We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Orbis Operations jobs

Senior Catalyst Engineer

Orbis Operations
6849 Old Dominion Drive (Show on map)
Apr 20, 2026

Orbis is seeking a Senior Catalyst Engineer to own medium-sized features and cross-component surfaces end to end within Catalyst - our secure, multi-cluster service mesh platform. You will set the architecture for your feature area, drive testing standards, and lead design direction for control plane plugins, proxy configuration pipelines, or authorization policy systems. At this level you can trace a request end to end - from DNS resolution through proxy routing, policy authorization, and encrypted tunnel forwarding - and debug issues that cross plane boundaries.

Key Responsibilities



  • Own architecture for medium-sized features end to end; identify cross-cutting concerns and flag them before they become problems
  • Trace and debug requests across the full mesh request flow: DNS, TLS/SNI routing, policy authorization, and inter-cluster tunnel forwarding
  • Design and implement control plane features: event pipeline stages, state mutation logic, route acceptance algorithms, and plugin-based side-effect systems
  • Own and extend policy-as-code authorization: identity extraction, entity modeling, evaluation semantics, and policy lifecycle management
  • Define testing standards for your feature area; drive shift-left testing practices and own the quality bar
  • Participate in on-call rotation; conduct post-mortems with actionable follow-ups; own operational health for your surfaces
  • Formally mentor junior engineers; lead team rituals including retros, standups, and planning sessions


Required Qualifications



  • 4-7 years of experience in infrastructure, networking, or platform engineering with demonstrated ownership of meaningful product surfaces
  • Deep understanding of multi-hop service mesh request flows: DNS-based service discovery, TLS/SNI-based proxy filter chain selection, external authorization via policy engines, and encrypted tunnel forwarding between clusters using QUIC/HTTP3 with mTLS
  • Thorough knowledge of event-driven control plane architectures: serialized dispatch pipelines, pure/deterministic state mutation functions, journal-backed state with crash recovery via event replay, and plugin-based side-effect systems
  • Experience with routing information base (RIB) or route table logic: route acceptance/rejection based on loop detection, path length comparison, staleness, and convergence behavior in distributed routing systems
  • Complete understanding of policy-as-code authorization in a service mesh context: identity extraction from mTLS certificates (SPIFFE URIs), hierarchical entity modeling, evaluation semantics (permit, forbid, default-deny, fail-closed), and policy hot-reload
  • Working knowledge of distributed peer connection lifecycle management: state machine modeling, reconnection with exponential backoff, graceful and error-driven teardown, and operator vs. protocol-initiated transitions
  • Has made architectural decisions within distributed systems and lived with the consequences; comfortable leading design direction independently
  • Applicants must include a link to their GitHub profile within their resume, demonstrating relevant code repositories, projects, and contributions that reflect their technical experience and capabilities.
  • Ability to obtain and maintain a U.S. government security clearance


Preferred Qualifications



  • Experience with worker thread isolation patterns that separate I/O-bound operations (peer connections, filesystem writes, DNS zone generation) from a main event loop
  • Understanding of certificate-bound JWT tokens: ECDSA signing (ES384), certificate thumbprint binding (RFC 8705), and JWKS-based distributed verification
  • Ability to articulate the tradeoffs between different service mesh authorization models: per-RPC application-layer JWT auth vs. per-connection network-layer mTLS-based policy enforcement
  • Experience in mission-critical or national security environments where auditability, security, and operational reliability are foundational requirements
  • Active security clearance (Secret or above); Top Secret preferred
  • Willingness to travel 10-20% for customer engagement, integration support, or team collaboration


Physical Requirements



  • Prolonged periods of sitting at a desk and working on a computer.
  • Routine video conference and/or in-person meetings.
  • Ability to attend planned meetings within the Washington Metro Area region.
  • Up to 10-20% domestic and international travel required


We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status.

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-7m7w4)