What you will be doing:- Design and build the platform services that power authentication, authorization, and audit across ClickHouse Cloud. This includes a unified RBAC/ReBAC service, token issuance and session handling, and the SDKs that product teams embed to make authorization decision.
- Model permissions and access control primitives (resources, roles, relationships, policies) that work across ClickHouse, SQL Console, ClickPipes, and HyperDX. Ship the libraries and APIs that other engineers build against.
- Implement protocol-level support for SAML, SCIM, OIDC, OAuth2, and MFA/passwordless flows. Own the integrations that make enterprise SSO and provisioning work end to end.
- Build the audit and authorization-decision telemetry pipeline so every access decision is observable, queryable, and surfaceable to customers.
- Partner with product engineering teams to migrate bespoke per-product auth implementations onto the shared platform, and design APIs that make adoption straightforward.
- Carry the platform on-call rotation and own production reliability for systems on the critical path of every customer request.
What you bring along:- Minimum 4+ years building production backend systems at scale. Comfort with at least one systems language (Go, Rust, C++) and one application language (TypeScript, Python).
- Hands-on experience designing and implementing an authentication or authorization service. Examples include building a token issuer, an OIDC or OAuth2 provider, a policy engine, a permissions model, or an FGA/ReBAC system in the style of Zanzibar, OpenFGA, SpiceDB, or Cedar.
- Working knowledge of SAML, SCIM, OIDC, and OAuth2 at the protocol level and are able to implement them.
- Experience designing APIs and SDKs that other engineers depend on, with strong opinions on what makes them adoptable.
- Experience operating distributed systems at scale, including caching strategies, consistency tradeoffs, and multi-region concerns.
- Familiarity with identity vendors (Auth0, WorkOS, AWS/GCP/Azure IAM) as building blocks you've extended or integrated into a larger platform.
- Strong production debugging instincts and a high bar for systems that are easy to develop against.
Bonus:- You've built or contributed to a Zanzibar-style authorization system, or run an OpenFGA or SpiceDB deployment beyond the demo.
- You've designed a multi-tenant permission model that survived real customer requirements like custom roles, hierarchies, delegation, and ABAC attributes.
- You've shipped an SDK that product teams across an org actually adopted, and have opinions about why most internal SDKs fail.
The typical starting salary for this role in the US is
$141,000-$208,000 USD
The typical starting salary for this role in US Premium Markets is
$157,000-$232,000 USD
CompensationFor roles based in the
United States, the typical starting salary range for this position is listed above. In certain locations, such as the San Francisco Bay Area and the New York City Metro Area, a premium market range may apply, as listed.
These salary ranges reflect what we reasonably and in good faith believe to be the minimum and maximum pay for this role at the time of posting. The actual compensation may be higher or lower than the amounts listed, and the ranges may be subject to future adjustments.
An individual's placement within the range will depend on various factors, including (but not limited to) education, qualifications, certifications, experience, skills, location, performance, and the needs of the business or organization.
If you have any questions or comments about compensation as a candidate, please get in touch with us at [redacted].
Perks- Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in over 20 countries.
- Healthcare - Employer contributions towards your healthcare.
- Equity in the company - Every new team member who joins our company receives stock options.
- Time off - Flexible time off in the US, generous entitlement in other countries.
- A $500 Home office setup if you're a remote employee.
- Global Gatherings - We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites.
