Staff Software Engineer, Cloud Identity

🕒 6 days ago

🇺🇸 United States – Remote

💵 $212k - $286k / year

⏰ Full Time

🔴 Lead

🧑‍💻 Full-stack Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Temporal Technologies

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2018

☁️ SaaS

💰 $75M Series B on 2023-02

Software • SaaS • Cloud Computing

Temporal Technologies is a company that provides a platform for durable execution, helping developers build resilient applications by managing failures, network outages, and long-running processes. Their technology abstracts away the complexity of building scalable distributed systems, allowing developers to focus on delivering reliable systems faster. Temporal simplifies code by eliminating recovery logic, callbacks, and timers, making software more durable and fault tolerant. The platform supports a wide variety of applications, from transaction processing to applied AI, and is favored by developers for its ease of use and reliability. Temporal is open-source and offers both self-hosted and managed cloud services in multiple regions, enabling scalable, serverless application development.

📋 Description

• Design and build Temporal Cloud's identity platform end-to-end — authentication (OAuth 2.0/2.1, OIDC, SAML, token exchange), authorization (RBAC/ReBAC/policy engines), and workload identity federation — so customers and workloads authenticate without long-lived secrets • Scale the auth hot path to meet Temporal Cloud's SLOs: in-memory auth bundles, JWKS caching, decision caching, and revocation strategies that keep latency low and eliminate single points of failure • Integrate with enterprise IdPs (Okta, Entra ID, Google Workspace, SAML/OIDC), own SCIM 2.0 provisioning, and threat-model identity flows against token replay, confused deputy, scope escalation, and mix-up attacks • Partner with Security, Product, and platform teams to ship secure-by-default patterns, define IAM lifecycle and audit strategies, and shape the technical roadmap by tracking emerging standards (IETF OAuth WG, OpenID Foundation) • Mentor engineers, maintain clear architecture docs, and engage directly with customers to understand requirements and unblock adoption

🎯 Requirements

• Deep hands-on experience building and operating production identity systems — OAuth 2.0/2.1, OIDC, SAML, JWT/JOSE, JWKS rotation, SCIM, and at least some exposure to workload identity (SPIFFE/SPIRE, WIF, mTLS, or short-lived federated credentials) • Strong grasp of authorization at scale (RBAC, ABAC, ReBAC/Zanzibar) and familiarity with policy engines like OPA, Cedar, or OpenFGA • Track record operating latency-sensitive distributed systems in production, including on-call ownership and operational excellence • Proficiency in Go; experience with Python, Java, or Kotlin is a plus • Strong communication skills with the ability to align stakeholders across security, product, and engineering and drive execution end-to-end.

🏖️ Benefits

• Unlimited PTO, 12 Holidays + 2 Floating Holidays • 100% Premiums Coverage for Medical, Dental, and Vision • AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available) • Empower 401K Plan • Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!