Principal Privacy Engineer at ID.me

McLean, Virginia, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Technology, Identity Verification, Government, HealthcareIndustries

Requirements

Deep expertise in Digital Identity
Strong technical knowledge of identity protocols, privacy-enhancing technologies, and regulatory frameworks (e.g., GDPR, CCPA, eIDAS, NIST SP 800-63)
Ability to design and implement privacy-centric solutions including data retention, anonymization, Privacy Threshold Assessments (PTAs), and Privacy Impact Assessments (PIAs)
Technical product and engineering consultation skills
Availability for onsite work in Mountain View, CA or McLean, VA

Responsibilities

Design and implement privacy-preserving identity solutions including federated identity, decentralized identifiers (DIDs), and verifiable credentials
Integrate privacy-by-design into authentication, authorization, and identity federation workflows (e.g., OAuth2, OpenID Connect, SAML)
Assist with conducting privacy impact assessments (PIAs) specifically related to identity and access management systems
Evaluate and deploy privacy-enhancing technologies (PETs) such as zero-knowledge proofs (ZKPs), secure multi-party computation (SMPC), anonymization, pseudonymization, and data minimization methods
Develop and enforce technical standards for identity data minimization, encryption, pseudonymization, and secure storage
Collaborate with IAM and security engineering teams to enhance identity governance with strong privacy controls
Review architecture and code for identity systems to ensure compliance with privacy regulations (GDPR, CCPA, eIDAS, etc.)
Monitor and assess threats to identity-related data and respond to incidents involving identity data exposure
Assist in managing privacy risk assessments and reviews for identity systems, including digital onboarding, credential issuance, and account recovery flows
Collaborate with security, IAM, DevOps, and compliance teams to build identity solutions that enforce Privacy-by-Design principles
Review identity system architecture and source code to ensure privacy and data protection controls are correctly implemented
Contribute to tooling for secure and automated DSAR (data subject access request) identity verification and privacy dashboards
Participate in incident response planning and investigations for identity-related security or privacy events
Map and enforce privacy principles (ISO/IEC 29100) including consent, purpose limitation, data minimization, and transparency in digital identity systems
Develop identity data lifecycle controls covering collection, processing, retention, and deletion per ISO/IEC and GDPR guidelines
Develop and implement solutions to ensure privacy policies are correctly implemented

Skills

Key technologies and capabilities for this role

Digital IdentityFederated IdentityDecentralized IdentifiersDIDsData AnonymizationPrivacy Impact AssessmentsPrivacy Threshold AssessmentsIdentity ProtocolsPrivacy-Enhancing TechnologiesNIST SP 800-63AuthenticationIdentity Proofing

Questions & Answers

Common questions about this position

Is this position remote or onsite?

This is an onsite position in one of our hub locations (Mountain View CA or McLean VA).

What is the salary for this Principal Privacy Engineer role?

This information is not specified in the job description.

What key skills are required for this role?

The role requires deep expertise in digital identity, identity protocols, privacy-enhancing technologies like zero-knowledge proofs and secure multi-party computation, and regulatory frameworks including GDPR, CCPA, and NIST SP 800-63.

What does the company culture or mission emphasize?

ID.me is committed to 'No Identity Left Behind' to enable all people to have a secure digital identity, focusing on privacy-centric solutions and compliance with federal standards.

What makes a strong candidate for this Principal Privacy Engineer position?

A strong candidate will have deep expertise in digital identity, experience designing privacy-preserving solutions like federated identity and verifiable credentials, and knowledge of privacy regulations and technologies such as OAuth2, OpenID Connect, and zero-knowledge proofs.

ID.me

Digital identity verification for secure access

About ID.me

ID.me provides a platform for digital identity verification, allowing individuals to prove and share their identity online. Users create a verified digital identity that can be used to access various services and discounts from partner companies. This process helps businesses ensure that only eligible individuals receive specific offers, which reduces fraud and enhances security. ID.me primarily serves military personnel, first responders, students, teachers, nurses, medical professionals, and government employees, making it particularly valuable in sectors like e-commerce, healthcare, government services, and education. Unlike its competitors, ID.me focuses on building trust between businesses and customers by offering a streamlined verification process that complies with regulatory requirements. The company's goal is to simplify identity verification while providing secure access to services and discounts.

McLean, VirginiaHeadquarters

2010Year Founded

$279.5MTotal Funding

SERIES_DCompany Stage

Government & Public Sector, Cybersecurity, HealthcareIndustries

1,001-5,000Employees