Staff Software Engineer, Cloud Identity

This is a fully remote position, open to applicants in United States.

📋 Description

• Develop and implement the comprehensive identity platform for Temporal Cloud, covering authentication (OAuth 2.0/2.1, OIDC, SAML, token exchange), authorization (RBAC/ReBAC/policy engines), and workload identity federation, enabling customers and workloads to authenticate without relying on long-lived secrets.

• Enhance the authentication hot path to align with Temporal Cloud's service level objectives: including in-memory authentication bundles, JWKS caching, decision caching, and revocation strategies that minimize latency and remove single points of failure.

• Collaborate with enterprise identity providers (IdPs) such as Okta, Entra ID, Google Workspace, SAML/OIDC, manage SCIM 2.0 provisioning, and evaluate identity flows against potential threats like token replay, confused deputy, scope escalation, and mix-up attacks.

• Work alongside Security, Product, and platform teams to deliver secure-by-default patterns, establish IAM lifecycle and audit strategies, and influence the technical roadmap by monitoring emerging standards (IETF OAuth WG, OpenID Foundation).

• Guide engineers, ensure clear architecture documentation is maintained, and engage directly with customers to grasp their requirements and facilitate adoption.

⛳️ Requirements

• Extensive practical experience in building and managing production identity systems, including OAuth 2.0/2.1, OIDC, SAML, JWT/JOSE, JWKS rotation, SCIM, and some familiarity with workload identity (SPIFFE/SPIRE, WIF, mTLS, or short-lived federated credentials).

• Solid understanding of large-scale authorization (RBAC, ABAC, ReBAC/Zanzibar) and experience with policy engines like OPA, Cedar, or OpenFGA.

• Proven history of operating latency-sensitive distributed systems in production, encompassing on-call responsibilities and operational excellence.

• Proficient in Go; familiarity with Python, Java, or Kotlin is an advantage.

• Excellent communication skills, capable of aligning stakeholders across security, product, and engineering teams to drive execution from start to finish.

🏝️ Benefits

• Unlimited PTO, 12 Holidays + 2 Floating Holidays

• 100% Premiums Coverage for Medical, Dental, and Vision

• AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)

• Empower 401K Plan

• Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!