Principal Software Engineer - Authentication & Access
Role details
Job location
Tech stack
Job description
As a Principal Engineer, you will operate with broad technical ownership-defining standards, guiding implementation, and resolving systemic issues across authentication flows, authorization models, and session behavior. You will work across teams to ensure that authentication systems are secure, reliable, and consistent, while evolving legacy implementations toward modern, scalable designs. While deeply focused on authentication and access, you will contribute broadly across the platform, applying this expertise to improve system design and reliability in adjacent areas. This is a hands-on role that includes system design, deep debugging of cross-service behavior, and driving modernization efforts in a complex distributed SaaS environment. You will also play a key role in mentoring engineers and raising the level of expertise in authentication and access across the organization. Responsibilities: Own the correctness, security, and consistency of authentication and access systems across the platform * Define and evolve authentication flows, authorization models, and session lifecycle patterns
- Ensure protocol correctness and consistency across protocols (SAML, OAuth 2.0, OpenID Connect, etc.)
- Establish and drive adoption of consistent authentication and access patterns across teams, ensuring alignment with defined standards
- Design and validate secure, state-machine-driven authentication workflows
- Standardize handling of MFA, session behavior, and authentication edge cases
- Identify and remediate legacy or inconsistent authentication implementations
- Improve resilience and secure failure handling across authentication flows
- Ensure consistent authentication and authorization behavior across services, APIs, and user entry points
- Guide the evolution and modernization of authentication systems while maintaining backwards compatibility and correctness
Requirements
- Deep experience with authentication and identity protocols (SAML, OAuth 2.0, OpenID Connect, LDAP)
- Strong understanding of session management, including lifecycle, invalidation, and behavior across distributed systems
- Experience designing complex authentication flows and state-machine-driven workflows
- Strong security engineering fundamentals, including secure system design and failure handling
- Experience working with PKI, certificates, and secure communication patterns
- Experience debugging complex authentication and session issues across multiple services
- Experience remediating legacy or inconsistent authentication implementations
- Experience modernizing authentication systems using incremental migration approaches
- Strong ability to reason about correctness, edge cases, race conditions, and failure modes
- Experience working across teams to drive consistency and correctness in a critical domain
- Experience using AI tools to analyze flows, validate system behavior, and identify inconsistencies at scale
Qualifications:
Software Engineering
- 8+ years of software engineering experience with ownership of critical production systems, including authentication and access services.
- Strong backend development experience (Ruby, Node.js, or similar).
- Experience building and operating authentication, authorization, and API-based services in distributed environments.
- Solid understanding of REST APIs, service contracts, and software design principles.
Quality Engineering
- Experience building secure, reliable systems with strong testing practices across unit, integration, and service layers.
- Strong ownership of code quality, validation, and handling complex scenarios.
Cloud & Production Systems
- Experience building and operating services in AWS or similar cloud environments.
- Good understanding of distributed systems, cloud-native architecture, and CI/CD.
- Experience with observability, production debugging, and incident response.
On-Call & Reliability
- Willingness to participate in a mandatory 24/7 on-call rotation.
- Experience responding to production incidents and contributing to reliability improvements.
AI-Assisted Development
- Experience using, or strong interest in, AI-powered development tools (e.g., GitHub Copilot, ChatGPT, Cursor).
- Ability to evaluate and refine AI-generated code, specifications, workflows, and system designs.