Key skills
Identity protocolsSingle Sign-On (SSO)OAuth 2.0 / OIDCSAMLSCIMToken-based authenticationAPI gatewaysRBACABACCloud platformsGoJavaRubyNode.jsOktaAzure ADPing IdentityKeycloakAuth0Cryptography principlesSecure coding practicesCommunication skillsAWSAzureGCPIAMOAuthIdentity ManagementSSOSingle Sign-OnLeadershipProduct ManagementCommunicationCollaboration
About this role
Bugcrowd is a company focused on empowering organizations to combat security threats through a crowdsourced approach. They are seeking an experienced Staff Software Engineer to lead the design and development of core services for user identity, authentication, and authorization within their platform.
Responsibilities:
- Architect and Design: Lead the architectural design and implementation of highly available and performant IAM services, including authentication workflows, authorization systems, and identity provisioning
- Protocol Expertise: Serve as the technical expert for industry-standard identity protocols, ensuring robust implementation and adherence to best practices for Single Sign-On (SSO), SAML, SCIM, and OAuth/OIDC
- System Security: Drive the security posture of identity systems, focusing on secure inter-service communication, token management, and fine-grained authorization permission schemes (e.g., RBAC, ABAC)
- Technical Leadership: Mentor and guide mid-level and junior engineers on the team, conducting code reviews, setting technical standards, and advocating for engineering excellence
- Cross-Functional Collaboration: Partner closely with Security, Product Management, and other engineering teams to define requirements, integrate IAM services, and ensure a seamless and secure user experience
- Operational Excellence: Troubleshoot complex production issues related to identity flows, optimize service performance, and contribute to the monitoring and alerting strategy for critical IAM infrastructure
Requirements:
- 7+ years of professional software development experience, with a focus on building distributed, highly-available services
- Deep, hands-on experience designing and implementing solutions utilizing core identity protocols: Single Sign-On (SSO), SAML (Security Assertion Markup Language), OAuth 2.0 / OIDC (OpenID Connect), SCIM (System for Cross-domain Identity Management)
- Proven experience with inter-service authentication and authorization mechanisms (e.g., token-based authentication, API gateways, mTLS)
- Strong understanding of various authorization permission schemes (e.g., Role-Based Access Control - RBAC, Attribute-Based Access Control - ABAC)
- Bachelor's degree in Computer Science, related technical field, or equivalent practical experience
- Experience with a modern programming language (e.g., Go, Java, Ruby, Node.js) and working with cloud platforms (AWS, Azure, or GCP)
- Experience with identity providers (IdPs) and services like Okta, Azure AD, Ping Identity, Keycloak, or Auth0
- Familiarity with cryptography principles and secure coding practices
- Demonstrated ability to drive large, complex, and ambiguous projects to completion
- Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to a diverse audience