Clear FractureRemote
Senior Software Engineer (Auth & Identity)
United States of America
Full Time
3 weeks ago
$100,000 - $155,000 USD
No H1B
Key skills
PythonJavaGoAIAWSAzureGCPVaultSAMLActive DirectorySSOCommunication
About this role
Clear Fracture is inventing a new class of AI-driven data integration platforms, enabling organizations to securely connect and operationalize data across complex environments. We are seeking a backend focused Senior Software Engineer to design and build the authorization and identity systems embedded directly within our product, focusing on implementing fine-grained access control and authentication flows.
Responsibilities:
- Design and implement fine-grained authorization systems within the product, including role-based and policy-based access control models for users, organizations, APIs, and agent workflows
- Write production-level backend code to enforce authorization across APIs, services, and agent execution paths. Partner with other engineers to embed access control directly into core product functionality
- Implement authentication flows and integrate with enterprise identity providers (OAuth2, OIDC, SAML, Active Directory), ensuring seamless and secure user and service authentication
- Design and enforce tenant-aware access control and isolation across application services, data layers, and compute workloads
- Contribute to the design of authorization and identity architecture, including policy models, enforcement patterns, and system boundaries
- Participate in threat modeling and design reviews, with a focus on authorization boundaries, privilege escalation risks, and least-privilege enforcement
- Defining and monitoring operational constraints to mitigate the risk of prompt injection or goal-misalignment
- Design authorization approaches that function reliably across distributed systems, including cloud-connected and air-gapped environments
- Create clear abstractions, APIs, and documentation that make it easy for other engineers to correctly implement and extend authorization logic
Requirements:
- 4+ years of experience building authorization, identity, or authentication systems in application code
- Strong backend software engineering experience (e.g., Python, Go, Java), including: Designing APIs, Implementing authentication flows, Enforcing authorization in service logic
- Deep understanding of: RBAC, ABAC, and/or policy-based access control models, OAuth2, OpenID Connect (OIDC), SAML, and enterprise SSO
- Experience designing or implementing fine-grained permissions in complex or distributed systems
- Experience working on multi-tenant applications or systems with strong isolation requirements
- Familiarity with threat modeling and secure system design, especially around access control and trust boundaries
- Comfortable working in a collaborative engineering environment and integrating security into shared codebases
- Experience building or deploying systems in cloud environments. (AWS, Azure, or GCP)
- Strong communication skills and ability to explain technical concepts clearly
- Bachelor's degree in Computer Science or equivalent practical experience
- Due to the nature of the work, U.S. Citizenship and the ability to obtain a Secret Clearance are required
- Experience building or integrating authorization frameworks or policy engines. (e.g., OPA, Cedar, Zanzibar-inspired systems)
- Experience designing authorization for dynamic systems. (e.g., agent-based systems, workflow engines, or plugin architectures)
- Experience implementing relationship-based or context-aware access control models
- Experience supporting on-prem or air-gapped deployments
- Experience with enterprise identity integrations in complex environments
- Experience working in high-assurance or regulated environments
- Familiarity with secrets management tools. (e.g., Vault)
- Exposure to compliance frameworks. (SOC2, FedRAMP, etc.)
- Advanced degree in Computer Science or related field
- Active security clearance