Principal Cloud Security Architect

At eBay were more than a global ecommerce leader were changing the way the world shops and sells. Our platform empowers millions of buyers and sellers in more than 190 markets around the world. Were committed to pushing boundaries and leaving our mark as we reinvent the future of ecommerce for enthusiasts.

Our customers are our compass authenticity thrives bold ideas are welcome and everyone can bring their unique selves to work every day. Were in this together sustaining the future of our customers our company and our planet.

Join a team of passionate thinkers innovators and dreamers and help us connect people and build communities to create economic opportunity for all.

About the team and role:

We are seeking an exceptional Principal Security Architect to join eBays Security Engineering leadership team at a critical inflection point. A hands-on Principal Software Development Engineer role developed for a pragmatic systems thinker. This person will architect build and implement security solutions that scale globally across our Kubernetes clusters and Cloud environment.

The role places you as the key technical leader driving our Security transformation. Your directive is to eliminate complexity pioneer simple and scalable solutions and embed security controls directly into eBays extensive infrastructure with near-zero adoption toil.

This is a unique opportunity to join a major enterprise during a high-visibility executive-sponsored transformation. You wont be managing tickets; your role involves engineering the foundational security solutions for one of the worlds largest e-commerce platforms. If you are ready for maximum impact to harness innovative AI for security and to solve an extensive technical challenge we want to hear from you.

Executive Directive and Impact

This Principal Architect role reports directly to the Vice President of Global Engineering. This structure is intentionally composed to grant you the vital transparency authority and executive support to cut through bureaucracy secure rapid consensus from peer organizations and ensure your architectural vision is realized. Your work will directly translate into the important measures reviewed at the executive level.

What you will accomplish:

You will be the primary technical authority focused on solving our scalability and technical debt crises by driving simple engineering-centric solutions:

Cloud-Native Architecture & Engineering (Hands-On Implementation)

• Control Plane Engineering: Design build and maintain highly reliable control-plane services that orchestrate network policy and segmentation across thousands of Kubernetes clusters.

• Identity and Data Protection: Architect and implement scalable low-toil solutions for key security primitives including Tokenization Identity and Access Management (IDM/IAM) and Privileged Access Management (PAM) systems ensuring these solutions integrate frictionlessly into developer workflows.

• Unification and Standardization: Architect solutions to unify disparate security systems (e.g. policy engines data stores) into a single cohesive security enforcement pipeline using modern techniques like eBPF and standardized policy engines.

• Networking and CNI Integration: Drive integration at scale with SDN/CNI layers (Istio/Envoy/Calico/Cilium) and Linux networking fundamentals (iptables/nftables BGP).

• Low Adoption Toil: Ensure all delivered solutions are production-ready highly observable and built for easy adoption minimizing the manual burden on our development teams.

AI/ML Scale and Reliability

• Lead the strategic adoption of AI/ML methods as a superpower for scale and speed. Target automation for configuration and policy enforcement fan-out across distributed systems.

• System Reliability: Define rollout quality strategies config management and schema migrations. You will drive systemic improvements through blameless postmortems.

Leadership and Cross-Organizational Adoption

• Mentorship and Multiplier: Coach senior and junior engineers on systems design reliable operations and testing practices. You will influence standard methodologies across SRE Security and Cloud teams.

• Secure Adoption Enthusiast: Work directly with peer organizations to drive adoption of your reference implementations. Your success is measured by the number of teams voluntarily adopting your solutions.

What you will bring:

• 8 years in backend/systems engineering; building distributed services and controllers.

• Kubernetes Fundamentals: Hands-on experience building controllers/Operators/CRDs.

• Identity Architecture: Proven understanding of enterprise-level IDM/IAM systems (e.g. federated identity role-based access control provisioning) and PAM solutions.

• Tokenization or Encryption-as-a-Service solutions at scale.

• Linux & Networking Mastery: Solid grasp of TCP/IP Linux and container networking.

• Operational Excellence: Experience running and maintaining high-scale services in public/private cloud environments.

Highly Desired Expertise:

• Deep SDN/CNI expertise (Cilium Calico Istio) and experience with Envoy filter development.

• Familiarity with eBPF for network observability or security policy enforcement.

• Experience with security policy engines (OPA/Gatekeeper).

• Exposure to event pipelines (Kafka PubSub) for high-volume controller communication.

#LI-BB1

The applicable base pay range for this position is dependent on work location. The base pay range inthe San Francisco Bay Area New York City Metro and Seattle Metro is expected in the range below:

The base pay range for all other U.S. work locations is expected in the range below:

Base pay offered may vary depending on multiple individualized factors including location skills and experience. The total compensation package for this position may also include other elements including a target bonus and restricted stock units (as applicable) in addition to a full range of medical financial and/or other benefits (including 401(k) eligibility and various paid time off benefits such as PTO and parental leave). Details of participation in these benefit plans will be provided if an employee receives an offer of employment.

If hired employees will be in an at-will position and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time including for reasons related to individual performance Company or individual department/team performance and market factors.

Please see the Talent Privacy Noticefor information regarding how eBay handles your personal data collected when you use the eBay Careers website or apply for a job with eBay.

eBay is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion national origin sex sexual orientation gender identity veteran status and disability or other legally protected you have a need that requires accommodation please contact us at. We will make every effort to respond to your request for accommodation as soon as possible. View our accessibility statement to learn more about eBays commitment to ensuring digital accessibility for people with disabilities. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

The eBay Jobs website uses cookies to enhance your experience. By continuing to browse the site you agree to our use of cookies. Visit our Privacy Center for more information.