Principal Privacy Engineer

Company Overview

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/.

Role Overview

We are seeking a Principal Privacy Engineer with deep expertise in Digital Identity to design and implement privacy-centric solutions across our digital platform - including facilitating data retention, anonymization, and conducting Privacy threshold and impact assessments, as well as providing technical product and engineering consultation. This role requires strong technical knowledge of identity protocols, privacy-enhancing technologies, and regulatory frameworks. You will help ensure that identity systems are aligned with global privacy laws and the NIST Digital Identity Guidelines (SP 800-63), emphasizing secure and privacy-respecting authentication, identity proofing, and federation.

This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance.

Key Responsibilities

• Design and implement privacy-preserving identity solutions including federated identity, decentralized identifiers (DIDs), and verifiable credentials.
• Integrate privacy-by-design into authentication, authorization, and identity federation workflows (e.g., OAuth2, OpenID Connect, SAML).
• Assist with conducting privacy impact assessments (PIAs) specifically related to identity and access management systems.
• Evaluate and deploy privacy-enhancing technologies (PETs) such as zero-knowledge proofs (ZKPs), secure multi-party computation (SMPC), and anonymization, pseudonymization, and data minimization methods.
• Develop and enforce technical standards for identity data minimization, encryption, pseudonymization, and secure storage.
• Collaborate with IAM and security engineering teams to enhance identity governance with strong privacy controls.
• Review architecture and code for identity systems to ensure compliance with privacy regulations (GDPR, CCPA, eIDAS, etc.).
• Monitor and assess threats to identity-related data and respond to incidents involving identity data exposure.
• Assist in managing privacy risk assessments and reviews for identity systems, including digital onboarding, credential issuance, and account recovery flows.
• Collaborate with security, IAM, DevOps, and compliance teams to build identity solutions that enforce Privacy-by-Design principles.
• Review identity system architecture and source code to ensure privacy and data protection controls are correctly implemented.
• Contribute to tooling for secure and automated DSAR (data subject access request) identity verification and privacy dashboards.
• Participate in incident response planning and investigations for identity-related security or privacy events.
• Map and enforce privacy principles (ISO/IEC 29100) including consent, purpose limitation, data minimization, and transparency in digital identity systems.
• Develop identity data lifecycle controls covering collection, processing, retention, and deletion per ISO/IEC and GDPR guidelines.
• Develop and implement solutions to ensure privacy policies are correctly implemented. The implementations should advance compliance with legal forms of data use as well as support business use of data.

Basic Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, Engineering, or related technical field.
• 4+ years of technical experience in privacy engineering, IAM, or cybersecurity with a focus on digital identity.
• 1-2 years - Deep familiarity with NIST SP 800-63, including IAL, AAL, and FAL requirements.
• 4+ years of experience with identity protocols (OAuth2, OpenID Connect, SAML, SCIM), authentication systems, and modern IAM platforms.
• 4+ years of strong programming/scripting skills (e.g., Python, Go, Java, Node.js).
• 4+ years resulting in proficiency in identity and data protection standards (e.g., FIDO2, TLS, JWT, PKI, encryption at rest and in transit).

Preferred Qualifications

• Experience with cloud-based identity (AWS IAM, Azure AD, Okta, Google Identity Platform).
• Familiarity with decentralized identity technologies (e.g., Hyperledger Aries/Indy, Sovrin, Entra Verified ID).
• Certifications: CIPT, CIPP, CISSP, GIAC GLEG, or other privacy/security credentials.
• Understanding of privacy threat modeling techniques such as LINDDUN.

Key Competencies

• Deep understanding of privacy risks, mitigations, and best practices in identity systems.
• Strong ability to communicate complex identity/privacy concepts to technical and non-technical stakeholders.
• Ability to balance usability, security, and privacy in digital identity architectures.
• Passionate about user autonomy, data minimization, and ethical identity practices.

Key skills/competency

• Digital Identity
• Privacy Engineering
• NIST SP 800-63
• OAuth2 & OpenID Connect
• SAML
• Privacy-by-Design
• Data Minimization
• Privacy Enhancing Technologies (PETs)
• GDPR & CCPA
• Incident Response