Staff Software Engineer (Identity and Access Management)
Job Summary
We are seeking an experienced and highly-skilled Staff Software Engineer to join our Identity and Access Management (IAM) team. In this pivotal role, you will be responsible for designing, developing, and maintaining the core services that manage user identity, authentication, and authorization across our platform. The ideal candidate possesses deep expertise in modern identity protocols and practices, and has a proven track record of architecting secure, scalable, and reliable IAM solutions in a large-scale, distributed environment.
Essential Duties and Responsibilities
Architect and Design: Lead the architectural design and implementation of highly available and performant IAM services, including authentication workflows, authorization systems, and identity provisioning.
Protocol Expertise: Serve as the technical expert for industry-standard identity protocols, ensuring robust implementation and adherence to best practices for Single Sign-On (SSO), SAML, SCIM, and OAuth/OIDC.
System Security: Drive the security posture of identity systems, focusing on secure inter-service communication, token management, and fine-grained authorization permission schemes (e.g., RBAC, ABAC).
Technical Leadership: Mentor and guide mid-level and junior engineers on the team, conducting code reviews, setting technical standards, and advocating for engineering excellence.
Cross-Functional Collaboration: Partner closely with Security, Product Management, and other engineering teams to define requirements, integrate IAM services, and ensure a seamless and secure user experience.
Operational Excellence: Troubleshoot complex production issues related to identity flows, optimize service performance, and contribute to the monitoring and alerting strategy for critical IAM infrastructure.
Education, Experience, Knowledge, Skills, and Abilities
7+ years of professional software development experience, with a focus on building distributed, highly-available services.
Deep, hands-on experience designing and implementing solutions utilizing core identity protocols:
Single Sign-On (SSO)
SAML (Security Assertion Markup Language)
OAuth 2.0 / OIDC (OpenID Connect)
SCIM (System for Cross-domain Identity Management)
Proven experience with inter-service authentication and authorization mechanisms (e.g., token-based authentication, API gateways, mTLS).
Strong understanding of various authorization permission schemes (e.g., Role-Based Access Control - RBAC, Attribute-Based Access Control - ABAC).
Bachelor’s degree in Computer Science, related technical field, or equivalent practical experience.
Preferred Experience
Experience with a modern programming language (e.g., Go, Java, Ruby, Node.js) and working with cloud platforms (AWS, Azure, or GCP).
Experience with identity providers (IdPs) and services like Okta, Azure AD, Ping Identity, Keycloak, or Auth0.
Familiarity with cryptography principles and secure coding practices.
Demonstrated ability to drive large, complex, and ambiguous projects to completion.
Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to a diverse audience.
Working Conditions and Physical Requirements
The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.
Sitting and / or standing - Must be able to remain in a stationary position 50% of the time
Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.
Environment - remote, work-from-home 100% of the time.
ADA Statement:
Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please contact HR at ada@bugcrowd.com.
Pay Range Disclosure
At Bugcrowd, we strive for fairness, equality and to create an environment that allows our people to perform at their very best. Our compensation philosophy is to foster a collaborative community that rewards, attracts and retains the best possible talent. The provided salary details are based on US national averages and we retain the flexibility to tailor to the needs of the business.
The national estimate for the current base range for the position is: $137,600 - $189,200.
This position may also be eligible to participate in a discretionary bonus program or commission plan, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
About the job
Apply for this position
Staff Software Engineer (Identity and Access Management)
Job Summary
We are seeking an experienced and highly-skilled Staff Software Engineer to join our Identity and Access Management (IAM) team. In this pivotal role, you will be responsible for designing, developing, and maintaining the core services that manage user identity, authentication, and authorization across our platform. The ideal candidate possesses deep expertise in modern identity protocols and practices, and has a proven track record of architecting secure, scalable, and reliable IAM solutions in a large-scale, distributed environment.
Essential Duties and Responsibilities
Architect and Design: Lead the architectural design and implementation of highly available and performant IAM services, including authentication workflows, authorization systems, and identity provisioning.
Protocol Expertise: Serve as the technical expert for industry-standard identity protocols, ensuring robust implementation and adherence to best practices for Single Sign-On (SSO), SAML, SCIM, and OAuth/OIDC.
System Security: Drive the security posture of identity systems, focusing on secure inter-service communication, token management, and fine-grained authorization permission schemes (e.g., RBAC, ABAC).
Technical Leadership: Mentor and guide mid-level and junior engineers on the team, conducting code reviews, setting technical standards, and advocating for engineering excellence.
Cross-Functional Collaboration: Partner closely with Security, Product Management, and other engineering teams to define requirements, integrate IAM services, and ensure a seamless and secure user experience.
Operational Excellence: Troubleshoot complex production issues related to identity flows, optimize service performance, and contribute to the monitoring and alerting strategy for critical IAM infrastructure.
Education, Experience, Knowledge, Skills, and Abilities
7+ years of professional software development experience, with a focus on building distributed, highly-available services.
Deep, hands-on experience designing and implementing solutions utilizing core identity protocols:
Single Sign-On (SSO)
SAML (Security Assertion Markup Language)
OAuth 2.0 / OIDC (OpenID Connect)
SCIM (System for Cross-domain Identity Management)
Proven experience with inter-service authentication and authorization mechanisms (e.g., token-based authentication, API gateways, mTLS).
Strong understanding of various authorization permission schemes (e.g., Role-Based Access Control - RBAC, Attribute-Based Access Control - ABAC).
Bachelor’s degree in Computer Science, related technical field, or equivalent practical experience.
Preferred Experience
Experience with a modern programming language (e.g., Go, Java, Ruby, Node.js) and working with cloud platforms (AWS, Azure, or GCP).
Experience with identity providers (IdPs) and services like Okta, Azure AD, Ping Identity, Keycloak, or Auth0.
Familiarity with cryptography principles and secure coding practices.
Demonstrated ability to drive large, complex, and ambiguous projects to completion.
Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to a diverse audience.
Working Conditions and Physical Requirements
The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.
Sitting and / or standing - Must be able to remain in a stationary position 50% of the time
Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.
Environment - remote, work-from-home 100% of the time.
ADA Statement:
Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please contact HR at ada@bugcrowd.com.
Pay Range Disclosure
At Bugcrowd, we strive for fairness, equality and to create an environment that allows our people to perform at their very best. Our compensation philosophy is to foster a collaborative community that rewards, attracts and retains the best possible talent. The provided salary details are based on US national averages and we retain the flexibility to tailor to the needs of the business.
The national estimate for the current base range for the position is: $137,600 - $189,200.
This position may also be eligible to participate in a discretionary bonus program or commission plan, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.