Senior Engineer - Auth

Datum’s mission is to help 1k clouds thrive in the AI era by unlocking internet superpowers for every builder. We’re working in the open to bring the foundational capabilities that all the big guys use (private networking, peering, direct interconnection, etc) into the hands of builders and modern “alt clouds” — no network team required. One of Datum’s core values is to be connectors: of applications, services, networks, and people. As such, this role (just like all roles at Datum) will work directly with users, customers, partners, and the broader community. Another key value is to be open by default, from how we license our code (AGPLv3) to how we communicate, engage with, and document our work. We believe this engenders trust from our customers and community, but also because open is the best way to build. It's more secure, more operable, and even more enjoyable. Still interested? Read on! The Role We're seeking a senior/principal/staff level engineer focused on securely connecting 1k clouds together. Practically speaking, it means someone who wakes up every day thinking about federated authentication and authorization. Whether that's OAuth, SPIFFE, Authzed, Zitadel, k8s RBAC, or everything in between, the right candidate for this role can likely rattle off a few RFCs and has been dreaming of working on a system like this already. You'll work extensively with distributed systems, vendor APIs, networking protocols, software-defined networking, and cloud-native infrastructure while solving complex orchestration challenges across multiple cloud providers and edge locations. This role combines a passion for security, open-source development, and building systems that other engineers love to use. If you're intrigued by what 1 billion networks would look like, talk to us!

What You'll Do

Control Plane Infrastructure & Architecture Design, implement, and run Datum's core authentication and authorization stack Build customer-facing solutions to help our alt-cloud ecosystem thrive Scale the management, monitoring, and metering of every actor in our system, human or not Partner with leadership to advance projects with key customers, partners, and suppliers Distributed Systems & Performance Design distributed solutions that scale from startup to hyperscale usage patterns Implement intelligent traffic routing, load balancing, and failover Build observability, monitoring, and diagnostic tools for complex environments Optimize control plane performance for AI workloads and high-bandwidth applications with our network team Open Source Leadership Drive technical networking decisions in collaboration with our open-source community Review and mentor contributions from external developers on networking components Maintain high code quality standards and documentation for network APIs Represent Datum at conferences and in technical working groups Cloud-Native & AI Integration Design networking solutions that integrate seamlessly with Kubernetes and AI patterns Build network policies and security frameworks for multi-tenant cloud environments Implement service mesh integration and east-west traffic optimization Ensure compatibility with major cloud provider networking services (AWS, GCP, Azure) About You Authentication & Authorization Strong working knowledge of OAuth in complex production environments with multiple IdPs, including social and commercial (AWS IAM, Azure Entra, GCP, Auth0, Okta, etc.) Strong working knowledge of authorization (ABAC, RBAC, PBAC) and its ecosystem (Zanzibar, SpiceDB, OpenFGA, Cedar) Experience with Workload Identity Federation and/or SPIFFE and opinions about where the puck is going Distributed Systems & Infrastructure 5+ years of running large-scale production systems on Kubernetes or similar, with security as a first principle Strong experience with distributed systems design, security, auth, consensus algorithms, async reconciliation, and fault tolerance Enough familiarity with Kubernetes patterns and APIs that you can speak custom resources and admission controllers Strong experience with infrastructure as code (Flux, Terraform, Pulumi) for provisioning Familiarity with SRv6, edge computing, or modern network routing would be a huge plus Open Source & Leadership Track record of contributing to or maintaining networking-focused open-source projects Experience mentoring engineers and driving technical decision-making in teams Understanding of open-source governance, community building, and public development Passion for building networking tools that other developers and operators love to use Technology Stack Languages: Go, Rust Data: PostgreSQL, GraphQL, Elasticsearch, Meilisearch Infrastructure: Kubernetes, Flux, Pulumi, Zitadel Cloud Platforms: Cloudflare, AWS, GCP, Azure, multi-cloud networking Monitoring: Prometheus, Grafana, OpenTelemetry, network flow analysis Development: GitHub, CI/CD, automated testing, network simulation Open Source Commitment This role involves significant public development work. You'll be: Contributing to Datum's public networking repositories with transparent development Engaging with the community through GitHub issues, RFCs, and technical discussions Speaking at networking conferences and writing technical blog posts Collaborating with external contributors, cloud providers, and other partners Maintaining high standards for code quality, performance, and documentation What Success Looks Like Adoption and growth for Datum in the cloud-native and AI infrastructure communities High-performance, reliable network connectivity across diverse cloud environments Strong developer experience as evidenced by community contributions and feedback Technical leadership recognized within the networking and distributed infra ecosystem Scalable network architecture supporting the next generation of AI hyperscalers We believe in openness, clarity, and collaboration. To learn more about how Datum aims to operate, please review our public handbook.