Staff Engineer

Summary

Join Nextiva as a Staff Engineer and redefine the future of customer experiences. Lead initiatives ensuring secure and seamless access to critical systems and data across our SaaS offerings. Design and evolve scalable IAM solutions, enforcing data governance best practices. As a technical leader, shape the strategy and implementation of robust user access models, service identity, and compliance-driven controls. The ideal candidate will have strong experience in IAM systems, authentication/authorization patterns, and distributed platform architecture. You will be involved in all project stages, from ideation to delivery, building robust and maintainable software. You will also provide technical leadership and mentorship to other engineers.

Requirements

• 8-10+ years of experience building large-scale, secure SaaS platforms, with a strong focus on IAM, access management, and distributed systems
• Deep proficiency in Java, Spring Boot , and designing stateless backend services that integrate with identity providers (IdPs) and security frameworks
• Experience implementing authentication protocols (OAuth 2.0, OIDC, SAML), and designing systems that support single sign-on (SSO), multi-factor authentication (MFA), and Just-In-Time (JIT) provisioning
• Familiarity with access governance tools, secrets management, and key management systems
• Hands-on experience with Kafka for distributed messaging and event-driven pipelines (e.g., audit logs, user session lifecycle, policy updates)
• Expertise with cloud infrastructure platforms (AWS/GCP) and IAM-related services such as IAM roles/policies, STS tokens, and cross-account identity
• Solid understanding of data privacy and regulatory compliance standards (e.g., SOC 2, GDPR, HIPAA) as they relate to access and identity

Responsibilities

• Lead the design and development of secure, scalable IAM and access control mechanisms , including role-based access control (RBAC), attribute-based access control (ABAC), and fine-grained permissions systems
• Improve and maintain centralized authentication and authorization services (e.g., OAuth2, OIDC, SAML, SCIM integrations)
• Ensure secure-by-design principles are embedded across platform services and APIs with a focus on access patterns, identity federation, token lifecycle management, and user provisioning
• Drive architecture and code-level decisions to mitigate identity risks, reduce complexity, and improve the developer experience around secure access patterns
• Contribute to operational systems that support auditing, anomaly detection, access reviews, and governance reporting
• Be involved in every stage of the project - from ideation and system design to delivering products and features in a timely manner
• Build robust, scalable, and maintainable software
• Improve code quality through writing unit tests, automation, and code reviews
• Apply and advocate for team coding, documenting and testing standard
• Lead code reviews and communicate application changes
• Provide technical leadership, mentorship and guidance to engineers on the team
• Collaborate closely with internal teams as well as stakeholders
• Implement and influence business and operational systems that support billing and usage monitoring needs

Preferred Qualifications

• Experience building or integrating with IAM platforms (e.g., Okta, Auth0, ForgeRock, Keycloak)
• Knowledge of fine-grained data access control , masking policies, and dynamic authorization patterns at the data layer
• Experience developing or integrating policy-as-code solutions (e.g., OPA, Cedar, Rego)
• Familiarity with front-end identity contexts and modern frameworks like React and TypeScript for secure session and role propagation
• Deep understanding of zero trust architecture principles and secure service-to-service authentication
• Demonstrated ownership of complex, cross-functional IAM and security initiatives
• Ability to abstract technical complexity into platform capabilities for use by product teams
• Strategic mindset with the ability to anticipate and access risks before they emerge
• Effective communicator, mentor, and partner to engineers and stakeholders across security, compliance, and product
• Passion for driving a culture of security and least-privilege access within a high-scale engineering organization
• Self-motivation, dedication, and a commitment to meeting deadlines
• Willingness to contribute as both a team player and an individual contributor
• Eagerness to drive new projects, troubleshoot issues, and contribute to continuous improvement

Benefits

• Multiple health plan options to suit your needs, including medical, dental, vision, and telemedicine coverage
• Life, disability, and supplemental indemnity plans
• Flexible Time Off (FTO) for salaried employees, PTO for hourly employees, Paid Sick Time (PST), paid parental bonding leave, and paid holidays
• 401(k) with company match, Health Savings Accounts with company contributions, Dependent Care FSA
• Employee Assistance Program and comprehensive wellness initiatives
• Access to ongoing learning and development opportunities and career advancement