Software Engineer, Identity & Access Management

About The Position

Requirements

• 8–12+ years in software engineering, with 3+ years of focused experience in identity, authentication, or authorization systems at scale
• Deep, hands-on expertise in modern auth protocols: OAuth 2.0, OpenID Connect (OIDC), SAML, and SCIM
• Strong understanding of access control models — RBAC, ABAC, and ReBAC — and the ability to make sound architectural tradeoffs between them
• Experience designing IAM systems across multi-cloud environments (AWS, GCP, Azure)
• Security-first mindset: you understand threat modeling, risk assessment, and least-privilege principles, and you embed security throughout the SDLC
• Proficiency in Go, Python, or similar; track record of writing high-quality, maintainable code
• Ability to set technical direction independently, write clear design docs, and drive alignment across teams
• Comfort working alongside a PM counterpart — you can divide technical and product ownership clearly and collaborate effectively
• Bachelor's degree in Computer Science or related field, or equivalent experience

Nice To Haves

• Experience building IAM systems that serve external developer ecosystems — not just internal users
• Experience building identity systems for non-human entities: service accounts, workload identity, machine certificates, Kubernetes service accounts
• Familiarity with policy-as-code frameworks (OPA, Casbin, or similar)
• Experience with zero-trust network architecture
• Hands-on experience with secrets management platforms (Vault or equivalent) at scale
• Prior experience in aerospace, defense, or manufacturing environments with ITAR or export control considerations
• Experience working alongside a PM on a developer-facing platform product

Responsibilities

• Design and implement scalable authentication and authorization systems covering both human operators and machine identities across cloud and factory floor environments — serving as the security foundation for the API Platform
• Own Hadrian's authentication stack: SSO, MFA, OIDC/SAML integrations, and service-to-service auth across AWS, GCP, and future cloud environments
• Build fine-grained access control systems (RBAC/ABAC/ReBAC) that scale across internal engineering teams, factory systems, and external API partners
• Develop frameworks, APIs, and CLI tools that automate credential provisioning, rotation, and policy enforcement for both internal teams and external API consumers
• Build identity and access models for machine-to-machine communication across factory floor systems, Kubernetes workloads, and cloud services
• Partner with Security to ensure IAM systems meet compliance and audit requirements; troubleshoot complex identity and access issues across distributed systems
• Work with the API Platform PM to define how IAM capabilities are surfaced as developer-friendly product experiences — for internal engineers and external partners alike
• Build tooling, SDKs, and documentation that make it easy to integrate with IAM correctly and hard to do so incorrectly
• Set IAM standards across the engineering org and act as the domain expert on access-sensitive architecture decisions

Benefits

• Medical, dental, vision, and life insurance plans for employees
• 401k
• Relocation support may be provided for certain situations, based on business need.
• Flexible vacation policy