Software Engineer; Identity and Access Management

We are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits.

With unmatched scalability and adaptability, our data and AI-driven Crowd Match™ technology finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd. Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures, Costanoa Ventures, and others.

We are seeking an experienced and highly-skilled Staff Software Engineer to join our Identity and Access Management (IAM) team. In this pivotal role, you will be responsible for designing, developing, and maintaining the core services that manage user identity, authentication, and authorization across our platform. The ideal candidate possesses deep expertise in modern identity protocols and practices, and has a proven track record of architecting secure, scalable, and reliable IAM solutions in a large-scale, distributed environment.

• Architect and Design: Lead the architectural design and implementation of highly available and performant IAM services, including authentication workflows, authorization systems, and identity provisioning.
• Protocol Expertise: Serve as the technical expert for industry-standard identity protocols, ensuring robust implementation and adherence to best practices for Single Sign-On (SSO), SAML, SCIM, and OAuth/OIDC.
• System Security: Drive the security posture of identity systems, focusing on secure inter-service communication, token management, and fine-grained authorization permission schemes (e.g., RBAC, ABAC).
• Technical Leadership: Mentor and guide mid-level and junior engineers on the team, conducting code reviews, setting technical standards, and advocating for engineering excellence.
• Cross-Functional Collaboration: Partner closely with Security, Product Management, and other engineering teams to define requirements, integrate IAM services, and ensure a seamless and secure user experience.
• Operational Excellence: Troubleshoot complex production issues related to identity flows, optimize service performance, and contribute to the monitoring and alerting strategy for critical IAM infrastructure.

• 7+ years of professional software development experience, with a focus on building distributed, highly-available services.
• Deep, hands-on experience designing and implementing solutions utilizing core identity protocols:
  • Single Sign-On (SSO)
  • SAML (Security Assertion Markup Language)
  • OAuth 2.0 / OIDC (OpenID Connect)
  • SCIM (System for Cross-domain Identity Management)
• Proven experience with inter-service authentication and authorization mechanisms (e.g., token-based authentication, API gateways, mTLS).
• Strong understanding of various authorization permission schemes (e.g., Role-Based Access Control - RBAC, Attribute-Based Access Control - ABAC).
• Bachelor's degree in Computer Science, related technical field, or equivalent practical experience.

• Experience with a modern programming language (e.g., Go, Java, Ruby, Node.js) and working with cloud platforms (AWS, Azure, or GCP).
• Experience with identity providers (IdPs) and services like Okta, Azure AD, Ping Identity, Keycloak, or Auth
  0.
• Familiarity with cryptography principles and secure coding practices.
• Demonstrated ability to drive large, complex, and ambiguous projects to completion.
• Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to a diverse audience.

• The ideal candidate must be able to complete all physical requirements of the job with or without reasonable…