Principal Platform Engineer

What You’ll Do

• Own the architectural shape of the platform — VPC, managed PostgreSQL, serverless compute, object storage, observability, CI/CD, defined as code.
• Own the security and compliance shape so federal identity standards (SSO, smart-card, federated identity) plug in cleanly when the platform moves into restricted environments: encryption at rest and in transit, audit logging, identity abstraction, tenant isolation, data residency primitives.
• Own architectural portability so deployment in regulated or restricted environments is straightforward when the time comes.
• Own internal developer experience — logs, traces, deploy speed, the local dev loop.
• Be on call for systems you designed; own the postmortem when things break.
• Translate regulatory pressure (FedRAMP, HIPAA, SOC 2, ITAR, or comparable control catalogs) into concrete infrastructure decisions.
• Partner with downstream deployment teams on the handoff into restricted environments.

What We’re Looking For

• Bachelor’s degree in Computer Science, Engineering, or a related field, plus 10 years of professional infrastructure or platform engineering experience; equivalent experience may substitute for the degree requirement.
• Has been on call for production systems they personally designed and can talk in detail about an outage they caused, an audit they sat through, or an identity bug they debugged past 4am.
• Ability to work in a fast-paced, collaborative environment.
• Decade-plus on production cloud platforms; years of experience matter for this role specifically.
• Hands-on AWS depth; strong infrastructure-as-code (CDK or Terraform).
• Identity and access design — SAML/OIDC, federated identity, identity abstraction patterns.
• Has worked under regulatory pressure (FedRAMP, HIPAA, SOC 2, ITAR, or similar) and can read a control catalog and translate it into infrastructure decisions, even without having driven a full accreditation.
• Designs for portability — environments other than the one personally operated in.
• Heavy native use of AI tooling: agents in parallel, model as collaborator.
• Strong observability discipline — logs, traces, deploy speed, the local dev loop.
• Demonstrated experience in a remote work environment.

Nice to Have

• GovCloud, FedRAMP, or restricted-environment deployment experience.
• Multi-tenant SaaS architecture.
• Sovereign cloud, on-prem, or air-gapped deployments.
• Accreditation experience — having driven or contributed to a federal authorization.
• HIPAA/HITECH operational experience.
• Open-source contributions in the platform, infrastructure-as-code, or identity space.

What’s in it for you?

• The opportunity to work on a small, senior engineering team applying frontier AI to a legacy system with executive backing and real users.