[Remote] Staff Software Engineer, Identity & Access Management
Note: The job is a remote job and is open to candidates in USA. SimSpace is an AI Proving Ground where organizations can confidently train, test, and outmaneuver adversaries in any environment. They are seeking a Staff Software Engineer to serve as the technical authority for identity, authentication, and authorization across the platform, focusing on the architecture and technical strategy for the IAM stack.
Responsibilities
- Define and own the technical architecture for authentication and authorization across the SimSpace platform, ensuring systems are secure, scalable, and maintainable
- Lead the design and development of Keycloak-based identity infrastructure, including federation, SSO, token management, and multi-tenant identity flows — multi-tenancy is a core architectural concern and experience designing systems with strong tenant isolation is highly valued
- Design and build the authorization layer for the SimSpace platform — including policy enforcement using a Relationship-Based Access Control (ReBAC) model (currently implemented with Topaz/OPA), authorization services, and the software infrastructure needed to deliver consistent, fine-grained access control across platform services. An understanding of ReBAC and how it differs from RBAC and ABAC models is essential
- Design and build new services that extend and augment the IAM stack — including directory services, user management services, and other components that integrate with or enhance Keycloak and Topaz
- Establish and evangelize cross-team authn/authz standards, providing technical guidance to engineering teams consuming IAM services to ensure correct and secure integration patterns
- Partner with technical leaders across the organization to translate business and security requirements into clear technical roadmaps and executable implementation plans
- Lead project scoping and estimation for new initiatives — breaking down ambiguous requirements into well-defined work, producing credible SWAGs early in the process, and driving planning that the team can execute against with confidence
- Identify and drive resolution of systemic technical risk, performance bottlenecks, and security gaps within the IAM stack
- Actively contribute to architectural review processes, raising the quality bar across the broader engineering organization
- Mentor and grow senior engineers on the IAM team, sharing deep expertise in software design, identity protocols, and security patterns
Skills
- Experienced Staff or Senior Software Engineer with a strong background in building platform or infrastructure services, with meaningful exposure to identity and access management concepts
- Proven ability to design, build, and ship production-grade distributed services — comfortable owning the full software development lifecycle from architecture through delivery
- Solid understanding of authentication protocols (OAuth 2.0, OIDC, SAML) and authorization patterns, with enough hands-on experience to make sound engineering decisions around identity systems
- Experience with Keycloak or comparable identity providers is a plus; willingness to develop deep expertise in Keycloak, Topaz/OPA, and adjacent technologies is essential
- Demonstrated ability to drive technical standards and architectural decisions across multiple teams, balancing idealism with pragmatic delivery
- Strong project scoping and estimation instincts — able to SWAG a new initiative quickly, break it into meaningful milestones, and produce plans that are realistic without being over-engineered
- Strong communicator who can translate complex security and identity concepts for both technical and non-technical audiences
- Proficient in modern software engineering practices: API design, service decomposition, testing strategies, and CI/CD
- Experience with Kubernetes and modern container-based infrastructure as the environment in which these services operate
- Comfort with self-hosted, on-premises infrastructure is a strong plus
- Comfortable operating with ambiguity — at the Staff level, the roadmap isn't always fully defined, and this role is expected to help shape it
- Experience working in security-sensitive or compliance-driven environments (DoD, FedRAMP, SOC 2, or similar) is a strong plus
Benefits
- Compensation. Base salary range: $185,000 - $260,000, reflecting our confidence in your expertise and impact, with the opportunity for annual bonuses tied to company performance and individual contributions.
- Comprehensive medical, dental, and vision benefits, plus savings plans—coverage starts on day one!
- Access to company-paid counseling, coaching, and resources for you and your family through Spring Health.
- Plan for your future with a 401(k)-retirement savings plan featuring a company match.
- Take the time you need with unlimited vacation and dedicated health & wellness days. SimSpace provides flexible solutions to meet the diverse work-life needs of team members.
- Paid leave plans to support you and your loved ones during life’s most important moments.
- Equity stock options at hire, with annual performance-based grants—become an invested stakeholder in our shared success.
- Earn $1,500–$3,500 for every qualified hire through our employee referral program.
- Peloton Interactive Wellness Program: Full- and partial- subsidized membership plans and equipment discounts to help you reach your personalized fitness goals.
- Access a LinkedIn Learning membership to prioritize your personal and professional development.
- Monthly reimbursements for meaningful connections with teammates through our SocialSpace Community.
- Legal plan coverage, pet insurance, wellness reimbursements, and more to simplify life’s details.
Company Overview