Principal Engineer, AI Platform

About The Position

Requirements

• 12+ years of software engineering experience, with at least 4 years at staff or principal scope.
• Deep expertise in distributed systems: event-driven architectures, durable execution, service mesh, and multi-tenant platform design.
• Production experience with authentication and authorization infrastructure — OAuth 2.0, OIDC, SPIFFE/SPIRE or equivalent workload identity, token exchange (RFC 8693), and policy engines (OPA, OpenFGA, or comparable).
• Strong security engineering fundamentals: credential vaulting, secrets management (OpenBao/Vault), audit trail design, and least-privilege access at scale.
• Fluency in at least one compiled, systems-capable language (Go preferred, Rust or C++ acceptable); comfort reading and writing Go microservices is essential.
• Track record of owning multi-service platform architecture across a full product lifecycle — from design through sustained production operation.
• Exceptional written communication: design documents and architecture reviews that are clear, precise, and influence without authority.
• Hands-on experience building LLM-integrated systems: agent orchestration, tool-use frameworks, MCP (Model Context Protocol), or equivalent agent-to-tool middleware.
• Experience with plugin or extension runtime design — WASM sandboxing, gRPC sidecar patterns, subprocess isolation, or comparable capability security models.
• Familiarity with knowledge graph systems (Neo4j or comparable), vector databases, and hybrid retrieval (semantic + keyword + graph).
• Experience operating Kubernetes-based platforms: scheduling, workload identity, sidecar injection, and multi-tenancy isolation.

Responsibilities

• Own the end-to-end technical architecture across Epic's AI Infrastructure Platforms, ensuring coherence and well-defined integration seams.
• Drive architectural decisions for agent identity and workload authorization, translating security requirements into implementable designs.
• Establish patterns for how AI agents authenticate, receive credentials, execute tools, and are audited, maintaining correctness across the stack.
• Lead design reviews for new capabilities, evaluate build vs. buy decisions, and identify technical risks.
• Design and implement Cluster API and provider abstractions for EMA, managing headless agent runs across various compute backends.
• Evolve Epic's AI MCP Gateway plugin runtime and its security posture.
• Architect Epic's knowledge graph, vector search, and memory consolidation pipeline for org-wide scale.
• Define durability, consistency, and isolation requirements across event-driven architectures.
• Lead the AI NHI Identity proposal from strategy to execution, defining separation of concerns and migrating the credential vault.
• Hold the standard for credential security across the stack.
• Work with Epic's security organization to ensure agent-to-service trust models meet enterprise standards.
• Partner with product, ML, and enterprise platform teams to shape agent capability exposure.
• Mentor senior and staff engineers, conduct technical interviews, and raise the hiring bar.
• Write design documents that serve as reference architecture for future work.
• Write production code, design protocols, and make critical architectural decisions.

Benefits

• Medical insurance
• Dental insurance
• Vision HRA
• Long Term Disability
• Life Insurance
• 401k with competitive match
• Robust mental well-being program through Modern Health (free therapy and coaching for employees & dependents)
• Company events
• Company-wide paid breaks
• Unlimited PTO and sick time
• Paid sabbatical for 7 years of employment