abstractions for EMA to manage headless agent runs.
• Evolve Hodor's plugin runtime and gateway security posture.
• Architect Vektor's knowledge graph, vector search, and memory consolidation pipeline.
• Define durability, consistency, and isolation requirements for shared event-driven architectures.
• Lead the Multipass proposal, defining separation of concerns and migrating the credential vault.
• Hold the standard for credential security across the stack.
• Work with Epic's security organization to ensure agent-to-service trust models meet enterprise standards.
• Partner with product, ML, and enterprise platform teams to shape agent capabilities.
• Mentor senior and staff engineers, conduct technical interviews, and raise the hiring bar.
• Write design documents that serve as reference architecture.

Benefits

• Generous benefit plans
• Discretionary incentive programs