Staff Software Engineer (Identity and Access Management)

Job Summary

We are seeking an experienced and highly-skilled Staff Software Engineer to join our Identity and Access Management (IAM) team. In this pivotal role, you will be responsible for designing, developing, and maintaining the core services that manage user identity, authentication, and authorization across our platform. The ideal candidate possesses deep expertise in modern identity protocols and practices, and has a proven track record of architecting secure, scalable, and reliable IAM solutions in a large-scale, distributed environment.

Essential Duties and Responsibilities

• Architect and Design: Lead the architectural design and implementation of highly available and performant IAM services, including authentication workflows, authorization systems, and identity provisioning.
• Protocol Expertise: Serve as the technical expert for industry-standard identity protocols, ensuring robust implementation and adherence to best practices for Single Sign-On (SSO), SAML, SCIM, and OAuth/OIDC.
• System Security: Drive the security posture of identity systems, focusing on secure inter-service communication, token management, and fine-grained authorization permission schemes (e.g., RBAC, ABAC).
• Technical Leadership: Mentor and guide mid-level and junior engineers on the team, conducting code reviews, setting technical standards, and advocating for engineering excellence.
• Cross-Functional Collaboration: Partner closely with Security, Product Management, and other engineering teams to define requirements, integrate IAM services, and ensure a seamless and secure user experience.
• Operational Excellence: Troubleshoot complex production issues related to identity flows, optimize service performance, and contribute to the monitoring and alerting strategy for critical IAM infrastructure.

Education, Experience, Knowledge, Skills, and Abilities

• 7+ years of professional software development experience, with a focus on building distributed, highly-available services.
• Deep, hands-on experience designing and implementing solutions utilizing core identity protocols:
  • Single Sign-On (SSO)
  • SAML (Security Assertion Markup Language)
  • OAuth 2.0 / OIDC (OpenID Connect)
  • SCIM (System for Cross-domain Identity Management)
• Proven experience with inter-service authentication and authorization mechanisms (e.g., token-based authentication, API gateways, mTLS).
• Strong understanding of various authorization permission schemes (e.g., Role-Based Access Control - RBAC, Attribute-Based Access Control - ABAC).
• Bachelor’s degree in Computer Science, related technical field, or equivalent practical experience.