Principal Software Engineer

At eBay, we're more than a global ecommerce leader - we're changing the way the world shops and sells. Our platform empowers millions of buyers and sellers in more than 190 markets around the world. We're committed to pushing boundaries and leaving our mark as we reinvent the future of ecommerce for enthusiasts.

Our customers are our compass, authenticity thrives, bold ideas are welcome, and everyone can bring their unique selves to work - every day. We're in this together, sustaining the future of our customers, our company, and our planet.

Join a team of passionate thinkers, innovators, and dreamers - and help us connect people and build communities to create economic opportunity for all.

Role Summary

The Principal Engineer in the Identity Domain provides senior technical leadership for identity services across the platform. This role defines and evolves enterprise-wide identity and access management (IAM) capabilities, influencing architecture, engineering standards, and execution across multiple teams.

The Principal Engineer sets technical direction for authentication, authorization, and identity federation, drives adoption of modern identity standards, and ensures identity is implemented as a consistent, secure platform capability.

Key Responsibilities

Technical Leadership

• Act as the senior technical authority for identity services across platforms and teams

• Define and evolve enterprise-wide IAM architecture and engineering standards

• Design and maintain reference implementations for core identity capabilities

• Review and influence system designs and code to ensure security, scalability, and correctness

Authentication, Authorization & Access Management

• Architect and implement OAuth 2.0, OpenID Connect (OIDC), and SAML 2.0 for SSO and federation across hybrid, multi-cloud, and SaaS environments

• Drive adoption of phishing-resistant, passwordless authentication, including FIDO2, WebAuthn, and Passkeys

• Define API authorization patterns using JWT and mTLS for service-to-service communication

• Lead the transition to adaptive, context-aware authorization models (RBAC/ABAC) aligned with Zero Trust principles

Identity Lifecycle & Federation

• Define and implement automated identity lifecycle management using SCIM

• Guide teams on unified and federated identity constructs and cross-domain trust models

• Incorporate global trends in identity and identity verification into platform design and standards

Influence & Mentorship

• Mentor engineers across teams, raising the bar for identity and security engineering

• Provide technical guidance to product and platform partners on identity-related decisions

• Influence roadmaps and priorities through technical leadership and domain expertise

Required Qualifications

• Extensive experience designing and building identity and access management systems

• Strong knowledge of identity protocols and standards (OAuth 2.0, OIDC, SAML, SCIM)

• Experience with federated and unified identity architectures in distributed environments

• Proven ability to influence technical direction across multiple teams and platforms

Preferred Qualifications

• Experience with identity verification, risk-based authentication, or trust signals

• Familiarity with Zero Trust architectures and adaptive access control models

• Experience operating identity platforms at scale in regulated or security-sensitive environments

Impact & Scope (Principal Level Alignment)

• Technical decisions have broad impact across the Identity Domain and adjacent platforms

• Establishes standards and patterns adopted by multiple teams

• Recognized as a principal-level domain expert for identity, authentication, and authorization

Additional Details

The base pay range for this position is expected in the range below:

$240,800 - $321,500

Base pay offered may vary depending on multiple individualized factors, including location, skills, and experience. The total compensation package for this position may also include other elements, including a target bonus and restricted stock units (as applicable) in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as PTO and parental leave). Details of participation in these benefit plans will be provided if an employee receives an offer of employment.

If hired, employees will be in an "at-will position" and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

eBay is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, veteran status, and disability, or other legally protected status. If you have a need that requires accommodation, please contact us at talent@ebay.com. We will make every effort to respond to your request for accommodation as soon as possible. View our accessibility statement to learn more about eBay's commitment to ensuring digital accessibility for people with disabilities. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

We use cookies to enhance your experience and may use AI tools for administrative tasks in the hiring process. To learn how we handle your personal data and use AI responsibly, please visit our Talent Privacy Notice, Privacy Center, and AI Hiring Guidelines.