Staff Software Engineer - Enterprise Security and Identity Tooling

About The Position

Requirements

• 8+ years of professional software engineering experience, or equivalent depth building production software systems
• Strong backend engineering skills in Python, Go, Java, TypeScript, or similar modern languages
• Experience designing, building, testing, deploying, and operating production services or internal platforms
• Strong understanding of APIs, data modeling, distributed systems, reliability, observability, and operational excellence
• Experience integrating SaaS platforms, enterprise tools, internal services, or third-party systems through APIs, webhooks, queues, events, or workflow engines
• Familiarity with identity and access concepts such as SSO, OAuth/OIDC, SAML, SCIM, RBAC, MFA, service accounts, or access reviews
• Strong security fundamentals across authentication, authorization, secrets handling, audit logging, least privilege, and secure software development
• Ability to work through ambiguity, make sound technical tradeoffs, and turn messy operational needs into maintainable software

Nice To Haves

• Experience building identity, access, security, compliance, IT automation, developer productivity, or internal platform tooling is preferred
• Experience with privileged access, JIT workflows, approval systems, lifecycle automation, entitlement management, non-human identity governance, or audit-ready evidence tooling is preferred

Responsibilities

• Build internal software services and integrations across identity, access, SaaS, endpoint, privileged access, security data, and workflow systems
• Design backend APIs, data models, and integration patterns for users, devices, groups, roles, applications, permissions, owners, exceptions, and audit trails
• Integrate third-party systems and internal tools through APIs, webhooks, queues, events, and workflow engines
• Establish practical source-of-truth boundaries and ownership across connected systems
• Automate joiner, mover, leaver workflows, access requests, entitlement cleanup, approvals, revocation, and evidence capture
• Create workflow automation that gives engineers fast access when justified while removing access when no longer needed
• Support identity-aware tooling for SSO, SCIM, OAuth/OIDC, RBAC, service accounts, non-human identities, and privileged access paths
• Prioritize tooling improvements around JML, privileged access, non-human identities, and access evidence with the Identity and Access lead
• Improve security tooling reliability through testing, observability, error handling, retries, idempotency, deployment safety, and operational runbooks
• Define engineering standards for code review, testing, deployment, observability, secrets handling, and runbooks
• Map high-value workflows that are currently manual, fragile, or poorly integrated
• Build reusable internal services and integrations that reduce manual work and create measurable security evidence
• Connect identity and access events with security telemetry and reporting to support detection, investigation, audit, and executive metrics
• Preserve clear evidence across access and approval workflows to support compliance and operational review
• Implement guardrails for AI and agentic workflows, including approval, attribution, logging, least privilege, and safe write paths
• Ship meaningful workflow improvements such as access automation, revocation automation, identity evidence capture, entitlement cleanup, or SaaS onboarding automation

Benefits

• Highly competitive US compensation package (base + bonus + equity)
• Performance reviews every 12 months
• Flexible workplace
• Medical
• Dental
• Vision
• Flexible paid time off
• Parental leave
• Retirement plan participation