Temporal TechnologiesRemote
Senior Software Engineer, Cloud Identity
United States of America
Full Time
14 hours ago
$212,000 - $237,000 USD
H1B Sponsor Likely
Key skills
PythonJavaGoRustIAMEntra IDOAuthJWTOktaSAMLSSOKeycloakCachingSaaSCommunication
About this role
Temporal Technologies is an innovative company focused on improving the developer experience through open-source software. They are hiring a Senior Software Engineer for Cloud Identity to design, build, and operate identity and access systems for their multi-tenant SaaS platform, ensuring secure authentication and authorization processes.
Responsibilities:
- Build and improve core parts of Temporal Cloud's identity platform — authentication (OAuth 2.0/OIDC, SAML), authorization (RBAC and policy-based access), and workload identity — so customers and workloads can authenticate securely
- Help keep the auth path fast and reliable to meet Temporal Cloud's SLOs through caching, token handling, and revocation strategies
- Integrate with enterprise identity providers (Okta, Entra ID, Google Workspace) and support user provisioning (SCIM), with attention to common identity threats such as token replay and privilege escalation
- Partner with Security, Product, and platform teams to ship secure-by-default patterns and contribute to IAM lifecycle and audit practices
- Write clear architecture and design docs, and contribute to the team's technical direction
Requirements:
- Solid hands-on experience building and operating production identity or auth systems — OAuth 2.0/OIDC, SAML, JWT, and token/key rotation
- Good understanding of authorization models (RBAC, ABAC); familiarity with policy engines like OPA, Cedar, or OpenFGA is a plus
- Experience operating distributed systems in production, including some on-call responsibility
- Proficiency in Go; experience with Python, Java, or Rust is a plus
- Strong communication skills and the ability to collaborate across security, product, and engineering teams
- Exposure to workload identity or short-lived / federated credentials (SPIFFE/SPIRE, mTLS, WIF)
- Experience with SCIM provisioning and enterprise SSO integrations
- Contributions to identity OSS projects (Keycloak, Ory, Dex, OpenFGA, SPIRE)
- Familiarity with compliance frameworks (SOC 2, ISO 27001, HIPAA) as they apply to IAM
- Familiarity with Temporal or other durable-execution engines, especially auth implications around workers and task queues
- Experience designing customer-facing API auth (scoped tokens, API keys, rotation)