Temporal Technologies - Staff Software Engineer, Cloud Identity
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Deep hands-on experience building and operating production identity systems — OAuth 2.0/2.1, OIDC, SAML, JWT/JOSE, JWKS rotation, SCIM, and at least some exposure to workload identity (SPIFFE/SPIRE, WIF, mTLS, or short-lived federated credentials) • Strong grasp of authorization at scale (RBAC, ABAC, ReBAC/Zanzibar) and familiarity with policy engines like OPA, Cedar, or OpenFGA • Track record operating latency-sensitive distributed systems in production, including on-call ownership and operational excellence • Proficiency in Go; experience with Python, Java, or Kotlin is a plus • Strong communication skills with the ability to align stakeholders across security, product, and engineering and drive execution end-to-end • Contributions to identity OSS projects (Keycloak, Ory, Dex, OpenFGA, SPIRE) or standards bodies (IETF OAuth WG, OpenID Foundation) • Experience with compliance frameworks (FedRAMP, SOC 2, ISO 27001, HIPAA) as they apply to IAM • Familiarity with Temporal or other durable-execution engines, especially auth implications around workers and task queues • Experience designing customer-facing API auth (scoped tokens, API keys, rotation UX) and building well-structured APIs
Responsibilities
• Design and build Temporal Cloud's identity platform end-to-end — authentication (OAuth 2.0/2.1, OIDC, SAML, token exchange), authorization (RBAC/ReBAC/policy engines), and workload identity federation — so customers and workloads authenticate without long-lived secrets • Scale the auth hot path to meet Temporal Cloud's SLOs: in-memory auth bundles, JWKS caching, decision caching, and revocation strategies that keep latency low and eliminate single points of failure • Integrate with enterprise IdPs (Okta, Entra ID, Google Workspace, SAML/OIDC), own SCIM 2.0 provisioning, and threat-model identity flows against token replay, confused deputy, scope escalation, and mix-up attacks • Partner with Security, Product, and platform teams to ship secure-by-default patterns, define IAM lifecycle and audit strategies, and shape the technical roadmap by tracking emerging standards (IETF OAuth WG, OpenID Foundation) • Mentor engineers, maintain clear architecture docs, and engage directly with customers to understand requirements and unblock adoption
Benefits
• Base Salary Range - $212,000 to $286,000, depending on qualifications and location • Equity Options - Eligible for stock options as part of Temporal's equity plan • Unlimited PTO, 12 Holidays + 2 Floating Holidays • 100% Premiums Coverage for Medical, Dental, and Vision • AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available) • Empower 401K Plan • Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more! • Paid Time Off (PTO) and Benefits outside the United States vary by country, and are issued in partnership with Remote.com. Additionally, Temporal offers perks to all international employees for learning & career development, a lifestyle spending account, in-home office setup (in addition to company-issued hardware), professional memberships, work-from-home meals, and access to the Calm app for mental wellness. • Travel • Temporal is a globally distributed, collaborative team that values opportunities for in-person connection. Occasional travel may be required for company events, team offsites, and other meaningful moments that bring us together. • $3,600 / Year Work from Home Meals • $1,800 / Year Professional Enrichment (Career Development & Professional Memberships) • $1,200 / Year Lifestyle Spending Account • $1,000 / Year In-Home Office Setup (In addition to Temporal issued equipment - laptop, monitor, keyboard, mouse, trackpad, and extension power cable at no cost to you) • $74 / Month Reimbursement for Internet • Calm App Subscription for Mental Health & Wellness
No credit card. Takes 10 seconds.