Principal Privacy Engineer

Company Overview

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 140 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 44 state government agencies, and 66 healthcare organizations. More than 600 consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/.

Role Overview

We are seeking a Privacy Engineer with deep expertise in Digital Identity to design and implement privacy-centric solutions across our digital platform - including facilitating data retention, anonymization, and conducting Privacy threshold and impact assessments, as well as providing technical product and engineering consultation. This role requires strong technical knowledge of identity protocols, privacy-enhancing technologies, and regulatory frameworks. You will help ensure that identity systems are aligned with global privacy laws and the NIST Digital Identity Guidelines (SP 800-63), emphasizing secure and privacy-respecting authentication, identity proofing, and federation.

This is an onsite position in one of our hub locations (Mountain View CA or McLean VA)

Key Responsibilities

• Design and implement privacy-preserving identity solutions including federated identity, decentralized identifiers (DIDs), and verifiable credentials.
• Integrate privacy-by-design into authentication, authorization, and identity federation workflows (e.g., OAuth2, OpenID Connect, SAML).
• Assist with conducting privacy impact assessments (PIAs) specifically related to identity and access management systems.
• Evaluate and deploy privacy-enhancing technologies (PETs) such as zero-knowledge proofs (ZKPs), secure multi-party computation (SMPC), and anonymization,  pseudonymization, and data minimization methods.
• Develop and enforce technical standards for identity data minimization, encryption, pseudonymization, and secure storage.
• Collaborate with IAM and security engineering teams to enhance identity governance with strong privacy controls.
• Review architecture and code for identity systems to ensure compliance with privacy regulations (GDPR, CCPA, eIDAS, etc.).
• Monitor and assess threats to identity-related data and respond to incidents involving identity data exposure.
• Assist in managing privacy risk assessments and reviews for identity systems, including digital onboarding, credential issuance, and account recovery flows.
• Collaborate with security, IAM, DevOps, and compliance teams to build identity solutions that enforce Privacy-by-Design principles.
• Review identity system architecture and source code to ensure privacy and data protection controls are correctly implemented.
• Contribute to tooling for secure and automated DSAR (data subject access request) identity verification and privacy dashboards.
• Participate in incident response planning and investigations for identity-related security or privacy events.
• Map and enforce privacy principles (ISO/IEC 29100) including consent, purpose limitation, data minimization, and transparency in digital identity systems.
• Develop identity data lifecycle controls covering collection, processing, retention, and deletion per ISO/IEC and GDPR guidelines.
• Develop and implement solutions to ensure privacy policies are correctly implemented. The implementations should advance compliance with legal forms of data use as well as support business use of data.

Basic Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, Engineering, or related technical field.
• 4+ years of technical experience in privacy engineering, IAM, or cybersecurity with a focus on digital identity.
• 1-2 years - Deep familiarity with NIST SP 800-63, including IAL, AAL, and FAL requirements.
• 4+ years of experience with identity protocols (OAuth2, OpenID Connect, SAML, SCIM), authentication systems, and modern IAM platforms.
• 4+ years of strong programming/scripting skills (e.g., Python, Go, Java, Node.js).
• 4+ years resulting in proficiency in identity and data protection standards (e.g., FIDO2, TLS, JWT, PKI, encryption at rest and in transit).

Preferred Qualifications

• Experience with cloud-based identity (AWS IAM, Azure AD, Okta, Google Identity Platform).
• Familiarity with decentralized identity technologies (e.g., Hyperledger Aries/Indy, Sovrin, Entra Verified ID).
• Certifications: CIPT, CIPP, CISSP, GIAC GLEG, or other privacy/security credentials.
• Understanding of privacy threat modeling techniques such as LINDDUN.

Key Competencies

• Deep understanding of privacy risks, mitigations, and best practices in identity systems.
• Strong ability to communicate complex identity/privacy concepts to technical and non-technical stakeholders.
• Ability to balance usability, security, and privacy in digital identity architectures.
• Passionate about user autonomy, data minimization, and ethical identity practices.

The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role. 

ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.

The above represents the anticipated total rewards package for this job requisition. Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.

U.S. Pay Range$203,183—$255,000 USDMountain View, CA Pay Range$241,098—$278,738 USD

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

ID.me participates in E-Verify.