Principal Engineer — PAM Platform
Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. We bring together Identity Governance (IGA), granular application access, cloud security, and Privileged Access Management (PAM) to secure the entire business ecosystem with a frictionless user experience. The world’s largest brands — including federal agencies and Fortune 500 financial institutions — trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet continuous compliance.
This role is on the PAM Platform team, building the next generation of PAM infrastructure that runs across multi-tenant SaaS, customer-managed deployments, and federal GovCloud environments. We are a distributed, AI-first R&D organization, and we are actively rolling out an AI-Driven Development Lifecycle (AiDLC) as our SDLC of record.
Drive technical strategy and architecture across PAM platform components, including federal-compliant deployment topologies
Partner with Product and Engineering Management on requirements analysis, roadmap planning, and technical decision-making
Lead end-to-end design and delivery of new services from greenfield through production hardening
Operate within and help shape our AiDLC workflow: living specs, AI-generated implementations, property-based and integration testing as blocking gates, and audit-tracked human approvals
Author and maintain the engineering contracts (CLAUDE.md, prompt libraries, agent skills, code standards) that govern how AI-driven development happens on the platform
Conduct deep code reviews on critical and security-sensitive changes — including AI-generated code
Mentor senior, staff, and associate principal engineers; raise the technical bar across the team
Debug, optimize, and refactor existing services as we evolve toward multi-tenant, multi-cloud, federal-
ready
Serve as a technical expert for internal teams and, when needed, customer-facing escalations
Experience
10+ years of software engineering experience with demonstrated ownership of complex system design, implementation, and technical decision-making
Track record of taking systems from design through production at scale, including multi-tenant SaaS
Security & Compliance
Hands-on experience building security-focused systems — Privileged Access Management, Identity Governance, Authentication, Secrets Management, or adjacent domains
Required knowledge of FedRAMP, FIPS 140-3, and GovCloud (AWS GovCloud or Azure Government) — what they constrain, why, and how to design within them
Working knowledge of modern cryptography in practice: TLS/mTLS, KMS-backed key hierarchies, envelope encryption, HSM/key vault integration
Languages & Programming
Go strongly preferred as the platform’s primary language; deep proficiency in at least one systems/services language (Go, Rust, C++, Java, or similar) is required
Polyglot capability — you can read, reason about, and contribute across multiple languages, and you can defend language-choice decisions on technical merit
Frontend literacy in TypeScript/React is a plus
Architecture & Infrastructure
Solid hands-on Kubernetes experience — EKS or equivalent, Helm, manifests, operators, day-2 operations. Not “I used kubectl apply once.”
Cloud platform proficiency on AWS or Azure; multi-cloud experience is a plus
Microservices and API design: REST, gRPC/Protobuf, and the trade-offs between them
Experience with event-driven architectures (message buses, async workflows) — you know when to reach for them and when not to
Workflow orchestration experience (Temporal or similar) is a plus
Relational database design at scale — PostgreSQL preferred; schema-per-tenant or comparable isolation patterns a plus
Engineering Practice
Strong testing discipline: unit, integration, end-to-end, and property-based testing
Infrastructure as Code: Terraform, Helm; GitOps (ArgoCD) a plus
CI/CD pipeline design and ownership — GitLab, GitHub Actions, Jenkins, CloudBees, or equivalent
Observability: OpenTelemetry, structured logging, metrics, tracing
Containerization: Docker multi-stage builds, distroless/minimal runtimes
AI-Driven Development
Active, deliberate use of AI coding tools (Claude Code, Cursor, Copilot, or comparable) as part of your daily workflow — beyond autocomplete
Comfort working in a spec-driven, agent-assisted development model with mandatory verification gates; AiDLC will be our SDLC, and we expect candidates to embrace and help refine it
Critical-review instincts: you don’t ship AI-generated code without reading it, testing it, and understanding it
Leadership
Demonstrated experience mentoring engineers and leading technical initiatives across distributed teams
Strong written and verbal communication — you can write a clear design doc, a clear PR description, and a clear engineering contract for an AI agent
Comfortable operating in a globally distributed organization (US + India)
Bachelor’s or Master’s degree in Computer Science, a related technical discipline, or equivalent professional experience
Excellent facilitation and consensus-building skills across engineering, product, and security stakeholders
Demonstrated initiative and ability to prioritize independently in a fast-moving environment
We offer you a competitive total rewards package, learning and tremendous opportunities to grow and advance in your career. At Saviynt, it is not typical for an individual to be hired at or near the top of the range for their role and final compensation decisions are dependent on many factors including, but are not limited to location; skill sets; experience and training; licensure and certifications; and other relevant business and organizational needs. A reasonable estimate of the current range is $160,000 - $250,000 annually.
You may also be eligible to participate in a Saviynt discretionary bonus plan, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
If required for this role, you will:
Complete security & privacy literacy and awareness training during onboarding and annually thereafter
Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):
> Data Classification, Retention & Handling Policy
> Incident Response Policy/Procedures
> Business Continuity/Disaster Recovery Policy/Procedures
> Mobile Device Policy
> Account Management Policy
> Access Control Policy
> Personnel Security Policy
> Privacy Policy
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work that directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
