← Back to job listings
X
Staff Software Engineer — Identity & Access Management
Xsolla · Serbia
About The Role
Responsibilities
- Own IAM Architecture & Strategy — Own the technical strategy and architecture of our IAM platform, covering authentication, authorization, and session management at scale.
- Design Auth Protocols — Design and evolve our OAuth 2.0 / OIDC flows, token lifecycle, and security primitives to meet both product and compliance requirements.
- Drive Cross-Team Technical Decisions — Drive decisions on protocol design, data modeling, and platform reliability, and build buy-in across engineering and security teams.
- De-Risk Proactively — Identify systemic risks and performance bottlenecks; lead initiatives to resolve them before they become incidents.
- Set Engineering Standards — Define engineering standards, review critical code and designs, and create leverage for the team through documentation, tooling, and mentorship.
- Align with Stakeholders — Collaborate with product, security, and infra teams to align on roadmap and translate business needs into well-scoped technical plans.
- Own Production Escalations — Serve as the go-to escalation point for complex production issues in the IAM domain.
Requirements
Identity & Security
- OAuth 2.0 / OIDC Depth — Deep understanding of OAuth 2.0, OIDC, and related auth flows: authorization code + PKCE, client credentials, device flow, token introspection, refresh strategies.
- Web Security Fundamentals — Solid grasp of cookie security, CSRF, XSS, token storage, TLS, and secure session management.
- Production IAM Experience — Experience designing or operating production-grade IAM or auth systems.
Backend Engineering
- Go Engineering — Strong Go (Golang) engineering skills: idiomatic code, concurrency patterns, performance profiling.
- Distributed Systems — Experience with distributed systems and their trade-offs (consistency, availability, failure modes).
Data & Infrastructure
- PostgreSQL — Schema design, query optimization, migrations at scale.
- Kubernetes — Deploying, operating, and debugging services in a k8s environment.
- Message Streaming — Kafka or NATS — event-driven patterns, consumer groups, at-least-once delivery.
- Git & CI/CD — Git and modern CI/CD practices.
Leadership
- Cross-Team Initiative Leadership — Proven ability to lead multi-quarter technical initiatives across teams.
- Architectural Influence — Track record of influencing architecture and standards beyond your immediate team.
- Written & Verbal Communication — You write RFCs and design docs that people actually read.
Nice to Have
- Hands-on experience with the Ory ecosystem (Hydra, Kratos, Keto) — operating it in production or building on top of its APIs
- Experience with CockroachDB or other distributed SQL databases (multi-region deployments, clock skew handling, survivability trade-offs)
- Familiarity with compliance requirements relevant to IAM: SOC 2, ISO 27001, GDPR data minimization, audit logging
- Contributions to open-source security or identity projects
- Experience building or integrating with SCIM, SAML, or enterprise SSO (LDAP / Active Directory)
- Background in platform or infrastructure engineering — building systems other engineers build on top of
- Hands-on, up-to-date experience with modern AI tools (e.g. Claude, Copilot, Cursor) for code generation, review, and accelerating day-to-day engineering work
This listing was posted by a verified recruiter at Xsolla. Report this listing
JobSpring