The Role

Hadrian's API Platform is how the outside world connects to our manufacturing systems. Every partner integration, every internal service, and every factory floor system that touches that platform depends on one thing being right: identity. Who is allowed in, what they can do, and how credentials are managed across a complex, multi-cloud, physically distributed environment.

As Staff Software Engineer, Identity and Access Management, you will build the security foundation that the API Platform is built on. You will own authentication, authorization, and credential automation across cloud infrastructure, Kubernetes workloads, and factory floor systems - and you will work in close partnership with the API Platform PM to ensure that IAM capabilities are surfaced as first-class developer experiences, not bolted-on compliance requirements.

This is not a supporting role. IAM is a product pillar here. You will own the technical layer end to end, set the direction for how it scales, and help define what secure-by-default looks like across everything Hadrian builds.

What You'll Do

• Design and implement scalable authentication and authorization systems covering both human operators and machine identities across cloud and factory floor environments - serving as the security foundation for the API Platform
• Own Hadrian's authentication stack: SSO, MFA, OIDC/SAML integrations, and service-to-service auth across AWS, GCP, and future cloud environments
• Build fine-grained access control systems (RBAC/ABAC/ReBAC) that scale across internal engineering teams, factory systems, and external API partners
• Develop frameworks, APIs, and CLI tools that automate credential provisioning, rotation, and policy enforcement for both internal teams and external API consumers
• Build identity and access models for machine-to-machine communication across factory floor systems, Kubernetes workloads, and cloud services
• Partner with Security to ensure IAM systems meet compliance and audit requirements; troubleshoot complex identity and access issues across distributed systems
• Work with the API Platform PM to define how IAM capabilities are surfaced as developer-friendly product experiences - for internal engineers and external partners alike
• Build tooling, SDKs, and documentation that make it easy to integrate with IAM correctly and hard to do so incorrectly
• Set IAM standards across the engineering org and act as the domain expert on access-sensitive architecture decisions

What We're Looking For

• 8-12+ years in software engineering, with 3+ years of focused experience in identity, authentication, or authorization systems at scale
• Deep, hands-on expertise in modern auth protocols: OAuth 2.0, OpenID Connect (OIDC), SAML, and SCIM
• Strong understanding of access control models - RBAC, ABAC, and ReBAC - and the ability to make sound architectural tradeoffs between them
• Experience designing IAM systems across multi-cloud environments (AWS, GCP, Azure)
• Security-first mindset: you understand threat modeling, risk assessment, and least-privilege principles, and you embed security throughout the SDLC
• Proficiency in Go, Python, or similar; track record of writing high-quality, maintainable code
• Ability to set technical direction independently, write clear design docs, and drive alignment across teams
• Comfort working alongside a PM counterpart - you can divide technical and product ownership clearly and collaborate effectively
• Bachelor's degree in Computer Science or related field, or equivalent experience

What Will Set You Apart

• Experience building IAM systems that serve external developer ecosystems - not just internal users
• Experience building identity systems for non-human entities: service accounts, workload identity, machine certificates, Kubernetes service accounts
• Familiarity with policy-as-code frameworks (OPA, Casbin, or similar)
• Experience with zero-trust network architecture
• Hands-on experience with secrets management platforms (Vault or equivalent) at scale
• Prior experience in aerospace, defense, or manufacturing environments with ITAR or export control considerations
• Experience working alongside a PM on a developer-facing platform product

Growth & Trajectory

This is a founding role with a clear path upward. As Hadrian's API Platform scales and the IAM function grows in complexity - more factory locations, more partners, more systems - so does the scope of this role. The natural trajectory leads toward technical lead or architect of a broader Security and Identity platform org, with the potential to grow a team around you.

Compensation

For this role, the target salary range is $192,000-$273,500, plus offers equity.

This is the lowest to highest salary we reasonably and in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee's pay position within the salary range will be based on several factors, including, but not limited to, relevant education, qualifications, certifications, experience, skills, geographic location, performance, and business or organizational needs.

Benefits

• Medical, dental, vision, and life insurance plans for employees
• 401k
• Relocation support may be provided for certain situations, based on business need.
• Flexible vacation policy

ITAR Requirements

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.