Anaplan is the leading enterprise decision-making platform, powering the world's largest enterprises with our proprietary Hyperblock™ technology and cloud infrastructure. We are seeking a
Principal Engineer to lead the architectural evolution of our Product Security and Customer Identity & Access Management (CIAM) capabilities. In this role, you will define and execute the technical strategy for secure multi-tenant isolation, modern identity migrations, and secure API-to-API communications across our highly distributed global SaaS platform.
Your Impact- Security Architecture & Strategy: Lead the long-term technical roadmap for platform-wide security patterns, including multi-tenant isolation, key lifecycle management, secure token issuance (JWT), secrets management, and robust API-to-API communication.
- Modern Identity Engineering: Design and implement next-generation CIAM solutions and secure backend services (using Java/Kotlin) to migrate from legacy IAM systems to modern, highly scalable identity platforms.
- Access Control & Policy Enforcement: Architect and operate declarative authorization systems utilizing policy-as-code engines (e.g., Open Policy Agent (OPA) with Rego-based evaluation) for granular, high-throughput access decisions.
- Platform Standardization: Influence company-wide engineering standards and define best practices for secure-by-default software development. Lead cross-functional collaboration with core engineering teams (including API Gateway, Platform Security, and Infrastructure) to ensure consistent security postures.
- Technical Leadership & Mentorship: Guide, mentor, and elevate the maturity of the engineering organization, promoting secure coding practices and driving threat-modeling initiatives.
Your QualificationsIdentity, Access, & Security Protocols
- Deep IAM/CIAM Expertise: Significant software engineering experience in architecting and operating enterprise-scale Identity and Access Management platforms.
- Standard Federation Protocols: Expert-level knowledge of OAuth2, OIDC, SAML, and SCIM user provisioning.
- Hands-on Platform Experience: Comprehensive experience deploying and managing industry-standard IAM platforms (e.g., Auth0, Keycloak, Ping Identity, or Ory).
- Policy-as-Code: Strong experience implementing and scaling fine-grained authorization policies using Open Policy Agent (OPA), Rego, or similar policy engines.
- Deep, production-level expertise in architecting and implementing modern access control paradigms, including Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Relationship-Based Access Control (ReBAC), using decoupled Policy-as-Code engines (such as Open Policy Agent/Rego or AWS Cedar)
- Solid understanding of LDAP/Active Directory integration patterns for enterprise user authentication and centralized group management
- Strong expertise in modern digital identity concepts, encompassing authentication mechanisms (MFA, SSO, Passwordless), and a thorough understanding of identity protocols acting as the foundation for authorization architectures
Software Engineering & Distributed Systems
- Backend Engineering: Proven experience building high-throughput, low-latency secure microservices in JVM-based languages (Java or Kotlin).
- System Reliability at Scale: Solid understanding of highly available (HA/DR) distributed systems, observability (metrics, logs, traces), and SRE principles.
- API Security & Gateways: Deep experience securing API architectures and designing edge security patterns (e.g., rate limiting, token exchange, and mutual TLS).
- Proven track record of untangling and reverse-engineering complex, monolithic legacy applications to extract undocumented business rules, and systematically translating them into modern, decoupled, Policy-as-Code authorization architectures
Compliance, Environment, & Leadership
- Regulated Environments: Experience building, operating, and auditing identity solutions in compliance-heavy or regulated cloud environments (such as FedRAMP Moderate/High).
- Identity Migrations: Proven track record of successfully executing seamless, zero-downtime migrations from legacy directory services or monolithic IAM systems to modern distributed CIAM frameworks.
- Cross-Functional Leadership: Strong communication, presentation, and alignment skills, with a track record of driving complex technical initiatives across multiple business units and executive stakeholders.
#LI-SP1