Skip to content
← Back to job listings

Staff Software Engineer — Identity & Access Management

Xsolla · Serbia

Software DevelopmentLeadQuick applyfull-time3 days ago

About The Role

Responsibilities

  • Own IAM Architecture & Strategy — Own the technical strategy and architecture of our IAM platform, covering authentication, authorization, and session management at scale.
  • Design Auth Protocols — Design and evolve our OAuth 2.0 / OIDC flows, token lifecycle, and security primitives to meet both product and compliance requirements.
  • Drive Cross-Team Technical Decisions — Drive decisions on protocol design, data modeling, and platform reliability, and build buy-in across engineering and security teams.
  • De-Risk Proactively — Identify systemic risks and performance bottlenecks; lead initiatives to resolve them before they become incidents.
  • Set Engineering Standards — Define engineering standards, review critical code and designs, and create leverage for the team through documentation, tooling, and mentorship.
  • Align with Stakeholders — Collaborate with product, security, and infra teams to align on roadmap and translate business needs into well-scoped technical plans.
  • Own Production Escalations — Serve as the go-to escalation point for complex production issues in the IAM domain.

Requirements

Identity & Security

  • OAuth 2.0 / OIDC Depth — Deep understanding of OAuth 2.0, OIDC, and related auth flows: authorization code + PKCE, client credentials, device flow, token introspection, refresh strategies.
  • Web Security Fundamentals — Solid grasp of cookie security, CSRF, XSS, token storage, TLS, and secure session management.
  • Production IAM Experience — Experience designing or operating production-grade IAM or auth systems.

Backend Engineering

  • Go Engineering — Strong Go (Golang) engineering skills: idiomatic code, concurrency patterns, performance profiling.
  • Distributed Systems — Experience with distributed systems and their trade-offs (consistency, availability, failure modes).

Data & Infrastructure

  • PostgreSQL — Schema design, query optimization, migrations at scale.
  • Kubernetes — Deploying, operating, and debugging services in a k8s environment.
  • Message Streaming — Kafka or NATS — event-driven patterns, consumer groups, at-least-once delivery.
  • Git & CI/CD — Git and modern CI/CD practices.

Leadership

  • Cross-Team Initiative Leadership — Proven ability to lead multi-quarter technical initiatives across teams.
  • Architectural Influence — Track record of influencing architecture and standards beyond your immediate team.
  • Written & Verbal Communication — You write RFCs and design docs that people actually read.

Nice to Have

  • Hands-on experience with the Ory ecosystem (Hydra, Kratos, Keto) — operating it in production or building on top of its APIs
  • Experience with CockroachDB or other distributed SQL databases (multi-region deployments, clock skew handling, survivability trade-offs)
  • Familiarity with compliance requirements relevant to IAM: SOC 2, ISO 27001, GDPR data minimization, audit logging
  • Contributions to open-source security or identity projects
  • Experience building or integrating with SCIM, SAML, or enterprise SSO (LDAP / Active Directory)
  • Background in platform or infrastructure engineering — building systems other engineers build on top of
  • Hands-on, up-to-date experience with modern AI tools (e.g. Claude, Copilot, Cursor) for code generation, review, and accelerating day-to-day engineering work

This listing was posted by a verified recruiter at Xsolla. Report this listing