Original listing text, shown exactly as published by the company.
Responsibilities
- Design, build, and operate Go services powering authentication, authorization, token handling, and identity lifecycle across Docker
- Extend OIDC, SSO, SAML, and SCIM integrations, and evolve our authorization model (including ReBAC) as permissions scale across products and tenants
- Improve observability, performance, and security posture of identity services on the hot path of every authenticated request, and strengthen audit logging
- Design for multi-region operation, graceful degradation, and safe rollout of changes to critical auth flows
- Lead projects end-to-end, contribute to technical design and long-term direction of the IAM platform, and mentor teammates in identity and security domains
- Partner with Product, Security, and engineering teams that depend on IAM primitives to ensure our APIs are clear, safe, and easy to adopt
- This role may require participation in an on-call rotation to provide support outside of standard business hours, including evenings, weekends, and holidays, as needed.
What You'll Work OnBeyond steady-state ownership of our identity services, you’ll help shape the next phase of Docker’s IAM platform, including evolving our authorization model for fine-grained, cross-product access, expanding support for enterprise identity integrations, and improving the reliability and observability of systems on the critical request path.
Qualifications
- 6+ years of backend software engineering experience building and operating production services
- Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience
- Strong proficiency in Go, including building and operating services in production
- Solid working knowledge of PostgreSQL - schema design, query performance, migrations, and operating Postgres under real load
- Experience with gRPC and event-driven systems using Kafka (or comparable)
- Experience operating on AWS
- Strong understanding of core identity and security concepts: OAuth2, OIDC, SAML, JWT, token lifecycle, and session management
- Experience with authorization models, including RBAC and ReBAC-style approaches
- Track record of designing and operating distributed systems where reliability, security, and correctness are first-class concerns
- Willingness and ability to participate in an on-call rotation for services on the critical request path
- Excellent written and verbal communication skills in a remote, async-first environment
Nice to Have
- Production experience with SCIM provisioning and enterprise SSO integrations
- Hands-on experience with Auth0 or similar identity platforms
- Experience building or operating multi-region services and understanding the tradeoffs involved
- Exposure to compliance frameworks relevant to identity (SOC 2, ISO 27001, GDPR)
- Experience with audit logging at scale, or with building identity primitives for machine / workload identities
What to Expect First 30 Days
- Get to know the team, our services, and the identity domain at Docker
- Pair with engineers across the IAM stack and ship your first changes to production
- Get comfortable with our Go services, Postgres schemas, CI/CD, and on-call practices
First 90 Days
- Own a meaningful component or workstream end-to-end
- Contribute to technical design discussions on auth, tokens, or enterprise identity
- Build strong working relationships with Product, Security, and partner engineering teams
- Begin participating in the on-call rotation with support from the team
First Year
- Be a trusted technical leader within IAM, owning a functional area of the platform
- Lead delivery of significant identity initiatives and shape the direction of the IAM roadmap
- Improve reliability, security, and developer experience of the identity primitives other Docker teams depend on
- Mentor teammates and raise the bar on engineering practices across the team
Docker considers visa sponsorship on a case-by-case basis based on business needs.
