Software Engineer - Identity and Access Management

Summary

Join ClickHouse's Identity & Access Management team and contribute to a unified access management experience. Develop, manage, and collaborate on authentication systems, role-based access control, and audit logging. Collaborate with engineering teams to improve database access management, integration patterns, and cloud deployment security. Ensure systems comply with security frameworks and create internal documentation. Respond to on-call escalations. This role offers growth potential and focuses initially on unifying customer identity tooling and processes.

Requirements

• 4+ years of experience as a software engineer, with focus on complex system design and development, working with diverse programming languages (i.e. C++, TypeScript, Go)
• Bachelor’s or Master’s degree in Computer Science or a related field; or equivalent experience
• Experience implementing authentication and authorization services to a standard such as SAML, SCIM, OAuth2, or OIDC
• Direct experience with Auth0, Okta, Cloud IAM (AWS, GCP, Azure) and AuthZ systems such as FGA or OPA
• Experience implementing access control on web applications, APIs and databases
• Experience with distributed systems, cloud computing, and scalable architectures
• You are passionate about building secure systems that are easy to use and easy to develop against
• You have excellent communication skills and the ability to work well within a team and across engineering teams
• You are a strong problem solver and have solid production debugging skills
• You thrive in a fast paced environment, and see yourself as a partner with the business with the shared goal of moving the business forward
• You have a high level of responsibility, ownership and accountability

Responsibilities

• Develop, manage, and collaborate with other engineering teams to provide guidance and support for
• Authentication systems to ensure customers and internal users are provided a secure, user-friendly way to access systems, including support for SAML, SCIM, MFA and passwordless authentication methods
• Role-based and fine-grained access control to ensure resources have the proper level of authorization that is secure, easy for users to understand, and easy for engineers develop against
• Audit logging & monitoring to ensure events are captured for analysis and surfaced for both internal teams and customers as appropriate
• Collaborate with other engineering teams to understand database access management patterns, provide guidance for security or usability improvements and contribute where possible
• Collaborate with other engineering teams to understand integration patterns for third party systems and work to develop common patterns and platforms to enable secure management of credentials for this application
• Collaborate with other engineering teams to understand authentication and authorization relevant to the product’s implementation in Cloud and work to develop common patterns and platforms to enable secure deployment and management
• Ensure systems comply with relevant security and compliance frameworks, such as NIST
• Create and maintain internal documentation to enable other teams to on-board and integrate with identity & access management systems
• Respond to on-call escalations involving the identity and access management platform

Benefits

• Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in 20 countries
• Healthcare - Employer contributions towards your healthcare
• Equity in the company - Every new team member who joins our company receives stock options
• Time off - Flexible time off in the US, generous entitlement in other countries
• A $500 Home office setup if you’re a remote employee
• Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites