Staff Software Engineer, Identity & Access Management

SimSpace Corporation

$185K — $260K *
US-AnywhereRemote in United States
Enterprise Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in software engineering, particularly in identity and access management
  • Deep expertise in software system design for security and scalability
  • Strong background in authentication protocols (OAuth 2.0, OIDC, SAML)
  • Proficiency with Keycloak or similar identity management solutions
  • Experience in agile project scoping and estimation with a pragmatic mindset
  • Ability to communicate complex security concepts effectively to diverse audiences
  • Familiarity with Kubernetes and modern container infrastructure

Responsibilities

  • Define and own technical architecture for IAM across the SimSpace platform
  • Lead design and development of Keycloak-based identity infrastructure
  • Build the authorization layer using ReBAC model with Topaz/OPA
  • Develop IAM-adjacent services including user management and directory services
  • Establish cross-team authn/authz standards and provide technical guidance
  • Translate business and security requirements into technical roadmaps
  • Identify and resolve technical risks and system bottlenecks

Benefits

  • Comprehensive medical, dental, and vision benefits starting day one
  • Company-paid mental health support and resources
  • 401(k) plan with company match for future financial planning
  • Unlimited vacation and dedicated wellness days for flexible time off
  • Paid parental leave to support life’s important moments
  • Equity stock options at hire and annual performance-based grants
  • Referral bonuses for employee recruitment efforts
  • Access to LinkedIn Learning for continuous personal and professional growth
  • Monthly reimbursements for social connections with team members
  • Additional perks like legal plan coverage and pet insurance
Full Job Description
We are looking for a Staff Software Engineer, Identity & Access Management, to serve as the technical authority for identity, authentication, and authorization across the SimSpace platform. The ideal candidate will possess deep expertise in designing and building secure, scalable software systems, a strong foundation in modern IAM concepts, and the ability to drive technical direction across teams in a complex, security-focused environment.

In this position, you'll own the architecture and technical strategy for the IAM stack, partnering with engineering teams across the organization to establish authn/authz standards and ensure consistent, secure access patterns throughout the SimSpace platform. The focus is on software engineering leadership - designing and building the services that underpin identity and access management at SimSpace, solving hard problems, and raising the engineering bar across the team. Specifically, this position will be responsible for:
  • Identity Provider architecture and service development built on Keycloak
  • Authorization policy design and enforcement using a Relationship-Based Access Control (ReBAC) model implemented in Topaz/OPA
  • Design and development of IAM-adjacent services including directory services, user management, and other platform integrations that augment the core identity stack
  • Cross-team authn/authz standards, patterns, and platform integrations


What will you be doing as a Staff Software Engineer, IAM at SimSpace?
  • Define and own the technical architecture for authentication and authorization across the SimSpace platform, ensuring systems are secure, scalable, and maintainable.
  • Lead the design and development of Keycloak-based identity infrastructure, including federation, SSO, token management, and multi-tenant identity flows - multi-tenancy is a core architectural concern and experience designing systems with strong tenant isolation is highly valued.
  • Design and build the authorization layer for the SimSpace platform - including policy enforcement using a Relationship-Based Access Control (ReBAC) model (currently implemented with Topaz/OPA), authorization services, and the software infrastructure needed to deliver consistent, fine-grained access control across platform services. An understanding of ReBAC and how it differs from RBAC and ABAC models is essential.
  • Design and build new services that extend and augment the IAM stack - including directory services, user management services, and other components that integrate with or enhance Keycloak and Topaz.
  • Establish and evangelize cross-team authn/authz standards, providing technical guidance to engineering teams consuming IAM services to ensure correct and secure integration patterns.
  • Partner with technical leaders across the organization to translate business and security requirements into clear technical roadmaps and executable implementation plans.
  • Lead project scoping and estimation for new initiatives - breaking down ambiguous requirements into well-defined work, producing credible SWAGs early in the process, and driving planning that the team can execute against with confidence.
  • Identify and drive resolution of systemic technical risk, performance bottlenecks, and security gaps within the IAM stack.
  • Actively contribute to architectural review processes, raising the quality bar across the broader engineering organization.
  • Mentor and grow senior engineers on the IAM team, sharing deep expertise in software design, identity protocols, and security patterns.


Who you are:
  • Experienced Staff or Senior Software Engineer with a strong background in building platform or infrastructure services, with meaningful exposure to identity and access management concepts.
  • Proven ability to design, build, and ship production-grade distributed services - comfortable owning the full software development lifecycle from architecture through delivery.
  • Solid understanding of authentication protocols (OAuth 2.0, OIDC, SAML) and authorization patterns, with enough hands-on experience to make sound engineering decisions around identity systems.
  • Experience with Keycloak or comparable identity providers is a plus; willingness to develop deep expertise in Keycloak, Topaz/OPA, and adjacent technologies is essential.
  • Demonstrated ability to drive technical standards and architectural decisions across multiple teams, balancing idealism with pragmatic delivery.
  • Strong project scoping and estimation instincts - able to SWAG a new initiative quickly, break it into meaningful milestones, and produce plans that are realistic without being over-engineered. Contributes actively to quarterly planning cycles, helping the team arrive at commitments that are grounded in technical reality.
  • Strong communicator who can translate complex security and identity concepts for both technical and non-technical audiences.
  • Proficient in modern software engineering practices: API design, service decomposition, testing strategies, and CI/CD.
  • Experience with Kubernetes and modern container-based infrastructure as the environment in which these services operate. Comfort with self-hosted, on-premises infrastructure is a strong plus - SimSpace operates its own data centers and candidates should be prepared for the operational realities that come with that.
  • Comfortable operating with ambiguity - at the Staff level, the roadmap isn't always fully defined, and this role is expected to help shape it. We're looking for someone who drives clarity rather than waiting for it.
  • Experience working in security-sensitive or compliance-driven environments (DoD, FedRAMP, SOC 2, or similar) is a strong plus.


We're proud to offer a competitive and comprehensive package designed to support your well-being, growth, and success:
  • Compensation. Base salary range: $185,000 - $260,000, reflecting our confidence in your expertise and impact, with the opportunity for annual bonuses tied to company performance and individual contributions.
  • Health & Wellness. Comprehensive medical, dental, and vision benefits, plus savings plans-coverage starts on day one!
  • Mental Health Support. Access to company-paid counseling, coaching, and resources for you and your family through Spring Health.
  • Financial Well-Being. Plan for your future with a 401(k)-retirement savings plan featuring a company match.
  • Flexible Time Off. Take the time you need with unlimited vacation and dedicated health & wellness days. SimSpace provides flexible solutions to meet the diverse work-life needs of team members.
  • Parental Leave. Paid leave plans to support you and your loved ones during life's most important moments.
  • Ownership Opportunities: Equity stock options at hire, with annual performance-based grants-become an invested stakeholder in our shared success.
  • Referral Rewards: Earn $1,500-$3,500 for every qualified hire through our employee referral program.
  • Peloton Interactive Wellness Program: Full- and partial- subsidized membership plans and equipment discounts to help you reach your personalized fitness goals.
  • Continuous Learning: Access a LinkedIn Learning membership to prioritize your personal and professional development.
  • Social Connections: Monthly reimbursements for meaningful connections with teammates through our SocialSpace Community.
  • Extra Perks: Legal plan coverage, pet insurance, wellness reimbursements, and more to simplify life's details.

Similar Jobs

More Jobs at SimSpace Corporation

More Enterprise Technology Jobs

Find similar Staff Software Engineer, Identity & Access Management jobs: