Staff Software Engineer II - Confluent Secure Compute, Armonk

Introduction At IBM Software, we transform client challenges into solutions. Building the world's leading AI-powered, cloud-native products that shape the future of business and society. Our legacy of innovation creates endless opportunities for IBMers to learn, grow, and make an impact on a global scale. Working in Software means joining a team fueled by curiosity and collaboration. You'll work with diverse technologies, partners, and industries to design, develop, and deliver solutions that power digital transformation. With a culture that values innovation, growth, and continuous learning, IBM Software places you at the heart of IBM's product and technology landscape. Here, you'll have the tools and opportunities to advance your career while creating software that changes the world. With Confluent, data doesn't sit still. We put information in motion, streaming in near real time so organizations can react faster, build smarter, and deliver experiences as dynamic as the world around them. Your role and responsibilities About the Team The Secure Compute team builds and operates the foundational infrastructure layer that powers Confluent Cloud. Our mission is to enable the safe execution of code and data processing in multi-tenant environments across AWS, Azure, and GCP at scale. We provide the essential building blocks-including isolation, identity, and networking-that empower both our customers and internal product teams to innovate without compromising security. As Confluent's product portfolio expands, our team sits at the center of the company's growth. We own a polyglot, container-based runtime that operates across thousands of clusters globally, solving some of the most complex challenges in distributed systems and cloud-native architecture. By balancing world-class security with operational cost-efficiency, we ensure that Confluent Cloud remains the trusted platform for mission-critical workloads in even the most highly regulated industries. About the Role: As a Staff Software Engineer on the Secure Compute Platform team, you will be a key technical leader in building and evolving a next-generation, multi-tenant, cloud-native compute platform that safely runs both trusted and untrusted workloads at scale. Our platform is built on Kubernetes and runs across a large fleet of clusters in multiple public clouds, providing a unified abstraction layer for workload execution, lifecycle management, security, and operational excellence. You'll work on critical systems including: * Secure Compute Infrastructure - Build and evolve the secure, multi-tenant compute substrate and isolation primitives that safely execute customer and internal workloads in a shared environment. * Platform APIs&Abstractions - Design and evolve APIs that provide clear, safe abstractions for polyglot workloads (containers, functions, and services) with diverse performance and isolation needs. * Core Platform Integration - Integrate the Secure Compute platform with core data and application services so that teams can onboard new workloads with minimal friction. * Multi-Tenancy&Security - Implement and harden workload isolation, network policies, identity and access, and secure execution environments required to safely run customer-supplied code. * Observability&Operations - Drive operational excellence through rich observability, automated health checks, self-healing workflows, and robust rollout and rollback practices. As a senior technical leader, you think strategically and help drive end-to-end technical delivery-from platform APIs and developer experience down to runtime, capacity, and security. You leverage your expertise in cloud-native distributed systems to take the Secure Compute platform to the next level while ensuring high availability, reliability, security, and cost efficiency for mission-critical customer workloads. What You Will Do * Define and drive the technical direction for Secure Compute, including platform architecture, runtime, and security for running trusted and untrusted workloads at scale. * Design and implement platform APIs and Kubernetes controllers/operators (primarily in Go) that power workload lifecycle, autoscaling, placement, and isolation for containers and serverless-style functions. * Partner with product and platform teams to shape and deliver the roadmap for Secure Compute, enabling new customer-facing features and internal platforms to build on a common compute substrate. * Deliver high-impact initiatives in areas such as workload scheduling, failure and disruption handling, private and public networking patterns, rollout strategies, and fleet-level resource management. * Lead technical design reviews and influence architecture across teams, ensuring Secure Compute primitives are easy to adopt, safe by default, and aligned with broader platform strategy. * Mentor and grow engineers on the team through design guidance, code reviews, pair programming, and sharing best practices for secure, reliable, operable platform development. * Own operational excellence for key Secure Compute services, including availability, reliability, SLOs, performance, on-call response, incident management, and disaster recovery. This job can be performed from anywhere in the US. Required technical and professional expertise * 10 years of experience delivering scalable backend or infrastructure software in production. * Proven track record of leading the delivery of large-scale, highly available, low-latency distributed systems. * Deep expertise in Kubernetes, including controller development, operator patterns, and preferably multi-region or multi-cluster architectures. * Strong proficiency in Go with experience building production-grade services and control planes. * Experience with multi-tenant platform architectures and security/isolation patterns (for example, namespaces, network policies, sandboxing, secrets and identity management), plus hands-on work with secure container runtimes and low-level Linux internals (for example, Kata Containers, Cloud Hypervisor, cgroups, namespaces, seccomp) and performance troubleshooting and tuning for containerized/virtualized workloads. * Familiarity with gRPC, Protobuf, and internal platform API design for service-to-service communication. * Hands-on experience with observability and operational practices (metrics, logs, traces, alerting, SLOs, rollout strategies, incident response). * Experience with public cloud environments (such as AWS, GCP, Azure) and cloud-provider integrations. * Demonstrated technical leadership and mentorship, including driving cross-team alignment on architecture and execution. Preferred technical and professional experience * Strong collaboration skills and history of working effectively with product, SRE/operations, security, and peer engineering teams. * A smart, humble, and empathetic attitude with a strong sense of ownership and teamwork. * Drive and excitement about building foundational cloud infrastructure in a fast-paced, innovative environment. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.