Staff Software Engineer (Identity and Access Management)
Role details
Job location
Tech stack
Job description
We are seeking an experienced and highly-skilled Staff Software Engineer to join our Identity and Access Management (IAM) team. In this pivotal role, you will be responsible for designing, developing, and maintaining the core services that manage user identity, authentication, and authorization across our platform. The ideal candidate possesses deep expertise in modern identity protocols and practices, and has a proven track record of architecting secure, scalable, and reliable IAM solutions in a large-scale, distributed environment., * Architect and Design: Lead the architectural design and implementation of highly available and performant IAM services, including authentication workflows, authorization systems, and identity provisioning.
- Protocol Expertise: Serve as the technical expert for industry-standard identity protocols, ensuring robust implementation and adherence to best practices for Single Sign-On (SSO), SAML, SCIM, and OAuth/OIDC.
- System Security: Drive the security posture of identity systems, focusing on secure inter-service communication, token management, and fine-grained authorization permission schemes (e.g., RBAC, ABAC).
- Technical Leadership: Mentor and guide mid-level and junior engineers on the team, conducting code reviews, setting technical standards, and advocating for engineering excellence.
- Cross-Functional Collaboration: Partner closely with Security, Product Management, and other engineering teams to define requirements, integrate IAM services, and ensure a seamless and secure user experience.
- Operational Excellence: Troubleshoot complex production issues related to identity flows, optimize service performance, and contribute to the monitoring and alerting strategy for critical IAM infrastructure.
Requirements
- 7+ years of professional software development experience, with a focus on building distributed, highly-available services.
- Deep, hands-on experience designing and implementing solutions utilizing core identity protocols:
- Single Sign-On (SSO)
- SAML (Security Assertion Markup Language)
- OAuth 2.0 / OIDC (OpenID Connect)
- SCIM (System for Cross-domain Identity Management)
- Proven experience with inter-service authentication and authorization mechanisms (e.g., token-based authentication, API gateways, mTLS).
- Strong understanding of various authorization permission schemes (e.g., Role-Based Access Control - RBAC, Attribute-Based Access Control - ABAC).
- Bachelor's degree in Computer Science, related technical field, or equivalent practical experience.
Preferred Experience
- Experience with a modern programming language (e.g., Go, Java, Ruby, Node.js) and working with cloud platforms (AWS, Azure, or GCP).
- Experience with identity providers (IdPs) and services like Okta, Azure AD, Ping Identity, Keycloak, or Auth0.
- Familiarity with cryptography principles and secure coding practices.
- Demonstrated ability to drive large, complex, and ambiguous projects to completion.
- Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to a diverse audience.
Working Conditions and Physical Requirements
The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.
Sitting and / or standing - Must be able to remain in a stationary position 50% of the time
Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.
Environment - remote, work-from-home 100% of the time.
