Senior Software Engineer - Identity & Authorization Platform
ClickHouse·Security
Posted Jun 22, 2026·Open for 9 days (and counting)
Key details
Function
Security
Seniority
Mid
Workplace
On-site
Location
EMEA
Specialty
Identity Authorization
Tech stack
GoRustC++TypescriptPythonSamlScimOidcOauth2ZanzibarOpenfgaSpicedbCedar
Job Description
The Platform Auth team’s goal is to support our ‘one customer identity’ vision by providing tools, processes, and expertise for our engineering teams to create a unified access management experience while simplifying and standardizing engineering patterns in the space. We are looking for engineers to join our growing team!
What you will be doing:
- Design and build the platform services that power authentication, authorization, and audit across ClickHouse Cloud. This includes a unified RBAC/ReBAC service, token issuance and session handling, and the SDKs that product teams embed to make authorization decision.
- Model permissions and access control primitives (resources, roles, relationships, policies) that work across ClickHouse, SQL Console, ClickPipes, and HyperDX. Ship the libraries and APIs that other engineers build against.
- Implement protocol-level support for SAML, SCIM, OIDC, OAuth2, and MFA/passwordless flows. Own the integrations that make enterprise SSO and provisioning work end to end.
- Build the audit and authorization-decision telemetry pipeline so every access decision is observable, queryable, and surfaceable to customers.
- Partner with product engineering teams to migrate bespoke per-product auth implementations onto the shared platform, and design APIs that make adoption straightforward.
- Carry the platform on-call rotation and own production reliability for systems on the critical path of every customer request.
What you bring along:
- Minimum 4+ years building production backend systems at scale. Comfort with at least one systems language (Go, Rust, C++) and one application language (TypeScript, Python).
- Hands-on experience designing and implementing an authentication or authorization service. Examples include building a token issuer, an OIDC or OAuth2 provider, a policy engine, a permissions model, or an FGA/ReBAC system in the style of Zanzibar, OpenFGA, SpiceDB, or Cedar.
- Working knowledge of SAML, SCIM, OIDC, and OAuth2 at the protocol level and are able to implement them.
- Experience designing APIs and SDKs that other engineers depend on, with strong opinions on what makes them adoptable.
- Experience operating distributed systems at scale, including caching strategies, consistency tradeoffs, and multi-region concerns.
- Familiarity with identity vendors (Auth0, WorkOS, AWS/GCP/Azure IAM) as building blocks you've extended or integrated into a larger platform.
- Strong production debugging instincts and a high bar for systems that are easy to develop against.
Bonus:
- You've built or contributed to a Zanzibar-style authorization system, or run an OpenFGA or SpiceDB deployment beyond the demo.
- You've designed a multi-tenant permission model that survived real customer requirements like custom roles, hierarchies, delegation, and ABAC attributes.
- You've shipped an SDK that product teams across an org actually adopted, and have opinions about why most internal SDKs fail.
Audit details(provenance, verification trail, raw fields)
Core fields
Posting ID
clickhouse:4dc25e4c-6710-4b47-aedc-7caa260f043aTitle
Senior Software Engineer - Identity & Authorization Platform
Function
Security
Location
EMEA
Workplace mode
unspecified
Posted at
2026-06-22 14:23:38Z
Compensation
undisclosed
Provenance
First seen (our scraper)
2026-06-23 20:34:29Z
Last seen
2026-07-01 04:54:57Z
Last updated
2026-07-01 04:54:57Z
Removed at
still open
Days open
Open for 9 days (and counting)
ATS adapter
ashby
ATS slug
clickhouseVerification trail
This posting hasn't been probed by our closure verifier yet. Stream C runs on a rolling schedule against postings approaching the close-decision threshold.
LLM enrichment
Enriched at 2026-06-24 01:28:22Z. Enrichment runs once per posting, never re-runs.
Seniority
ic_l4
Role archetype
engineering
Specialty
identity_authorization
Workplace mode
unknown
City (normalized)
—
Country (normalized)
—
Comp range
—
Tech stack
gorustc++typescriptpythonsamlscimoidcoauth2zanzibaropenfgaspicedbcedar
Novel role archetype?
no
See how we measure for definitions, or our corrections log for known issues. Found something wrong? Flag a correction.
