Title: Principal Software Engineer, AI Platform Engineering Location: Type: Full-Time Workplace: hybrid Category: Platform Upgrade Job Description: ABOUT SAVIYNT Saviynt is a leader in identity security, delivering an AI-powered platform that governs and secures access to applications, data, and business processes for global enterprises and government institutions. Built for the AI era, Saviynt helps organizations move faster &mdash; securely and compliantly. ABOUT THE ROLE You set the architectural direction for how training data flows, evolves, and is governed across the AI Platform. You define the standards ML engineers and scientists build on, and ensure every training signal is tenant-isolated, PII-free, and traceable from source to model. WHAT YOU'LL OWN - AI Data Lake on GCS: bucket layout, raw &rarr; silver &rarr; gold tier separation, CMEK encryption, lifecycle rules - Batch pipelines: Spark on Dataproc for TB-scale feature backfills, Iceberg compaction, and daily S3&rarr;GCS incremental sync - Streaming pipelines: Apache Beam on Dataflow for sub-5-min CDC ingestion with exactly-once semantics and PII assertion gates - Schema registry: Avro / Protobuf schema versioning, compatibility modes, and migration playbooks for safe schema evolution - Orchestration: Flyte as primary DAG layer &mdash; task authoring standards, domain isolation, retry policies, DataCatalog memoization; evaluate Kubeflow Pipelines where relevant - Multi-tenancy: strict per-tenant GCS prefix isolation, quota policies, and cross-tenant contamination validation - Data Anonymizer and Data Labeler microservices: strip PII and attach ML labels before signals leave each customer environment - Feature store: Feast offline (GCS Parquet) and online (Redis) with point-in-time correctness and < 0.1% consistency SLA - Vector database: operate Pgvector (Cloud SQL) for POC and Qdrant on GKE for production-scale embedding storage; design index strategies (IVFFlat, HNSW) and manage ANN query latency SLAs - RAG data pipeline: build embedding generation pipelines that chunk, encode, and upsert document embeddings into the vector store; own the data refresh cadence and staleness SLAs for retrieval context - Service APIs: expose data platform services (feature serving, embedding upsert, schema validation) over HTTPS with mTLS and gRPC where low-latency streaming is required - Synthetic data pipelines for dev/staging where real customer data is not permitted - Data quality gates: Great Expectations / dbt checks as Flyte tasks, blocking on schema and PII-absence failures YOU'LL THRIVE HERE IF YOU HAVE - 8+ years of data engineering at production scale across multiple companies - Demonstrated principal impact: platform standards you defined adopted org-wide, or major cross-team pipeline/schema migrations you led - Data lake ownership (essential): you have designed and operated a production data lake end-to-end &mdash; storage layout, partitioning strategy, tiered retention (hot/warm/cold), table format (Iceberg or Delta Lake), compaction, and access control; not just consumed one - Deep Spark (PySpark / Scala): executor tuning, shuffle diagnosis, Iceberg table maintenance - Hands-on Beam / Dataflow: windowing, exactly-once, side inputs, autoscaling - Schema registry experience: Protobuf / Avro compatibility rules, breaking-change migrations in production - Orchestration at scale: Flyte, Kubeflow Pipelines, Airflow, or Prefect &mdash; operated in production, ideally benchmarked two - Multi-tenant data architecture: per-tenant isolation as a hard requirement, not a post-hoc concern - Feature store operations: Feast or Tecton, point-in-time joins, online/offline consistency - Vector databases: Pgvector or Qdrant in production &mdash; index tuning, ANN search, embedding upsert pipelines - RAG data fundamentals: chunking strategies, embedding model selection, retrieval quality evaluation, and context freshness management - API transport: gRPC and HTTPS/mTLS for service-to-service communication; comfortable defining proto contracts and managing certificate lifecycle - Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent practical experience or equivalent military experience NICE TO HAVE - Differential privacy or k-anonymity for ML training datasets - Open source contributions: Feast, Great Expectations, Apache Beam, or dbt - Familiarity with IAM / access governance data: entitlements, provisioning events, access graphs - Iceberg or Delta Lake at petabyte scale WHY JOIN SAVIYNT - Work on a large-scale, Kubernetes-based SaaS platform - Solve challenging cloud and reliability problems at scale - Collaborate with strong engineers in a reliability-focused culture - Competitive compensation, benefits, and growth opportunities SECURITY & COMPLIANCE This role requires adherence to Saviynt's information security and privacy policies, including annual security training. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

• Provision and manage cloud infrastructure reproducibly using infrastructure as code, likely via Terraform. • Design and maintain CI/CD workflows, including Git-based workflows and GitHub Actions. • Implement and manage observability, monitoring, and alerting using tools like Prometheus, Grafana, or Datadog. • Shape vulnerability scanning, dependency management, and system hardening. • Administer Linux systems, including shell scripting and troubleshooting.

• Build and operate systems with a strong focus on reliability and correctness • Continuously improve system robustness through careful analysis and iteration • Understand the difficulty of managing entropy in a complex system and adapt accordingly

• Own and manage platform engineering activities for the organization’s Data Loss Prevention (DLP) and data governance platforms, ensuring business requirements are translated into scalable, secure, and effective technical solutions. • Design, implement, and optimize data protection, compliance, and governance capabilities using platforms such as Microsoft Purview, Microsoft Defender for Cloud Apps, and related Azure security services. • Develop and maintain Infrastructure as Code (IaC) solutions for cloud infrastructure, platform services, and security controls using tools such as Terraform or equivalent frameworks. • Partner with application, platform, and cybersecurity teams to implement secure-by-design patterns for identity, secrets management, logging, monitoring, vulnerability management, and policy enforcement • Identify opportunities to automate manual processes and streamline engineering operations using APIs, scripting, cloud-native tooling, and workflow automation • Engineer reusable automation, self-service capabilities, and operational workflows that improve platform reliability, speed, and developer experience. • Design processes to evaluate, test, and deploy platform enhancements, updates, and new capabilities across the data security ecosystem. • Identify opportunities to automate manual processes and improve operational efficiency using APIs, scripting, Azure Logic Apps, playbooks, and other modern automation frameworks. • Develop reusable tools, workflows, and integrations to improve the user and administrator experience across security platforms. • Support backlog development and prioritization for DLP, compliance, and data governance initiatives while working within agile delivery models. • Monitor platform health, security events, and service effectiveness through logging, alerting, and reporting capabilities. • Support disaster recovery and business continuity planning as it relates to data protection, platform resilience, and compliance operations.