Staff Software Engineer (Identity & Access Management)

Staff Software Engineer, Identity & Access ManagementLocation: 100% Remote - However you must be west coast or Mountain Time ZonePosition OverviewWe are seeking a Staff Software Engineer to lead design and delivery of robust, scalable Identity & Access Management (IAM) systems. This role owns core identity features single signon, SAML, OAuth 2.0, SCIM user provisioning, interservice authentication, and authorization mechanisms and partners with product, security, and infrastructure teams to secure and simplify how users and services authenticate and authorize across the platform. You will act as a technical leader, mentor engineers, and drive longterm architecture and operational excellence for IAM services.Key ResponsibilitiesDesign, implement, and operate production IAM services including single signon (SSO), SAML integrations, OAuth 2.0 authorization flows, and SCIM provisioning endpoints.Architect and build interservice authentication solutions (e.g., mTLS, service tokens, JWTs, token exchange) to secure servicetoservice communication at scale.Define and implement authorization mechanisms and policy models (RBAC, ABAC, policy evaluation, delegated authorization) to meet product and compliance requirements.Lead integrations with external identity providers and identity platforms (e.g., enterprise IdPs, Azure AD, Okta) and design robust provisioning and deprovisioning workflows.Drive secure design and cryptographic best practices across IAM services, including token handling, key management, session security, and secrets management.Collaborate with product, security, and infrastructure teams to translate requirements into a pragmatic and secure roadmap; balance shortterm delivery with longterm architectural improvements.Own operability: monitoring, alerting, capacity planning, SLOs, incident response, and postincident improvements for IAM services.Mentor and coach engineers on identity protocols, security principles, and scalable service design; run technical reviews and contribute to team hiring and career development.Create and maintain highquality design documents, API specifications, SDK guidance, and developer onboarding materials for identity features.Advocate for developer experience and automation across identity lifecycles (onboarding, role changes, deprovisioning), minimizing manual steps and reducing risk.QualificationsMinimum 8+ years of software engineering experience with significant ownership of production systems and APIs.Demonstrated, hands on experience with single sign-on architectures and protocols (SAML, OAuth 2.0) and practical knowledge of common OAuth flows (authorization code, client credentials, token exchange).Proven experience implementing SCIM for user lifecycle provisioning and synchronization between systems.Deep understanding and handson experience with interservice authentication patterns (mTLS, JWTs, service tokens) and secure token handling.Experience designing and implementing authorization models (RBAC, ABAC, policy engines) and integrating authorization checks into distributed systems.Strong software engineering skills: distributed systems design, API design, reliability, performance tuning, and observability.Practical familiarity with security and cryptographic principles as they apply to identity (token signing/encryption, key rotation, KMS integration, TLS best practices).Proficiency with at least one backend programming language and comfort reading or contributing code in Python or Golang.Experience integrating with Azure AD or other enterprise identity providers is highly desirable.Track record of mentoring engineers, driving technical decisions, and influencing crossfunctional stakeholders.Excellent communication skills, strong bias for action, and the ability to balance security, usability, and business needs.BenefitsVacation/PTOMedicalDentalVisionBonus