Principal Software Engineer - Authentication & Access

One Identity
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote

Tech stack

API
Artificial Intelligence
Amazon Web Services (AWS)
User Authentication
Software as a Service
Cloud Computing
Cloud Engineering
Software Quality
Continuous Integration
Cursor (Graphical User Interface Elements)
Software Debugging
Programming Tools
Distributed Systems
Identity and Access Management
Lightweight Directory Access Protocols (LDAP)
Node.js
OAuth
Public Key Infrastructure
Openid Connect
Ruby
Security Assertion Markup Language (SAML)
Session Management
Software Engineering
Cloud Platform System
GitHub Copilot
Backend
Solid Principles
Api Design
REST
GPT

Job description

As a Principal Engineer, you will operate with broad technical ownership-defining standards, guiding implementation, and resolving systemic issues across authentication flows, authorization models, and session behavior. You will work across teams to ensure that authentication systems are secure, reliable, and consistent, while evolving legacy implementations toward modern, scalable designs. While deeply focused on authentication and access, you will contribute broadly across the platform, applying this expertise to improve system design and reliability in adjacent areas. This is a hands-on role that includes system design, deep debugging of cross-service behavior, and driving modernization efforts in a complex distributed SaaS environment. You will also play a key role in mentoring engineers and raising the level of expertise in authentication and access across the organization. Responsibilities: Own the correctness, security, and consistency of authentication and access systems across the platform * Define and evolve authentication flows, authorization models, and session lifecycle patterns

  • Ensure protocol correctness and consistency across protocols (SAML, OAuth 2.0, OpenID Connect, etc.)
  • Establish and drive adoption of consistent authentication and access patterns across teams, ensuring alignment with defined standards
  • Design and validate secure, state-machine-driven authentication workflows
  • Standardize handling of MFA, session behavior, and authentication edge cases
  • Identify and remediate legacy or inconsistent authentication implementations
  • Improve resilience and secure failure handling across authentication flows
  • Ensure consistent authentication and authorization behavior across services, APIs, and user entry points
  • Guide the evolution and modernization of authentication systems while maintaining backwards compatibility and correctness

Requirements

  • Deep experience with authentication and identity protocols (SAML, OAuth 2.0, OpenID Connect, LDAP)
  • Strong understanding of session management, including lifecycle, invalidation, and behavior across distributed systems
  • Experience designing complex authentication flows and state-machine-driven workflows
  • Strong security engineering fundamentals, including secure system design and failure handling
  • Experience working with PKI, certificates, and secure communication patterns
  • Experience debugging complex authentication and session issues across multiple services
  • Experience remediating legacy or inconsistent authentication implementations
  • Experience modernizing authentication systems using incremental migration approaches
  • Strong ability to reason about correctness, edge cases, race conditions, and failure modes
  • Experience working across teams to drive consistency and correctness in a critical domain
  • Experience using AI tools to analyze flows, validate system behavior, and identify inconsistencies at scale

Qualifications:

Software Engineering

  • 8+ years of software engineering experience with ownership of critical production systems, including authentication and access services.
  • Strong backend development experience (Ruby, Node.js, or similar).
  • Experience building and operating authentication, authorization, and API-based services in distributed environments.
  • Solid understanding of REST APIs, service contracts, and software design principles.

Quality Engineering

  • Experience building secure, reliable systems with strong testing practices across unit, integration, and service layers.
  • Strong ownership of code quality, validation, and handling complex scenarios.

Cloud & Production Systems

  • Experience building and operating services in AWS or similar cloud environments.
  • Good understanding of distributed systems, cloud-native architecture, and CI/CD.
  • Experience with observability, production debugging, and incident response.

On-Call & Reliability

  • Willingness to participate in a mandatory 24/7 on-call rotation.
  • Experience responding to production incidents and contributing to reliability improvements.

AI-Assisted Development

  • Experience using, or strong interest in, AI-powered development tools (e.g., GitHub Copilot, ChatGPT, Cursor).
  • Ability to evaluate and refine AI-generated code, specifications, workflows, and system designs.

About the company

One Identity enables organizations of all sizes to better secure, manage, monitor, protect, and analyze information and infrastructure to help fuel innovation and drive their businesses forward. With team members around the globe, we intend to continue to grow revenues and add value to customers. When you join our team, you will have the opportunity to build and develop products at a scale few others can provide. Our product portfolio serves a large base of customers and we are addressing the strategic imperatives for enterprise businesses. Working with some of the most talented employees the industry has to offer, we provide enhanced career opportunities for team members to learn and grow in a rapidly changing environment. One Identity is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: One Identity is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at One Identity are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. One Identity will not tolerate discrimination or harassment based on any of these characteristics. One Identity encourages applicants of all ages.

Apply for this position