Staff Software Engineer, Cloud Identity
Temporal Technologies · United States
- Hybrid
- Full-time
- $249,000 / year
- United States
Job highlights
- Design and build Temporal Cloud's identity platform.
- Scale auth systems for high-throughput workloads.
- Integrate with enterprise identity providers.
- Collaborate with security and product teams.
- Mentor engineers and drive technical roadmap.
About the role
About Us
Temporal is an open-source programming model that simplifies code, enhances application reliability, and allows developers to focus on delivering features faster. Our mission is to be the reliable foundation of every developer’s toolbox, and we are building the team to achieve this. Our values—curiosity, drive, collaboration, genuineness, and humility—guide our actions and decisions.
Temporal is growing, and we seek individuals who share our values, challenge conventional thinking, and wish to influence our future. If you are passionate about improving the developer experience, building world-class open-source software and communities, and desire to be part of our exceptional team, we encourage you to apply.
Summary
Temporal is hiring a Staff Software Engineer for Identity to design, build, and operate the identity and access platform for Temporal Cloud, a multi-tenant SaaS serving high-throughput workloads. This role involves owning systems for authenticating humans and workloads, authorizing fine-grained access to namespaces and APIs, federating with customer IdPs, and distributing authentication materials to clients and workers at scale. You will collaborate closely with Security, Product, and platform teams to deliver 'secure by default' capabilities without compromising the developer or operator experience.
What You'll Do
- Design and build Temporal Cloud's identity platform end-to-end, including authentication (OAuth 2.0/2.1, OIDC, SAML, token exchange), authorization (RBAC/ReBAC/policy engines), and workload identity federation, enabling secure customer and workload authentication without long-lived secrets.
- Scale the authentication hot path to meet Temporal Cloud's SLOs, employing strategies like in-memory auth bundles, JWKS caching, decision caching, and revocation to maintain low latency and eliminate single points of failure.
- Integrate with enterprise IdPs (Okta, Entra ID, Google Workspace, SAML/OIDC), manage SCIM 2.0 provisioning, and perform threat modeling on identity flows to prevent issues like token replay, confused deputy attacks, and scope escalation.
- Partner with Security, Product, and platform teams to implement secure-by-default patterns, define IAM lifecycle and audit strategies, and shape the technical roadmap by monitoring emerging standards (IETF OAuth WG, OpenID Foundation).
- Mentor engineers, maintain clear architecture documentation, and engage directly with customers to understand requirements and facilitate adoption.
What You'll Bring
- Deep hands-on experience building and operating production identity systems, including OAuth 2.0/2.1, OIDC, SAML, JWT/JOSE, JWKS rotation, SCIM, and some exposure to workload identity (SPIFFE/SPIRE, WIF, mTLS, or short-lived federated credentials).
- Strong understanding of authorization at scale (RBAC, ABAC, ReBAC/Zanzibar) and familiarity with policy engines such as OPA, Cedar, or OpenFGATrack.
- Proven track record of operating latency-sensitive distributed systems in production, including on-call responsibilities and a commitment to operational excellence.
- Proficiency in Go; experience with Python, Java, or Kotlin is a plus.
- Strong communication skills to align stakeholders across security, product, and engineering, and to drive end-to-end execution.
Nice to Have
- Contributions to identity OSS projects (Keycloak, Ory, Dex, OpenFGA, SPIRE) or standards bodies (IETF OAuth WG, OpenID Foundation).
- Experience with compliance frameworks (FedRAMP, SOC 2, ISO 27001, HIPAA) as they relate to IAM.
- Familiarity with Temporal or other durable-execution engines, particularly regarding authentication implications for workers and task queues.
- Experience designing customer-facing API authentication (scoped tokens, API keys, rotation UX) and building well-structured APIs.
Compensation
Base Salary Range: $212,000 to $286,000, depending on qualifications and location.
Equity Options: Eligible for stock options under Temporal's equity plan.
Compensation ranges include salary and commission (where applicable) across various geographic markets. Offers consider prior experience, knowledge, expertise, skillset, market location, and job level.
Employee Benefits and Perks
Benefits and perks listed are for full-time employees. U.S. Benefits include Unlimited PTO, 12 Holidays + 2 Floating Holidays, 100% Premiums Coverage for Medical, Dental, and Vision, AD&D, LT & ST Disability, and Life Insurance. Additional perks cover Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, and Internet Stipend.
International Benefits vary by country and are provided through partnerships with Remote.com. Temporal also offers perks for international employees for learning & career development, a lifestyle spending account, in-home office setup, professional memberships, work-from-home meals, and a Calm app subscription.
Travel
Occasional travel may be required for company events, team offsites, and other in-person gatherings for this globally distributed team.
Additional Perks
- $3,600 / Year Work from Home Meals
- $1,800 / Year Professional Enrichment (Career Development & Professional Memberships)
- $1,200 / Year Lifestyle Spending Account
- $1,000 / Year In-Home Office Setup
- $74 / Month Reimbursement for Internet
- Calm App Subscription for Mental Health & Wellness
Equal Opportunity Employer
Temporal Technologies is an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status, or any other protected characteristic. All employment decisions are based on qualifications, merit, and business need. We celebrate diversity and embrace differences.
Temporal is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities. If you need to request an accommodation, please inform your Recruiter.
We are not working with external recruitment agencies.
Key skills/competency
- Staff Software Engineer
- Cloud Identity
- Authentication
- Authorization
- Identity and Access Management (IAM)
- OAuth 2.0
- OIDC
- SAML
- Go
- Distributed Systems
Skills & topics
- Staff Software Engineer
- Cloud Identity
- Identity and Access Management
- IAM
- Authentication
- Authorization
- OAuth
- OIDC
- SAML
- Go
- Distributed Systems
- SaaS
- Cloud Computing
- Security
- Software Development
How to get hired
- Tailor your resume: Highlight experience with identity systems, OAuth, OIDC, SAML, and Go programming. Quantify achievements in scaling and operating distributed systems.
- Craft a strong cover letter: Express your passion for open-source, developer experience, and how your skills align with Temporal's values and the Staff Software Engineer role.
- Prepare for technical interviews: Be ready to discuss your experience designing and operating production identity platforms, authorization models, and distributed systems. Practice coding problems in Go.
- Showcase operational excellence: Emphasize your experience with on-call rotations, incident management, and maintaining high availability for critical systems.
- Research Temporal's culture: Understand their open-source focus, values (curious, driven, collaborative, genuine, humble), and mission to be a developer's reliable foundation.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the key technical skills required for the Staff Software Engineer, Cloud Identity role at Temporal Technologies?
- The Staff Software Engineer, Cloud Identity role at Temporal Technologies requires deep hands-on experience with production identity systems like OAuth 2.0/2.1, OIDC, SAML, JWT/JOSE, JWKS rotation, and SCIM. Proficiency in Go is essential, with Python, Java, or Kotlin being a plus. A strong grasp of authorization at scale (RBAC, ABAC, ReBAC/Zanzibar) and experience operating latency-sensitive distributed systems are also critical.
- What is the typical career progression for a Staff Software Engineer at Temporal Technologies?
- As a Staff Software Engineer at Temporal Technologies, you are already in a senior individual contributor role. Progression typically involves increasing technical leadership, mentoring more junior engineers, taking on more complex system designs, and potentially influencing broader architectural decisions within the company or the open-source project.
- How does Temporal Technologies approach work-life balance for its Staff Software Engineers?
- Temporal Technologies offers Unlimited PTO, 12 Holidays + 2 Floating Holidays in the US, and benefits vary internationally. They also provide perks like WFH meal stipends, professional enrichment allowances, and a Calm app subscription, indicating a focus on employee well-being and work-life integration.
- What kind of impact can a Staff Software Engineer, Cloud Identity have at Temporal Technologies?
- As a Staff Software Engineer on the Cloud Identity team, you will design and build the core identity and access platform for Temporal Cloud. Your work directly impacts the security, reliability, and scalability of a multi-tenant SaaS offering, influencing how customers and workloads authenticate and are authorized, and contributing to a 'secure by default' experience.
- Does Temporal Technologies encourage contributions to open-source projects for their engineers?
- Yes, Temporal Technologies is an open-source company and values contributions to open-source projects. Experience with identity OSS projects or standards bodies is listed as a 'nice to have,' suggesting they encourage and value such engagement among their engineers.
- What is the salary range for the Staff Software Engineer, Cloud Identity position at Temporal Technologies?
- The base salary range for the Staff Software Engineer, Cloud Identity position at Temporal Technologies is $212,000 to $286,000 annually, depending on qualifications and location. This range may also include equity options.