Principal Engineer, Security Products (Cybersecurity)

TL;DR

Principal Engineer, Security Products (Cybersecurity/Go/Rust): Building identity, encryption, and self-managed security integrations to protect AI workloads across a cloud platform with an accent on key lifecycle management and encryption control planes. Focus on designing deep integrations between cloud platforms and external key sources (KMS, HSMs) to enable highly regulated and security-sensitive AI deployments.

Location: Hybrid in New York, NY. Remote work may be considered for candidates located more than 30 miles from an office. Must be a U.S. person (citizen, lawful permanent resident, refugee, or asylee) to comply with U.S. Government export regulations.

Salary: $206,000 – $303,000

Company

hirify.global is a specialized cloud platform designed to accelerate the deployment and scaling of AI workloads for leading labs and enterprises.

What you will do

• Lead the technical design and evolution of encryption and key lifecycle management products.
• Develop encryption and cryptography technology for cloud platform services serving highly regulated customers.
• Build deep integrations between the platform and external key sources such as HashiCorp Vault, AWS KMS, and HSMs.
• Collaborate with IAM teams to define unified authorization patterns and policy models for key management APIs.
• Establish SLIs/SLOs for Remote Key Encryption (RKE) regarding availability, latency, and durability.
• Author detailed technical designs and RFCs while mentoring other engineers on the team.

Requirements

• Must be a U.S. person (Citizen, Green Card holder, etc.) due to export control compliance.
• 8+ years of experience building and operating distributed backend systems in production.
• Deep expertise in encryption at rest, envelope encryption patterns, and secure key lifecycle management.
• Hands-on experience with major KMS or secrets managers (e.g., AWS KMS, HashiCorp Vault, GCP KMS, HSMs).
• Strong proficiency in Go (preferred) or Rust within Linux and Kubernetes environments.
• Solid understanding of applied cryptography (AES-GCM/CTR, KDFs, randomness) and threat modeling.

Nice to have

• Experience implementing BYOK/BYOKMS or customer-managed keys for cloud storage.
• Knowledge of hardware-backed key management (HSMs) and compliance regimes (FIPS 140-2/3, PCI, HIPAA, FedRAMP).
• Familiarity with IAM policy models such as RBAC, ABAC, OpenFGA, or OPA/Rego.
• Contributions to open-source cryptography or security tooling.
• Previous experience with US/NATO federal cryptographic security.

Culture & Benefits

• 100% company-paid medical, dental, and vision insurance.
• 401(k) with a generous employer match and Employee Stock Purchase Program (ESPP).
• Flexible PTO and a casual, innovative work environment.
• Comprehensive support: Paid parental leave, family-forming support via Carrot, and childcare support via Kinside.
• Daily catered lunch in office and data center locations.
• Mental wellness benefits through Spring Health and tuition reimbursement.