Senior Software Engineer, IAM
Docker has been one of the most loved brands in developer tooling, trusted by more than 20 million monthly users and over 20 billion container image pulls. From solo founders to the world's largest companies, developers rely on Docker to build, share, and run their applications across our suite of products including Docker Desktop, Docker Hub, and Docker Scout.
We are a globally distributed, remote-first team building the tools that define how software gets built and delivered. As AI agents redefine software development, Docker is at the center of that shift, providing the sandboxed environments, verified images, and secure infrastructure that make autonomous workflows trustworthy by default.
We're looking for a Senior Software Engineer to join our IAM team. The IAM team owns Docker’s identity backbone: the systems that determine who a user is, what they can do, and how organizations govern access at scale. Every authenticated request to Docker depends on these services—making their correctness, latency, and security foundational to customer trust.
The team owns authentication and authorization, access tokens, OIDC, SSO, and SCIM, and user and account management systems, along with supporting enterprise services. You'll work on systems used by millions of developers and the world's largest organizations, with the governance controls enterprise customers require.
This is a high-impact role for an engineer who enjoys deep backend work in a space where correctness, latency, and security all matter - and where the design decisions you make today shape how Docker scales identity for years to come.
Responsibilities
Design, build, and operate Go services powering authentication, authorization, token handling, and identity lifecycle across Docker
Extend OIDC, SSO, SAML, and SCIM integrations, and evolve our authorization model (including ReBAC) as permissions scale across products and tenants
Improve observability, performance, and security posture of identity services on the hot path of every authenticated request, and strengthen audit logging
Design for multi-region operation, graceful degradation, and safe rollout of changes to critical auth flows
Lead projects end-to-end, contribute to technical design and long-term direction of the IAM platform, and mentor teammates in identity and security domains
Partner with Product, Security, and engineering teams that depend on IAM primitives to ensure our APIs are clear, safe, and easy to adopt
Take part in the paid on-call rotation for the team; respond to incidents, debug production issues, and drive continuous improvement of system reliability
What You'll Work On
Beyond steady-state ownership of our identity services, you’ll help shape the next phase of Docker’s IAM platform, including evolving our authorization model for fine-grained, cross-product access, expanding support for enterprise identity integrations, and improving the reliability and observability of systems on the critical request path.
Qualifications
6+ years of backend software engineering experience building and operating production services
Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience
Strong proficiency in Go, including building and operating services in production
Solid working knowledge of PostgreSQL - schema design, query performance, migrations, and operating Postgres under real load
Experience with gRPC and event-driven systems using Kafka (or comparable)
Experience operating on AWS
Strong understanding of core identity and security concepts: OAuth2, OIDC, SAML, JWT, token lifecycle, and session management
Experience with authorization models, including RBAC and ReBAC-style approaches
Track record of designing and operating distributed systems where reliability, security, and correctness are first-class concerns
Willingness and ability to participate in an on-call rotation for services on the critical request path
Excellent written and verbal communication skills in a remote, async-first environment
Nice to Have
Production experience with SCIM provisioning and enterprise SSO integrations
Hands-on experience with Auth0 or similar identity platforms
Experience building or operating multi-region services and understanding the tradeoffs involved
Exposure to compliance frameworks relevant to identity (SOC 2, ISO 27001, GDPR)
Experience with audit logging at scale, or with building identity primitives for machine / workload identities
What to Expect
First 30 Days
Get to know the team, our services, and the identity domain at Docker
Pair with engineers across the IAM stack and ship your first changes to production
Get comfortable with our Go services, Postgres schemas, CI/CD, and on-call practices
First 90 Days
Own a meaningful component or workstream end-to-end
Contribute to technical design discussions on auth, tokens, or enterprise identity
Build strong working relationships with Product, Security, and partner engineering teams
Begin participating in the on-call rotation with support from the team
First Year
Be a trusted technical leader within IAM, owning a functional area of the platform
Lead delivery of significant identity initiatives and shape the direction of the IAM roadmap
Improve reliability, security, and developer experience of the identity primitives other Docker teams depend on
Mentor teammates and raise the bar on engineering practices across the team
Docker considers sponsorship on a case-by-case basis based on business needs.
We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 13, 2024.
Please see the independent bias audit report covering our use of Covey here.
Perks
Freedom & flexibility; fit your work around your life
Designated quarterly Whaleness Days plus end of year Whaleness break
Home office setup; we want you comfortable while you work
16 weeks of paid Parental leave
Technology stipend equivalent to $100 net/month
PTO plan that encourages you to take time to do the things you enjoy
Training stipend for conferences, courses and classes
Equity; we are a growing start-up and want all employees to have a share in the success of the company
Docker Swag
Medical benefits, retirement and holidays vary by country
Remote-first culture, with offices in Seattle and Paris
Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.
#LI-REMOTE