Software Development Architect

GoDaddy•Canada, BC

19h•Remote

About The Position

At GoDaddy, our mission is to radically shift the global economy toward small businesses by empowering people to easily start, confidently grow, and successfully run their own ventures. We are dedicated to giving our customers the tools, insights, and the people to transform their ideas and personal initiative into success. The CAPE team (part of Global Platform Engineering) owns GoDaddy's internal developer platform at the infrastructure layer — the foundation that every engineering team builds on. We build and operate the Golden Images system. It includes hardened, patched, and security-scanned container images and AMIs. These are distributed to all GoDaddy AWS accounts across 12 regions. We also manage CertAPI, GoDaddy's centralized certificate lifecycle service. CertAPI automates TLS/mTLS issuance, renewal, and governance for thousands of internal services. Every engineer at GoDaddy depends on what we build — our work directly resolves whether their services are secure, compliant, and able to ship. We write the specifications, documentation, and reference implementations for these foundational systems, and we own the automated pipelines and cloud infrastructure that keep them running at scale. We're looking for a Software Development Architect who loves to dive into technology and pull it all apart to see how it works, then put it back together again better than it was before. We treasure curiosity, communication, a bias toward collaboration and action, and the desire to embrace and extend guidelines and patterns. If you're the kind of person who can't see something that isn't right without a compulsion to make it at least just a little bit better before you put it back, we want to talk to you! GoDaddy's Engineering Blog, godaddy.github.io, is a great place to catch up with what our developers are up to!

Requirements

10+ years of software engineering experience, with depth in Python (3.10+) and at least one of Go, TypeScript/Node.js, or Bash for systems and infrastructure automation
Strong command of containerization — building, layering, hardening, and debugging Docker images across multiple architectures (amd64/arm64); familiarity with multi-stage builds, base image governance, and ECR
Hands-on experience with AWS services at production scale: Lambda, ECR, DynamoDB, SQS, EventBridge, IAM, SSM, and Secrets Manager
Proficiency with infrastructure as code — AWS CDK (Python or TypeScript) or CloudFormation/Sceptre — including stateful resource management, multi-region deployments, and least-privilege IAM design
Solid understanding of TLS/PKI fundamentals: certificate types (DV, EV, client vs. server, mTLS), certificate lifecycle management, CA trust chains, and key storage
Demonstrated experience building and maintaining CI/CD pipelines with GitHub Actions or equivalent, including automated testing, security scanning, and controlled promotion across environments
Strong observability instincts: structured JSON logging, CloudWatch alarms, and data-driven dashboards for platform health and adoption metrics

Nice To Haves

Bachelor of Science in Computer Science, Computer Engineering, Information Systems, or Math
Experience operating or migrating to a private certificate authority — issuance policy, trust distribution, and multi-platform CA bundle management
Background in container security: SBOM generation, CVE lifecycle management, image scanning tools (AWS Inspector, Prisma Cloud, or equivalent), and remediation SLA programs
Familiarity with supply-chain security concepts: provenance, signing, SLSA frameworks, or similar
Kubernetes experience is a plus; experience with multi-account, multi-region AWS organization management is particularly valuable

Responsibilities

Design, implement, and maintain the automated pipelines that build, harden, scan, and distribute container images (GCIs, GCRIs) and machine images (GAMIs) to 12 AWS regions on a continuous basis
Own certificate lifecycle infrastructure — issuance, renewal, revocation, and policy enforcement — for thousands of internal TLS/mTLS endpoints across GoDaddy
Drive security posture improvements: CVE triage, remediation SLA enforcement, SBOM generation, and supply-chain hardening for GoDaddy's foundational compute images
Architect and operate event-driven, serverless AWS infrastructure (Lambda, SQS, EventBridge, DynamoDB, ECR) powering the image build and certificate management systems
Collaborate multi-functionally with Product Security, platform teams, and hundreds of consuming engineering teams to define standards, document systems, and communicate operational impacts of platform changes
Identify and eliminate toil through automation — build-trigger intelligence, upstream change detection, certificate expiry monitoring, and usage analytics
Mentor engineers across the org on secure-by-default patterns, container image guidelines, and PKI fundamentals
Define and socialize the architectural direction for next-generation platform capabilities, from private CA adoption to runtime image governance

Benefits

competitive pay
generous time off
parental leave
healthcare
retirement savings program
health, dental, and vision insurance
life insurance
critical illness
AD&D
health care spending account
employee assistance program
paid sick time
paid personal time
paid parental leave
remote work options
paid holidays
paid Wellness days
employee stock purchase plan
discretionary cash bonus scheme that pays 20% of base salary based on individual and company performance
equity plan