Staff Software Engineer

📋 Description

• Define the authorization processes for our AI-driven agentic workflows, focusing on how non-human entities authenticate, acquire scoped permissions, and function within the same authorization framework as their human counterparts.

• Enhance our identity layer within Auth0 to optimize authentication, token issuance, and identity federation.

• Develop and sustain our Relationship-Based Access Control (ReBAC) model using OpenFGA, which underpins all authorization decisions across our infrastructure.

• Lead large-scale technical initiatives that require collaboration among multiple teams and systems. Establish and advocate for best practices and quality standards within the team.

• Set a positive example and mentor team members in collaborative efforts during pull requests, demonstrations, and working relationships. Contribute to a culture that values learning and high technical standards.

• Take responsibility for team deliverables, decisions, quality, processes, and technical direction. Be accountable for steering projects from conception to production.

• Exhibit a thorough understanding of our application's business domain and stakeholder requirements. Utilize this knowledge to proactively identify risks and obstacles during planning, architecture discussions, and RFCs, ensuring alignment between business objectives and technical execution for large projects.

• Embody Basis’ core values while nurturing a positive team culture. Actively promote Basis within the community.

⛳️ Requirements

• A minimum of 8 years of professional software experience, with extensive expertise in identity, authentication, or authorization systems.

• In-depth knowledge of OAuth 2.0 and OpenID Connect, including token flows, JWKS validation, scopes, audience restrictions, and more.

• Practical experience with ReBAC systems such as OpenFGA, Zanzibar, or SpiceDB, encompassing the modeling of authorization schemas, writing and testing tuple-based policies, and assessing permission evaluation performance.

• Familiarity with Auth0 or similar identity providers like Okta, Azure AD, or Keycloak.

• Strong skills in backend programming languages such as Java, Ruby, or Python, along with web frameworks like Spring Boot, Rails, or Django.

• Proficiency with AI coding tools (Claude Code, Cursor, Codex, etc.) as an integral part of the development process, including code generation, debugging, exploration of unfamiliar codebases, and documentation, combined with sound judgment for evaluating and refining AI-generated outputs.

• A thoughtful approach to collaboration, design, and decision-making that emphasizes equity, access, and continuous learning.

• A commitment to fostering inclusive and respectful environments where every voice is acknowledged and supported.

🏝️ Benefits

• Flexible work week

• 401k/RRSP matching

• Mental health support

• Paid sabbaticals

• Generous parental leave

• Flexible work options