Senior Engineer – Workload Identity Platform (SPIFFE/SPIRE)

About The Position

Requirements

• Four-year degree in Computer Science, Engineering, or equivalent practical experience.
• 5+ years of software engineering experience designing, developing, and supporting production systems.
• 2+ years of hands-on experience with SPIFFE/SPIRE or equivalent workload identity technologies.
• Strong software development experience in Go.
• Experience building and operating cloud-native applications and services in Kubernetes environments.
• Experience designing and troubleshooting distributed systems and microservice-based architectures.
• Experience implementing workload authentication, identity, and trust solutions for cloud-native platforms.
• Experience developing APIs, integrations, or platform services that operate at scale.
• Strong problem-solving, debugging, and root-cause analysis skills.
• Ability to work across teams and influence technical solutions through collaboration and engineering excellence.
• Workload Identity & SPIFFE/SPIRE: Hands-on experience deploying and operating SPIRE Server and SPIRE Agents.
• Strong understanding of SPIFFE IDs, trust domains, and workload identity concepts.
• Experience implementing and managing X.509 SVIDs and JWT-SVIDs.
• Experience with workload and node attestation mechanisms.
• Familiarity with SPIRE Registration APIs and Workload APIs.
• Experience developing or extending SPIRE integrations.
• Software Engineering: Strong proficiency in Go.
• Experience building APIs, services, and distributed systems in Go.
• Experience developing integrations, plugins, or extensions for cloud-native platforms.
• Experience with Linux environments and troubleshooting.
• Experience with CI/CD automation and deployment pipelines.
• Kubernetes & Cloud-Native Technologies: Kubernetes administration and operations.
• Helm-based deployments and configuration management.
• Containerized application architectures.
• Cloud-native identity and workload security patterns.
• Experience operating services in production Kubernetes environments.

Nice To Haves

• Experience developing custom SPIRE node attestors or workload attestors.
• Experience extending SPIRE through custom plugins or integrations.
• Experience with Istio, Linkerd, or other service mesh technologies.
• Experience with Envoy proxy configuration and integration.
• Experience implementing mTLS for service-to-service authentication.
• Experience with Open Policy Agent (OPA).
• Experience with PKI and certificate lifecycle management.
• Experience with Java and/or Python.
• Experience operating SPIRE in large-scale Kubernetes environments.
• Experience with multi-cluster or multi-cloud workload identity architectures.
• Contributions to SPIFFE, SPIRE, Kubernetes, Envoy, or related open-source communities.

Responsibilities

• Design, implement, and support workload identity solutions using SPIFFE/SPIRE.
• Deploy, configure, and operate SPIRE Server and SPIRE Agent infrastructure.
• Design and manage SPIFFE trust domains and workload identity models.
• Implement and support X.509 SVID and JWT-SVID issuance, validation, rotation, and lifecycle management.
• Develop and maintain workload registration and attestation processes.
• Design and implement integrations between SPIRE, Kubernetes, and enterprise platforms.
• Develop custom SPIRE extensions, plugins, node attestors, or workload attestors.
• Partner with engineering teams to onboard workloads and applications to workload identity services.
• Implement identity-aware authentication and authorization patterns for distributed systems.
• Troubleshoot complex identity, authentication, authorization, and certificate lifecycle issues.
• Contribute to platform automation, observability, reliability, and operational excellence.
• Participate in architecture reviews and technical design discussions.
• Mentor engineers and promote engineering best practices.

Benefits

• Comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more
• 401(k)
• Employee discount
• Short term disability
• Long term disability
• Paid sick leave
• Paid national holidays
• Paid vacation