[Remote] Staff Software Engineer, Identity & Access Management
Note: The job is a remote job and is open to candidates in USA. SimSpace is an AI Proving Ground where organizations can confidently train, test, and outmaneuver adversaries in any environment. They are seeking a Staff Software Engineer to serve as the technical authority for identity, authentication, and authorization across the platform, focusing on the architecture and technical strategy for the IAM stack.ResponsibilitiesDefine and own the technical architecture for authentication and authorization across the SimSpace platform, ensuring systems are secure, scalable, and maintainableLead the design and development of Keycloak-based identity infrastructure, including federation, SSO, token management, and multi-tenant identity flows — multi-tenancy is a core architectural concern and experience designing systems with strong tenant isolation is highly valuedDesign and build the authorization layer for the SimSpace platform — including policy enforcement using a Relationship-Based Access Control (ReBAC) model (currently implemented with Topaz/OPA), authorization services, and the software infrastructure needed to deliver consistent, fine-grained access control across platform services. An understanding of ReBAC and how it differs from RBAC and ABAC models is essentialDesign and build new services that extend and augment the IAM stack — including directory services, user management services, and other components that integrate with or enhance Keycloak and TopazEstablish and evangelize cross-team authn/authz standards, providing technical guidance to engineering teams consuming IAM services to ensure correct and secure integration patternsPartner with technical leaders across the organization to translate business and security requirements into clear technical roadmaps and executable implementation plansLead project scoping and estimation for new initiatives — breaking down ambiguous requirements into well-defined work, producing credible SWAGs early in the process, and driving planning that the team can execute against with confidenceIdentify and drive resolution of systemic technical risk, performance bottlenecks, and security gaps within the IAM stackActively contribute to architectural review processes, raising the quality bar across the broader engineering organizationMentor and grow senior engineers on the IAM team, sharing deep expertise in software design, identity protocols, and security patternsSkillsExperienced Staff or Senior Software Engineer with a strong background in building platform or infrastructure services, with meaningful exposure to identity and access management conceptsProven ability to design, build, and ship production-grade distributed services — comfortable owning the full software development lifecycle from architecture through deliverySolid understanding of authentication protocols (OAuth 2.0, OIDC, SAML) and authorization patterns, with enough hands-on experience to make sound engineering decisions around identity systemsExperience with Keycloak or comparable identity providers is a plus; willingness to develop deep expertise in Keycloak, Topaz/OPA, and adjacent technologies is essentialDemonstrated ability to drive technical standards and architectural decisions across multiple teams, balancing idealism with pragmatic deliveryStrong project scoping and estimation instincts — able to SWAG a new initiative quickly, break it into meaningful milestones, and produce plans that are realistic without being over-engineeredStrong communicator who can translate complex security and identity concepts for both technical and non-technical audiencesProficient in modern software engineering practices: API design, service decomposition, testing strategies, and CI/CDExperience with Kubernetes and modern container-based infrastructure as the environment in which these services operateComfort with self-hosted, on-premises infrastructure is a strong plusComfortable operating with ambiguity — at the Staff level, the roadmap isn't always fully defined, and this role is expected to help shape itExperience working in security-sensitive or compliance-driven environments (DoD, FedRAMP, SOC 2, or similar) is a strong plusBenefitsCompensation. Base salary range: $185,000 - $260,000, reflecting our confidence in your expertise and impact, with the opportunity for annual bonuses tied to company performance and individual contributions.Comprehensive medical, dental, and vision benefits, plus savings plans—coverage starts on day one!Access to company-paid counseling, coaching, and resources for you and your family through Spring Health.Plan for your future with a 401(k)-retirement savings plan featuring a company match.Take the time you need with unlimited vacation and dedicated health & wellness days. SimSpace provides flexible solutions to meet the diverse work-life needs of team members.Paid leave plans to support you and your loved ones during life’s most important moments.Equity stock options at hire, with annual performance-based grants—become an invested stakeholder in our shared success.Earn $1,500–$3,500 for every qualified hire through our employee referral program.Peloton Interactive Wellness Program: Full- and partial- subsidized membership plans and equipment discounts to help you reach your personalized fitness goals.Access a LinkedIn Learning membership to prioritize your personal and professional development.Monthly reimbursements for meaningful connections with teammates through our SocialSpace Community.Legal plan coverage, pet insurance, wellness reimbursements, and more to simplify life’s details.Company OverviewSimSpace combines high-fidelity, military-grade cyber ranges and training content with unique user and adversary emulation techniques. It was founded in 2015, and is headquartered in Boston, Massachusetts, USA, with a workforce of 201-500 employees. Its website is https://www.simspace.com/.