About this role
SummaryTemporal is hiring a Senior Software Engineer for Identity to help design, build, and operate the identity and access systems behind Temporal Cloud — a multi-tenant SaaS platform. You'll work on the systems that authenticate users and workloads, authorize access to namespaces and APIs, and integrate with customer identity providers. You'll partner with Security, Product, and infrastructure teams to deliver "secure by default" capabilities while keeping the developer and operator experience strong.
What You'll DoBuild and improve core parts of Temporal Cloud's identity platform — authentication (OAuth 2.0/OIDC, SAML), authorization (RBAC and policy-based access), and workload identity — so customers and workloads can authenticate securely
Help keep the auth path fast and reliable to meet Temporal Cloud's SLOs through caching, token handling, and revocation strategies
Integrate with enterprise identity providers (Okta, Entra ID, Google Workspace) and support user provisioning (SCIM), with attention to common identity threats such as token replay and privilege escalation
Partner with Security, Product, and platform teams to ship secure-by-default patterns and contribute to IAM lifecycle and audit practices
Write clear architecture and design docs, and contribute to the team's technical direction
What You'll BringSolid hands-on experience building and operating production identity or auth systems — OAuth 2.0/OIDC, SAML, JWT, and token/key rotation
Good understanding of authorization models (RBAC, ABAC); familiarity with policy engines like OPA, Cedar, or OpenFGA is a plus
Experience operating distributed systems in production, including some on-call responsibility
Proficiency in Go; experience with Python, Java, or Rust is a plus
Strong communication skills and the ability to collaborate across security, product, and engineering teams
Nice to HaveExposure to workload identity or short-lived / federated credentials (SPIFFE/SPIRE, mTLS, WIF)
Experience with SCIM provisioning and enterprise SSO integrations
Contributions to identity OSS projects (Keycloak, Ory, Dex, OpenFGA, SPIRE)
Familiarity with compliance frameworks (SOC 2, ISO 27001, HIPAA) as they apply to IAM
Familiarity with Temporal or other durable-execution engines, especially auth implications around workers and task queues
Experience designing customer-facing API auth (scoped tokens, API keys, rotation)
CompensationBase Salary Range - $212,000 to $237,000, depending on qualifications and location
Equity Options - Eligible for stock options as part of Temporal's equity plan