Staff Software Development Engineer

Summary

Join BeyondTrust as a Staff Software Development Engineer to lead the evolution of authentication and identity services within our cloud platform. Build scalable, secure, and extensible authentication solutions for our SaaS offerings. Define authentication strategies, ensure seamless integration with identity providers, and drive security best practices. Collaborate with security, platform, and application teams to design and maintain authentication capabilities supporting federated identity, SSO, multi-tenancy, and compliance. Solve complex identity challenges at scale, contributing to a modern identity security platform. Previous experience with authentication/authorization services teams is highly desired.

Requirements

• 8+ years’ experience delivering and supporting enterprise-ready cloud-based systems
• Proven track record of leading cross-team projects in authentication, identity management, or security engineering
• Deep understanding of authentication protocols (OIDC, OAuth 2.0, SAML, JWT, WebAuthn, FIDO2)
• Experience designing and integrating authentication services in a SaaS or cloud-native environment
• Strong programming skills in C#, TypeScript, Go, Java, or other modern languages, with experience in API development and microservices architecture
• Familiarity with cloud IAM services (AWS IAM, Azure AD, Google Identity) and directory services (LDAP, SCIM)
• Experience with Infrastructure as Code (Terraform, CloudFormation) and managing authentication infrastructure
• Knowledge of security best practices, including encryption, secure token management, and authentication flows
• Strong problem-solving skills and ability to navigate ambiguity while driving technical direction
• Prior experience leading authentication modernization efforts or implementing third-party identity provider integrations
• Hands-on experience with multi-tenancy authentication architectures and tenant isolation strategies
• Familiarity with RBAC, ABAC, and authorization frameworks in enterprise applications
• Experience working in regulated industries (e.g., FedRAMP, SOC2, ISO27001) where compliance impacts authentication

Responsibilities

• Lead the evolution of authentication services, ensuring security, scalability, and compliance with industry standards
• Architect and implement authentication capabilities, including OIDC, OAuth 2.0, SAML, MFA, JWT-based authentication, and session management
• Partner with security teams to define and enforce authentication best practices, aligning with Zero Trust principles
• Ensure seamless integration with third-party identity providers, directory services, and federated authentication frameworks
• Enhance authentication observability, monitoring, and logging to proactively identify and mitigate security risks
• Mentor and coach engineers, promoting best practices in authentication, security, and cloud-native development
• Drive modernization efforts, balancing custom authentication needs with strategic integrations to improve security and developer experience
• Contribute to platform-wide initiatives, collaborating with teams across BeyondTrust to align authentication strategies with business goals

Preferred Qualifications

• Contributions to open-source authentication libraries or standards (e.g., OAuth working groups, OpenID Foundation)
• A technical leader who takes ownership of complex authentication challenges and delivers scalable solutions
• A mentor and collaborator, eager to share knowledge and uplift the engineering team
• Someone who balances technical excellence with pragmatic decision-making, ensuring security without unnecessary complexity
• A strong communicator, able to bridge technical and business needs in authentication discussions