Senior Software Engineer, IAM

Docker has been one of the most loved brands in developer tooling, trusted by more than 20 million monthly users and over 20 billion container image pulls. From solo founders to the world's largest companies, developers rely on Docker to build, share, and run their applications across our suite of products including Docker Desktop, Docker Hub, and Docker Scout.
We are a globally distributed, remote-first team building the tools that define how software gets built and delivered. As AI agents redefine software development, Docker is at the center of that shift, providing the sandboxed environments, verified images, and secure infrastructure that make autonomous workflows trustworthy by default.

We're looking for a Senior Software Engineer to join our IAM team. The IAM team owns Docker’s identity backbone: the systems that determine who a user is, what they can do, and how organizations govern access at scale. Every authenticated request to Docker depends on these services—making their correctness, latency, and security foundational to customer trust.

The team owns authentication and authorization, access tokens, OIDC, SSO, and SCIM, and user and account management systems, along with supporting enterprise services. You'll work on systems used by millions of developers and the world's largest organizations, with the governance controls enterprise customers require.

This is a high-impact role for an engineer who enjoys deep backend work in a space where correctness, latency, and security all matter - and where the design decisions you make today shape how Docker scales identity for years to come.

• Design, build, and operate Go services powering authentication, authorization, token handling, and identity lifecycle across Docker

• Extend OIDC, SSO, SAML, and SCIM integrations, and evolve our authorization model (including ReBAC) as permissions scale across products and tenants

• Improve observability, performance, and security posture of identity services on the hot path of every authenticated request, and strengthen audit logging

• Design for multi-region operation, graceful degradation, and safe rollout of changes to critical auth flows

• Lead projects end-to-end, contribute to technical design and long-term direction of the IAM platform, and mentor teammates in identity and security domains

• Partner with Product, Security, and engineering teams that depend on IAM primitives to ensure our APIs are clear, safe, and easy to adopt

• This role may require participation in an on-call rotation to provide support outside of standard business hours, including evenings, weekends, and holidays, as needed.

Beyond steady-state ownership of our identity services, you’ll help shape the next phase of Docker’s IAM platform, including evolving our authorization model for fine-grained, cross-product access, expanding support for enterprise identity integrations, and improving the reliability and observability of systems on the critical request path.

• 6+ years of backend software engineering experience building and operating production services

• Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience

• Strong proficiency in Go, including building and operating services in production

• Solid working knowledge of PostgreSQL - schema design, query performance, migrations, and operating Postgres under real load

• Experience with gRPC and event-driven systems using Kafka (or comparable)

• Experience operating on AWS

• Strong understanding of core identity and security concepts: OAuth2, OIDC, SAML, JWT, token lifecycle, and session management

• Experience with authorization models, including RBAC and ReBAC-style approaches

• Track record of designing and operating distributed systems where reliability, security, and correctness are first-class concerns

• Willingness and ability to participate in an on-call rotation for services on the critical request path

• Excellent written and verbal communication skills in a remote, async-first environment

• Production experience with SCIM provisioning and enterprise SSO integrations

• Hands-on experience with Auth0 or similar identity platforms

• Experience building or operating multi-region services and understanding the tradeoffs involved

• Exposure to compliance frameworks relevant to identity (SOC 2, ISO 27001, GDPR)

• Experience with audit logging at scale, or with building identity primitives for machine / workload identities

• Get to know the team, our services, and the identity domain at Docker

• Pair with engineers across the IAM stack and ship your first changes to production

• Get comfortable with our Go services, Postgres schemas, CI/CD, and on-call practices

• Own a meaningful component or workstream end-to-end

• Contribute to technical design discussions on auth, tokens, or enterprise identity

• Build strong working relationships with Product, Security, and partner engineering teams

• Begin participating in the on-call rotation with support from the team

• Be a trusted technical leader within IAM, owning a functional area of the platform

• Lead delivery of significant identity initiatives and shape the direction of the IAM roadmap

• Improve reliability, security, and developer experience of the identity primitives other Docker teams depend on

• Mentor teammates and raise the bar on engineering practices across the team

Docker considers sponsorship on a case-by-case basis based on business needs.

We use Covey as part of our hiring and / or promotional process for jobs in NYC and certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 13, 2024.

Please see the independent bias audit report covering our use of Covey here.

Perks

• Freedom & flexibility; fit your work around your life

• Designated quarterly Whaleness Days plus end of year Whaleness break

• Home office setup; we want you comfortable while you work

• 16 weeks of paid Parental leave (after 6 months of employment)

• Technology stipend equivalent to $100 USD net/month

• PTO plan that encourages you to take time to do the things you enjoy

• Training stipend for conferences, courses and classes

• Equity; we are a growing start-up and want all employees to have a share in the success of the company

• Docker Swag

• Medical benefits, retirement and holidays vary by country

• Remote-first culture, with offices in Seattle and Paris

Docker embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our company will be.

#LI-REMOTE