Principal Software Engineer, Agent Policy Fabric

About The Position

Requirements

• Bachelor's degree (or equivalent experience) with 15+ years of industry experience in systems software, security engineering, distributed systems, or policy infrastructure.
• Strong programming skills in Rust, Go, C++, or Python; experience designing production services, APIs, schemas, policy engines, authorization systems, or signed artifact pipelines.
• Linux systems, IPC or service-to-service APIs, protobuf/gRPC or equivalent wire formats, CI, test automation, release engineering, and cloud or enterprise deployment environments.
• Practical experience with authorization, cryptographic signatures, trust roots, revocation, subject binding, rollback protection, secure-by-default failure handling, and zero-trust architecture patterns.
• Ability to write streamlined technical specifications, align multiple engineering owners, defend bounded claims, and turn working-draft architecture into buildable interfaces without over-scoping the runtime.

Nice To Haves

• Experience with OPA/Rego, Cedar, Zanzibar-style authorization, policy compilers, sandbox policy, or runtime enforcement systems.
• Familiarity with agent frameworks, tool-call governance, sandboxed execution, OpenShell-like runtime substrates, MCP-style tool routing, or credential isolation for agents.
• Experience with Sigstore, TUF, in-toto, HSM-backed signing, package provenance, signed configuration, or enterprise trust-root distribution.
• Experience using property testing, model checking, symbolic execution, red-team findings, or bounded verification to constrain security claims.
• Experience contributing to RFCs in identity, supply-chain, or policy spaces (IETF, OpenID Foundation, FIDO Alliance, CNCF, NIST).

Responsibilities

• Own APF Core Services: Build and harden the Runtime Policy Verifier, signed policy bundle verification, trust-root handling, freshness, rollback protection, subject binding to attested runtime context, revocation checks, and authorization APIs used by APF-compatible enforcement points.
• Design Policy Projection: Implement deterministic projections from the canonical APF policy into OpenShell-native runtime policy, adapter constraints, credential constraints, audit requirements, and model-visible tool hints, while preserving the atomic projection-admission contract.
• Build Conformance and Verification: Create golden fixtures, compatibility tests, negative tests, fuzz/property tests, and conformance suites that prove APF-compatible runtimes and adapters honor the same contract.
• Collaborate with Runtime Owners: Engage alongside OpenShell and Infrastructure engineers on public runtime interfaces for projection consumption, runtime context attestation, approved adapter paths, direct egress verification, and admission/rejection semantics. Land the Runtime integration surfaces.
• Own the cross-team work with OpenShell and other runtime owners to land public substrate interfaces APF composes against — runtime-context attestation, approved adapter path declaration, projection acceptance and rejection semantics, quarantine, and stop-session hooks. Land each as a public RFC or PR.
• Drive Architecture Maturity: Define versioning, schema compatibility, latency budgets, availability behavior, fail-closed defaults, last-known-good policy handling, and engineering review artifacts for Product Security, Fleet, Identity, and partner teams.
• Evolve technical specifications. Write specifications, defend bounded claims in security and architecture reviews, drive open-decision resolution, and turn working-draft contracts into engineering artifacts that Product Security, Fleet, Identity, and partner runtimes can adopt.

Benefits

• Competitive salaries
• Generous benefits package
• Equity