Senior Software Engineer - Identity & Authorization Platform

Clickhouse·Remote(United States (remote))

Software Development

AdjustExcel

WFA Digital Insight

As the demand for skilled software engineers in identity and authorization continues to grow, with a 25% increase in job openings in 2025, ClickHouse stands out for its commitment to innovation. With its recent recognition on the 2025 Forbes Cloud 100 list, ClickHouse is an attractive destination for professionals looking to make a significant impact. The company's focus on real-time analytics, data warehousing, and AI workloads means that engineers with expertise in areas like authentication and authorization are in high demand. Before applying, candidates should be aware of the company's emphasis on collaboration and its expectation of strong technical skills, including proficiency in systems languages and experience with distributed systems.

Job Description

## About the Role The Senior Software Engineer position at ClickHouse is a pivotal role that focuses on the development of the company's identity and authorization platform. As a key member of the Platform Auth team, the successful candidate will be responsible for designing and building platform services that power authentication, authorization, and audit across ClickHouse Cloud. This role is critical in supporting the company's 'one customer identity' vision and will involve working closely with engineering teams to create a unified access management experience.

The role entails a deep understanding of authorization systems, including the design and implementation of token issuance and session handling, as well as the development of SDKs for product teams. The ideal candidate will have a strong background in building production backend systems at scale, with hands-on experience in designing and implementing authentication or authorization services.

## What You Will Do - Design and build platform services for authentication, authorization, and audit across ClickHouse Cloud.

Develop a unified RBAC/ReBAC service, including token issuance and session handling.
Create and maintain SDKs that product teams can embed to make authorization decisions.
Model permissions and access control primitives that work across ClickHouse, SQL Console, ClickPipes, and HyperDX.
Ship libraries and APIs for other engineers to build against.
Implement protocol-level support for SAML, SCIM, OIDC, OAuth2, and MFA/passwordless flows.
Own the integrations for enterprise SSO and provisioning.
Build the audit and authorization-decision telemetry pipeline.
Partner with product engineering teams to migrate bespoke per-product auth implementations onto the shared platform.
Carry the platform on-call rotation and own production reliability for critical systems.
Collaborate with the team to design APIs that make adoption straightforward for product teams.

## What We Are Looking For - Minimum 4+ years of experience building production backend systems at scale.

Comfort with at least one systems language (Go, Rust, C++) and one application language (TypeScript, Python).
Hands-on experience designing and implementing an authentication or authorization service.
Working knowledge of SAML, SCIM, OIDC, and OAuth2 at the protocol level.
Experience designing APIs and SDKs that other engineers depend on.
Experience operating distributed systems at scale, including caching strategies and multi-region concerns.
Familiarity with identity vendors as building blocks for a larger platform.
Strong production debugging instincts.

## Nice to Have - Experience with Zanzibar-style authorization systems or similar technologies (OpenFGA, SpiceDB).

Knowledge of designing multi-tenant permission models that meet real customer requirements.
Experience shipping an SDK that was adopted across an organization.

## Benefits and Perks - Opportunity to work with a fast-growing, innovative company recognized on the 2025 Forbes Cloud 100 list.

Collaborative and dynamic work environment with a team of experienced engineers.
Professional development opportunities in cloud computing, real-time analytics, and AI workloads.
Flexible, remote work arrangements.
Competitive compensation package.
Access to cutting-edge technologies and tools.
Health and wellness benefits.
Generous PTO policy.

How to Stand Out

- Ensure you have a strong understanding of authentication and authorization protocols, including SAML, SCIM, OIDC, and OAuth2.

Familiarize yourself with systems languages like Go, Rust, or C++, and application languages such as TypeScript or Python.
Showcase your experience with distributed systems and your ability to operate them at scale.
Prepare examples of APIs and SDKs you've designed and how they were adopted by other engineers.
Highlight any experience you have with identity vendors and how you've integrated them into larger platforms.
Be ready to discuss your approach to debugging production systems and your strategies for ensuring reliability.
Consider preparing a portfolio that demonstrates your skills in authorization systems, including any personal projects or contributions to open-source projects like OpenFGA or SpiceDB.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.