Key skills
AIAWSAzureGoogle CloudVaultSAMLLDAPActive DirectoryIdentity ManagementSSOCommunication
About this role
Clear Fracture is inventing a new class of AI-driven data integration platforms, enabling organizations to securely connect and operationalize data across complex environments. The Security Platform Engineer will design and build the core identity, authorization, and security architecture of the platform, focusing on implementing security mechanisms directly into production code.
Responsibilities:
- Design and implement the core security architecture for a multi-tenant AI platform, including authentication, authorization, identity management, and tenant isolation across application and data layers
- Design and build flexible authorization models supporting role-based access control (RBAC), policy-based access control, and fine-grained permissions for users, organizations, APIs, and compute workloads
- Implement identity and authentication integrations with enterprise identity providers, including OAuth2 / OIDC, SAML, LDAP / Active Directory, and Microsoft identity systems
- Design and implement strong tenant isolation guarantees across services, data stores, and compute resources
- Write production level code to integrate security mechanisms directly into application services, APIs, and agent frameworks
- Participate in threat modeling, trust boundary analysis, and secure system design reviews across the platform
- Design identity and authorization systems that operate both in cloud-connected deployments and fully disconnected / air-gapped environments
- Create clear developer-facing documentation for platform security architecture, APIs, and integration patterns
Requirements:
- 4+ years of experience designing and implementing authentication, authorization, or identity systems for production software applications
- Security Clearance: Due to the nature of the work, U.S. Citizenship and the ability to obtain a Secret Clearance are required
- Strong software engineering experience in backend systems, including designing APIs, integrating authentication flows, and implementing authorization logic in application code
- Deep understanding of modern identity and authentication protocols such as OAuth2, OpenID Connect (OIDC), SAML, LDAP / Active Directory, and enterprise SSO integrations
- Experience implementing role-based or policy-based authorization models in complex applications
- Experience performing threat modeling, identifying trust boundaries, and designing systems with least-privilege and defense-in-depth principles
- Experience designing or working on multi-tenant application platforms
- Comfortable integrating authentication and authorization mechanisms into backend services and distributed systems
- Experience deploying or building systems on cloud platforms such as AWS, Azure, or Google Cloud
- Strong communication skills and the ability to explain security architecture clearly to engineers and non-security stakeholders
- Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience
- Due to the nature of the work, U.S. Citizenship is required
- Experience implementing policy engines or authorization frameworks (e.g., OPA, Cedar, Zanzibar-style models)
- Experience designing security for multi-agent or AI-driven systems
- Experience building systems that integrate with enterprise identity providers
- Experience supporting on-prem or air-gapped deployments where cloud identity services are unavailable
- Experience with secrets management systems such as Vault or similar technologies
- Experience working in regulated or high-assurance environments (government, defense, healthcare, finance)
- Exposure to SOC2, FedRAMP, or similar compliance frameworks
- Advanced degree in Computer Science or related field
- Active security clearance