Principal Engineer

At a Glance

• Role: Principal Engineer, AI Platform (MCP)
• Location: Remote
• Salary: Competitive
• Employment type: Permanent, full-time
• Stack: TypeScript / Node.js or Python, MCP SDKs, OAuth 2.0 / OIDC, Cloudflare Workers, Streamable HTTP

The Company

Our client is a global payments technology business building the next generation of capabilities for a merchant-first ecosystem. They operate at real scale, working with partners and merchants across multiple markets, and their engineering culture is built around small, empowered teams solving hard, real-world problems. The culture here is outcomes over outputs. Teams are trusted to work with autonomy, supported with the right tools, and given the space to think carefully and build well. If you are the kind of engineer who wants to master a domain rather than just ship tickets, this is the right environment.

The Role

This is one of the most technically interesting principal engineering roles we have brought to market this year. You will own the architecture and delivery of a suite of Model Context Protocol (MCP) servers that serve as the trusted, governed gateway between large language models and a production payment platform. As AI-driven interfaces become a primary way partners and internal teams interact with payment systems, these servers sit at the heart of that shift. You will define the transport and session model, implement OAuth-based authentication and authorisation, design the tooling and elicitation surfaces that agents depend on, and build the operational backbone that keeps everything safe and reliable at scale. This is a hands-on principal role. You will set technical direction, write production code, define patterns and libraries that other teams will build on, and raise the bar for engineering quality across a domain that is new, fast-moving, and security-sensitive.

What You'll Be Doing

• Own the architecture and delivery of MCP servers exposing platform data and capabilities to AI agents and developer tooling
• Design the transport and session model (Streamable HTTP), including stateful sessions for progress streaming, subscriptions, sampling, and user elicitation flows
• Implement robust authentication and authorisation using OAuth 2.0 / OIDC, JWT validation, and least-privilege per-request data scoping
• Design and operate the edge and gateway layer (Cloudflare Workers / Durable Objects) for token validation, JWKS caching, routing, and session state
• Define standards, patterns, and reusable libraries so other teams can build additional MCP servers quickly, consistently, and securely
• Embed security and compliance into every layer, treating these servers as a high-trust surface over sensitive payment data
• Drive observability, performance, and reliability: logging, tracing, rate limiting, timeouts, graceful degradation, and clean failure modes
• Build quality in across the software lifecycle using Behavioural Driven Development and CI/CD
• Mentor engineers, review designs and code, and evaluate emerging AI and agent technologies for applicability
• Translate partner, merchant, and internal developer needs into well-designed, high-quality solutions

What You'll Bring

• 8 to 10 years of software engineering experience, with a track record of owning systems end to end
• Deep server-side development expertise in TypeScript / Node.js or Python, given the maturity of the official MCP SDKs
• Strong, hands-on familiarity with the Model Context Protocol: defining tools, resources, and prompts; designing well-typed input/output schemas; and writing tool descriptions that drive reliable model behaviour
• Solid understanding of LLM tool-use and agentic patterns, including how models select and invoke tools, manage context, and handle multi-step interactions
• Hands-on experience with OAuth 2.0 / OIDC, JWT validation, token scoping, and identity provider integration
• Experience deploying and operating services at the edge or in serverless environments (Cloudflare Workers / Durable Objects, AWS Lambda, Cloud Run, or comparable)
• Strong understanding of secure HTTP API design, including streaming and SSE, and stateful vs. stateless service design
• Security-first mindset, ideally with exposure to regulated or payments environments (PCI DSS awareness a strong plus)
• Awareness of the safety considerations specific to AI agent tooling: prompt injection, over-broad permissions, and safe handling of model-driven actions
• Solid grounding in database design, caching, message-oriented middleware, and systems integration
• Comfortable operating with a high degree of ambiguity, able to set direction, experiment, and backtrack when needed

• Direct experience building with agent frameworks or LLM application SDKs beyond MCP
• Background in payments or other regulated financial services environments
• BS or MS in Computer Science or a related field

Why Apply

• A genuinely novel technical problem at the intersection of payments infrastructure and AI agent systems
• Principal-level ownership with real architectural authority and scope to define how this domain is built
• A culture that values engineering craft, autonomous teams, and outcomes over process
• No needless bureaucracy: small teams, hard problems, space to do your best work
• Competitive compensation with the ability to grow with a business operating at serious scale

Interested? Apply directly or reach out to Ryan Quinn at Ocho for a confidential conversation.