Senior Principal Security Engineer

About The Position

Requirements

• Significant software engineering experience in architecting and operating enterprise-scale Identity and Access Management platforms.
• Expert-level knowledge of OAuth2, OIDC, SAML, and SCIM user provisioning.
• Comprehensive experience deploying and managing industry-standard IAM platforms (e.g., Auth0, Keycloak, Ping Identity, or Ory).
• Strong experience implementing and scaling fine-grained authorization policies using Open Policy Agent (OPA), Rego, or similar policy engines.
• Deep, production-level expertise in architecting and implementing modern access control paradigms, including Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC), using decoupled Policy-as-Code engines (such as Open Policy Agent/Rego or AWS Cedar).
• Solid understanding of LDAP/Active Directory integration patterns for enterprise user authentication and centralized group management.
• Strong expertise in modern digital identity concepts, encompassing authentication mechanisms (MFA, SSO, Passwordless), and a thorough understanding of identity protocols acting as the foundation for authorization architectures.
• Proven experience building high-throughput, low-latency secure microservices in JVM-based languages (Java or Kotlin).
• Solid understanding of highly available (HA/DR) distributed systems, observability (metrics, logs, traces), and SRE principles.
• Deep experience securing API architectures and designing edge security patterns (e.g., rate limiting, token exchange, and mutual TLS).
• Proven track record of untangling and reverse-engineering complex, monolithic legacy applications to extract undocumented business rules, and systematically translating them into modern, decoupled, Policy-as-Code authorization architectures.
• Experience building, operating, and auditing identity solutions in compliance-heavy or regulated cloud environments (such as FedRAMP Moderate/High).
• Proven track record of successfully executing seamless, zero-downtime migrations from legacy directory services or monolithic IAM systems to modern distributed CIAM frameworks.
• Strong communication, presentation, and alignment skills, with a track record of driving complex technical initiatives across multiple business units and executive stakeholders.

Responsibilities

• Lead the long-term technical roadmap for platform-wide security patterns, including multi-tenant isolation, key lifecycle management, secure token issuance (JWT), secrets management, and robust API-to-API communication.
• Design and implement next-generation CIAM solutions and secure backend services (using Java/Kotlin) to migrate from legacy IAM systems to modern, highly scalable identity platforms.
• Architect and operate declarative authorization systems utilizing policy-as-code engines (e.g., Open Policy Agent (OPA) with Rego-based evaluation) for granular, high-throughput access decisions.
• Influence company-wide engineering standards and define best practices for secure-by-default software development. Lead cross-functional collaboration with core engineering teams (including API Gateway, Platform Security, and Infrastructure) to ensure consistent security postures.
• Guide, mentor, and elevate the maturity of the engineering organization, promoting secure coding practices and driving threat-modeling initiatives.