Senior Software Engineer - Identity & Authorization Platform
at ClickHouse
USD 141,000-208,000 per year
Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Go @ 4
TypeScript @ 4
Python @ 4
SQL @ 4
GCP @ 3
Distributed Systems @ 4
AWS @ 3
Azure @ 3
Rust @ 4
Debugging @ 7
API @ 4
Audit @ 4
Observability @ 4
AI @ 4
ClickHouse @ 4
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
Recognized on the 2025 Forbes Cloud 100 list, ClickHouse is a fast-growing private cloud company focused on real-time analytics, data warehousing, observability, and AI workloads. The Platform Auth team’s goal is to support a ‘one customer identity’ vision by providing tools, processes, and expertise for engineering teams to create a unified access management experience and standardize engineering patterns for authentication and authorization.
Responsibilities
- Design and build platform services that power authentication, authorization, and audit across ClickHouse Cloud, including a unified RBAC/ReBAC service, token issuance and session handling, and SDKs for product teams.
- Model permissions and access control primitives (resources, roles, relationships, policies) that work across ClickHouse products (ClickHouse, SQL Console, ClickPipes, HyperDX) and ship libraries and APIs for other engineers.
- Implement protocol-level support and integrations for SAML, SCIM, OIDC, OAuth2, and MFA/passwordless flows to enable enterprise SSO and provisioning.
- Build the audit and authorization-decision telemetry pipeline so access decisions are observable and queryable by customers.
- Partner with product engineering teams to migrate bespoke per-product auth implementations onto the shared platform and design adoption-friendly APIs.
- Participate in platform on-call rotation and own production reliability for systems on the critical path of customer requests.
Requirements
- Minimum 4+ years building production backend systems at scale.
- Comfort with at least one systems language (Go, Rust, C++) and one application language (TypeScript, Python).
- Hands-on experience designing and implementing an authentication or authorization service (examples: token issuer, OIDC/OAuth2 provider, policy engine, permissions model, FGA/ReBAC systems such as Zanzibar/OpenFGA/SpiceDB/Cedar).
- Working knowledge of SAML, SCIM, OIDC, and OAuth2 at the protocol level and ability to implement them.
- Experience designing APIs and SDKs that other engineers depend on, with strong opinions on adoptability.
- Experience operating distributed systems at scale, including caching strategies, consistency tradeoffs, and multi-region concerns.
- Familiarity with identity vendors (Auth0, WorkOS, AWS/GCP/Azure IAM) used as building blocks or integrated into larger platforms.
- Strong production debugging instincts and a high bar for systems that are easy to develop against.
Bonus
- Experience building or contributing to a Zanzibar-style authorization system, or running OpenFGA/SpiceDB beyond demo use.
- Designing multi-tenant permission models that address custom roles, hierarchies, delegation, and ABAC attributes.
- Shipping internal SDKs that product teams across an organization actually adopted, with opinions about why internal SDKs fail.
Compensation
- Typical starting salary for this role in the United States: $141,000 - $208,000 USD.
- Typical starting salary for US Premium Markets (e.g., San Francisco Bay Area, New York City Metro Area): $157,000 - $232,000 USD.
Benefits
- Flexible work environment; ClickHouse is globally distributed and remote-friendly.
- Employer contributions towards healthcare.
- Stock options for new team members.
- Flexible time off in the US and generous entitlement in other countries.
- $500 home office setup for remote employees.
- Global gatherings and company-wide offsites.
Culture
- As part of a rapidly scaling startup, employees help shape company culture. More information about values and company updates are available on ClickHouse's careers page and blog.
Equal Opportunity & Privacy
- ClickHouse provides equal employment opportunities and prohibits discrimination and harassment. See the applicant privacy notice for details.
More jobs at ClickHouse
Senior Software Engineer - Cloud Partner Integrations
ClickHouse · United States
USD 141,000-238,000 per year
Principal Product Manager, Security & Compliance
ClickHouse · United States
USD 180,000-265,000 per year
Director, Commercial Strategy & Operations
ClickHouse · United States
USD 225,000-275,000 per year
Senior Technical Program Manager, New Product Introduction
ClickHouse · United States
USD 160,000-240,000 per year
Senior Software Engineer - Python and Data Ecosystem
ClickHouse · United States
USD 141,000-208,000 per year
Similar jobs
Senior Full-Stack Lead Engineer
Nvidia · Santa Clara, United States
USD 224,000-356,500 per year
Staff+ Software Engineer, Claude App Infrastructure
Anthropic · San Francisco, United States, New York City, United States, Seattle, United States
USD 320,000-485,000 per year
Tech Lead Manager, Agentic Runtime
Glean · Mountain View, United States, San Francisco, United States
USD 250,000-300,000 per year
Staff Software Engineer, Identity & Access Management
Reddit · United States
USD 217,000-303,900 per year
Senior Software Engineer - Postgres
ClickHouse · United States
USD 140,000-230,000 per year
Senior Software Engineer (Backend) - AI/ML
ClickHouse · United States
USD 141,000-195,000 per year
Senior Fullstack Engineer - Observability Real User Monitoring (RUM)
Grafana Labs · United States, Canada
USD 164,500-197,400 per year
Senior Fullstack Engineer - Observability Real User Monitoring (RUM)
Grafana Labs · United States, Canada
USD 154,400-185,300 per year