Principal Software Engineer (Security Engineering)
Summary / Objective Identity Digital Innovation Labs (IDIL) is building DNSid, the foundational identity layer for the agentic internet, enabling AI agents to establish verifiable, DNS-anchored identities. This principal-level software engineering role will build the platform, SDKs, and tooling that make DNSid real, while bringing deep, hands-on security expertise to every layer of the product and engineering organization. Security is not a feature of DNSid; it is the product, and this engineer will write and review production code, shape the cryptographic core, define the standards the team builds against, and own the security posture of the IDIL engineering org. This role reports to the VP, Engineering & Technical Architect.
What You'll Do
- Own the security architecture and threat model for the DNSid platform, SDKs, and supporting infrastructure (STRIDE analysis, attack surface review, trust boundaries)
- Design and review the cryptographic core: signing, verification, key management, rotation, and revocation
- Build and maintain the DNSid SDKs (TypeScript, Go, and Python) with security-first design and safe defaults
- Define and enforce supply-chain security practices for the codebase and dependencies
- Conduct security reviews of new features, integrations, and partner-facing implementations
- Partner with the standards effort (IETF draft) so the security properties are sound and keep the implementation honest
- Establish secure-by-default patterns for how third parties integrate DNSid (auth schemes, scope validation, token handling)
- Own the security posture of the entire IDIL engineering org: secure deployment patterns, secrets management, audit readiness (SOC 2), and incident response
- Actively models and promotes Identity Digital's core values through day-to-day interactions, behaviors, and decision-making
- Other duties as assigned
Who You Are / What You Bring
Required Qualifications
- 10+ years of hands-on software engineering, building and shipping production systems
- Bachelor's degree in a relevant field or equivalent experience
- Fluency in TypeScript and at least one of Go or Python; depth across the stack from SDK to infrastructure
- Proven experience building and shipping production SDKs or security-critical libraries
- Track record as a principal or lead engineer, setting technical direction while staying hands-on
- Deep, non-negotiable security expertise: cryptographic primitives and protocols (Ed25519, JWT/JWKS, OAuth2/OIDC, PKI, TLS, signature schemes), threat modeling (STRIDE or equivalent), and translating threat models into concrete engineering work
- Strong understanding of DNS and DNS security (DNSSEC, TXT records, resolution) and how DNS records can anchor cryptographic identity
- Working familiarity with the agentic AI ecosystem (agent identity, MCP, A2A patterns)
- Minimal travel expected; occasional on-sites as needed
- Ability to work across time zones as part of a global organization as needed
Preferred Qualifications
- Experience contributing to or reviewing IETF/security standards drafts
- Background in identity protocols (WebAuthn, DID, Verifiable Credentials)
- Knowledge of supply-chain security risks and mitigations
Physical Requirements
- Prolonged periods of sitting at a desk and working on a computer
- Must be able to lift up to 15 pounds at times
Location: Remote This position is open to candidates residing in the following states only: AZ, CA, CO, DE, MD, MA, MO, NJ, NV, NY, NC, OR, OK, PA, SC, TX, UT, VA, and WA. Salary Range The U.S. base salary range for this full-time position is $210,000 - $275,000 (flexibility based on experience) plus benefits as described below. In addition, the successful candidate will be eligible to receive other compensation from time to time in the form of discretionary and/or nondiscretionary bonuses and long-term incentive plan. Actual compensation will be influenced by a candidate's qualifications, internal employee equity considerations, and location. We will not ask for information about a candidate's current or past compensation for purposes of developing an offer of employment. US team members (and their spouses, domestic partners, and/or dependent children) are covered by generously subsidized medical, dental, and vision insurance which includes company contributions to a Health Savings Accounts. Team members are also covered by company-paid life and disability insurance and have the option of participating in employee-paid supplemental life, accidental death and dismemberment, critical illness, and accident insurance. In addition, team members can enroll in the company's 401(k) plan with up to a 5% match. You receive 15 days of paid vacation yearly, increasing to 20 days after one year. Additionally, you get 5 days of paid sick leave, 13 paid holidays, and 20 weeks of paid parental leave for birthing parents, 12 weeks for others. Also, there's an opportunity for tuition reimbursement for qualifying expenses. Note: Benefits programs are subject to eligibility requirements and may vary in certain locations. A few things to know about us Identity Digital is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, veteran status, marital status, sexual orientation, gender identity, disability or any other category prohibited by local, state or federal law. This policy applies to all aspects of employment, including recruitment, placement, promotion, transfer, demotion, compensation, benefits, social and recreational activities, and termination. Background Check Statement At the time of an offer, you will be required to complete a background check. Any offer is contingent upon a satisfactory background check. Sponsorship Statement Please note that work sponsorship for this position may not be available now or in the future. While we strive to support our candidates, not all roles will qualify. Eligibility will be reviewed on a case-by-case basis. Accommodation Statement We are committed to the full inclusion of all qualified individuals. As part of this commitment, Identity Digital will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, please contact our Recruiting Team at [email protected]. Apply tot his job Apply To this Job