Staff Software Engineer, Identity and Access Management

About The Position

Requirements

• 7+ years of experience building production identity platforms at leading identity providers or enterprise software companies, with proven track record of handling millions of authentication requests daily.
• Deep expertise in advanced OAuth 2.0 extensions (PKCE, mTLS, JWT bearer assertions, token exchange), OpenID Connect profiles, and emerging standards like OAuth 2.1 and GNAP.
• Proven experience architecting multi-tenant identity platforms with complex isolation requirements, tenant-specific configurations, and enterprise feature sets.
• Strong background in cryptographic protocols including advanced JWT patterns, key rotation strategies, Hardware Security Module (HSM) integration, and post-quantum cryptography considerations.
• Experience building identity platforms with sophisticated analytics, real-time monitoring, and security event detection capabilities at enterprise scale.
• Expertise in global identity infrastructure including edge deployment strategies, geo-distributed token validation, and cross-region data consistency patterns.
• Deep understanding of enterprise identity integration patterns including SAML federation, LDAP/AD bridges, SCIM provisioning, and custom protocol adapters.
• Proven track record building developer-first identity platforms including comprehensive SDKs, webhook systems, and extensible API designs.
• Experience with identity platform security including threat modeling, penetration testing coordination, and implementation of advanced attack prevention mechanisms.
• Strong background in compliance and regulatory requirements for identity systems including audit trail design, data residency controls, and privacy engineering.
• Experience building identity platforms supporting complex organizational structures, delegated administration, and fine-grained permission models.
• Expertise in high-performance system design including horizontal scaling strategies, caching architectures, and latency optimization for identity operations.
• Knowledge of service mesh identity patterns, workload identity bootstrapping, and integration with container orchestration platforms.
• Experience with identity protocol extensions, custom grant flows, and building extensible identity platforms that support diverse use cases.
• Proven ability to lead technical initiatives in complex, regulated environments while balancing innovation with security and compliance requirements.

Responsibilities

• Design and implement advanced token management systems, including refresh token rotation, proof-of-possession tokens, and custom token introspection with real-time revocation capabilities.
• Lead development of Kong Identity's extensible claims engine supporting dynamic attribute resolution, contextual claim injection, and complex business logic evaluation at token issuance.
• Architect global identity infrastructure with edge optimization, intelligent token caching, and cross-region replication strategies for sub-millisecond authentication latency worldwide.
• Design sophisticated rate limiting, anomaly detection, and fraud prevention systems to protect against credential stuffing, token abuse, and distributed attacks.
• Build enterprise identity federation capabilities, including SAML bridge patterns, external IdP chaining, and custom protocol adapters for legacy system integration.
• Lead technical strategy for Kong Identity's developer experience, including SDKs, webhooks, audit logging, and real-time analytics dashboards for token lifecycle visibility.
• Architect advanced client management systems supporting dynamic client registration, automated credential rotation, and programmatic policy enforcement.
• Design Kong Identity's plugin architecture enables custom grant flows, protocol extensions, and third-party integrations while maintaining security boundaries.
• Drive implementation of compliance frameworks (SOC 2, FedRAMP, GDPR), including comprehensive audit trails, data residency controls, and privacy-preserving token designs.
• Lead technical initiatives for Kong Identity's integration with observability platforms, supporting distributed tracing, metrics collection, and security event correlation.
• Mentor engineering teams on advanced identity concepts including zero-trust architectures, workload identity, and service mesh integration patterns.