Senior Engineer - Workload Identity Platform (SPIFFE/SPIRE)

The Identity Engineering team is responsible for delivering modern identity capabilities that secure workloads, applications, and infrastructure. We are investing in cloud-native workload identity solutions that leverage SPIFFE/SPIRE and Zero Trust principles to provide secure service-to-service communication across Target's technology ecosystem.

About the Job

As a Senior Engineer on the Workload Identity Platform team, you will help design, build, and operate workload identity solutions that enable secure authentication and authorization for applications and infrastructure across cloud-native environments.

You will work closely with platform engineering, security, infrastructure, and application teams to implement and scale SPIFFE/SPIRE-based identity services, integrate with Kubernetes environments, and automate identity lifecycle management. You will contribute to architecture decisions, lead complex technical initiatives, and mentor engineers while helping establish best practices for workload identity across the enterprise.

Core Responsibilities

• Design, implement, and support workload identity solutions using SPIFFE/SPIRE.

• Deploy, configure, and operate SPIRE Server and SPIRE Agent infrastructure.

• Design and manage SPIFFE trust domains and workload identity models.

• Implement and support X.509 SVID and JWT-SVID issuance, validation, rotation, and lifecycle management.

• Develop and maintain workload registration and attestation processes.

• Design and implement integrations between SPIRE, Kubernetes, and enterprise platforms.

• Develop custom SPIRE extensions, plugins, node attestors, or workload attestors where required.

• Partner with engineering teams to onboard workloads and applications to workload identity services.

• Implement identity-aware authentication and authorization patterns for distributed systems.

• Troubleshoot complex identity, authentication, authorization, and certificate lifecycle issues.

• Contribute to platform automation, observability, reliability, and operational excellence.

• Participate in architecture reviews and technical design discussions.

• Mentor engineers and promote engineering best practices.

Pay is based on several factors which vary based on position. These include labor markets and in some instances may include education, work experience and certifications. In addition to your pay, Target cares about and invests in you as a team member, so that you can take care of yourself and your family. Target offers eligible team members and their dependents comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more, to help you and your family take care of your whole selves. Other benefits for eligible team members include 401(k), employee discount, short term disability, long term disability, paid sick leave, paid national holidays, and paid vacation. Find competitive benefits from financial and education to well-being and beyond at https://corporate.target.com/careers/benefits., * Four-year degree in Computer Science, Engineering, or equivalent practical experience.

• 5+ years of software engineering experience designing, developing, and supporting production systems.

• 2+ years of hands-on experience with SPIFFE/SPIRE or equivalent workload identity technologies.

• Strong software development experience in Go.

• Experience building and operating cloud-native applications and services in Kubernetes environments.

• Experience designing and troubleshooting distributed systems and microservice-based architectures.

• Experience implementing workload authentication, identity, and trust solutions for cloud-native platforms.

• Experience developing APIs, integrations, or platform services that operate at scale.

• Strong problem-solving, debugging, and root-cause analysis skills.

• Ability to work across teams and influence technical solutions through collaboration and engineering excellence.

Required Technical Skills

Workload Identity & SPIFFE/SPIRE

• Hands-on experience deploying and operating SPIRE Server and SPIRE Agents.

• Strong understanding of SPIFFE IDs, trust domains, and workload identity concepts.

• Experience implementing and managing X.509 SVIDs and JWT-SVIDs.

• Experience with workload and node attestation mechanisms.

• Familiarity with SPIRE Registration APIs and Workload APIs.

• Experience developing or extending SPIRE integrations.

Software Engineering

• Strong proficiency in Go.

• Experience building APIs, services, and distributed systems in Go.

• Experience developing integrations, plugins, or extensions for cloud-native platforms.

• Experience with Linux environments and troubleshooting.

• Experience with CI/CD automation and deployment pipelines.

Kubernetes & Cloud-Native Technologies

• Kubernetes administration and operations.

• Helm-based deployments and configuration management.

• Containerized application architectures.

• Cloud-native identity and workload security patterns.

• Experience operating services in production Kubernetes environments.

Preferred Qualifications

• Experience developing custom SPIRE node attestors or workload attestors.

• Experience extending SPIRE through custom plugins or integrations.

• Experience with Istio, Linkerd, or other service mesh technologies.

• Experience with Envoy proxy configuration and integration.

• Experience implementing mTLS for service-to-service authentication.

• Experience with Open Policy Agent (OPA).

• Experience with PKI and certificate lifecycle management.

• Experience with Java and/or Python.

• Experience operating SPIRE in large-scale Kubernetes environments.

• Experience with multi-cluster or multi-cloud workload identity architectures.

• Contributions to SPIFFE, SPIRE, Kubernetes, Envoy, or related open-source communities., Please paste this url into your preferred browser to learn about benefits eligibility for this role: https://tgt.biz/BenefitsForYou_D

In compliance with state and federal laws, Target will make reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please reach out to candidate.accommodations@HRHelp.Target.com. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed through this channel.

Competitive benefits

We are proud to provide benefits that support you, your family and your future.

Health and well-being

Target offers comprehensive medical, dental and vision insurance plans. Plus, get free 24/7 virtual care and mental health support.

Financial well-being

Your financial future is bright with TGT 401(k) offering 5% eligible contribution matching and more discount and reimbursement programs.

Paid time off

Target encourages work-life balance by offering eligible team members vacation time and paid national holidays, sick time and family leave.

Education assistance

Target's industry-leading education assistance benefit, Dream to Be, offers tuition-free programs to support your growth.

Market-leading pay

Target is a proud pay leader in retail and highly competitive with other large companies, providing equitable and competitive pay for all.

Team Target discount

Team members get a 10% discount at all Target stores and Target.com, along with 20% off wellness products and 20% off adult owned-brand apparel and accessories. Plus, get an additional 5% savings with a Target Circle Card. More about pay & benefits

Eligibility requirements may vary based on position, average hours worked, length of service and program requirements. Benefits are subject to change.

Working at Target means helping all families discover the joy of everyday life. Behind the scenes, our technology teams build and operate platforms that enable secure, scalable, and reliable experiences across the enterprise.