Senior Platform Engineer, IAM

Summary

Join Supermetrics' Platform IAM Team as a Senior Platform Engineer and leverage your security and platform engineering expertise to build scalable, reliable, and secure IAM solutions. You will drive the evolution of Supermetrics' IAM, replace existing token implementations, transition to a decentralized model, and address limitations in current capabilities. This remote role (based in Finland with occasional trips to Helsinki) involves designing and developing solutions, collaborating with teams, and contributing to critical platform functions. You will be responsible for designing and operating a secure IAM service, building and maintaining APIs and SDKs, managing the identity lifecycle, integrating with external IdPs, implementing secure workload identity models, and developing security best practices. This role requires significant experience in IAM and platform engineering, along with expertise in relevant technologies and standards.

Requirements

• 5+ years of experience in software engineering, with most of that time spent on Identity and Access Management and security, preferably developing IAM capabilities as part of a platform engineering, DevOps, or site reliability engineering (SRE) team
• Demonstrated expertise in designing and implementing scalable Identity and Access Management systems
• Deep knowledge of authentication and authorization standards such as OAuth2, OIDC, SAML, and SCIM
• Hands-on experience with Kubernetes and other CNCF technologies in production environments
• Proficiency in at least one programming language from Go, Java, C#
• Strong understanding of API design and implementation for secure, scalable services
• Familiarity with cloud-native security tools and practices, including zero-trust architectures
• Experience in multi-cloud environments (AWS and GCP preferred)
• Excellent collaboration, communication, and problem-solving skills

Responsibilities

• Drive the evolution of Supermetrics' Identity and Access Management (IAM) to meet enterprise demands for secure user management and data authorization
• Replace the existing non-standard token implementation with industry-standard approaches to improve interoperability, security, and scalability
• Transition Supermetrics to a decentralized IAM model, enabling seamless IAM as a service across components while reducing redundancy and complexity
• Address the limitations in current IAM capabilities to enable secure, efficient authorization for new services acting on behalf of users
• Design and develop solutions that support growth while maintaining operational simplicity and security
• Contribute to critical platform functions such as service-to-service communication and infrastructure orchestration, laying the groundwork for a truly integrated Supermetrics platform
• Play a key role in transforming Supermetrics into a cohesive, robust platform by establishing secure and scalable base-level platform services
• Collaborate across teams to deliver innovative solutions that address current limitations and meet future growth needs
• Design and operate a secure, scalable IAM service that enables authentication, authorization, and identity management across our SaaS platform, focusing on token validation, permission checks and user/role lookups
• Build and maintain APIs, SDKs, and integrations to enable other platform services to consume IAM capabilities effectively
• Manage the full lifecycle of identities for users, applications, and services, automating provisioning, deprovisioning, and access control workflows
• Integrate with external Identity Providers (IdPs) like Okta, Microsoft Entra ID, and others, using standards such as SAML, OIDC, and SCIM
• Implement secure workload identity models for platform services and workloads running on Kubernetes
• Develop and promote platform-wide security best practices, ensuring compliance with security and data protection standards
• Establish robust observability for the IAM service, including monitoring, alerting, and logging, to guarantee high availability and rapid incident resolution
• Partner with other engineering teams to embed IAM functionality seamlessly into their services and workflows
• Contribute to the platform's architectural vision, balancing security, scalability, and usability
• Stay informed about industry advancements in IAM, cloud-native security, Platform Engineering, and CNCF technologies, and apply them to improve the platform continuously

Preferred Qualifications

• Experience with Infrastructure-as-Code tools like Terraform or Crossplane
• Familiarity with service meshes (e.g., Istio, Cilium) for workload identity and mTLS
• Knowledge of event-driven architectures and tools (e.g., Kafka, Pub/Sub)
• Certifications like CKA (Certified Kubernetes Administrator) or CKS (Certified Kubernetes Security Specialist)

Benefits

• Competitive compensation package, including equity and bonus
• Excellent work equipment and home office allowance for those working in our fully remote locations
• Health care benefits and leisure time insurance
• Annual 1000 euros of personal learning budget
• Sports and wellbeing allowance