Staff Software Engineer, Identity & Access Management

at Reddit
πŸ“ United States
USD 217,000-303,900 per year
SENIOR
βœ… Remote

Used Tools & Technologies

PostgreSQL

Required Skills & Competences

Security @ 4 Docker @ 4 Go @ 4 Kubernetes @ 4 DevOps @ 7 TypeScript @ 4 Python @ 4 SQL @ 4 Java @ 4 Distributed Systems @ 4 Hiring @ 4 AWS @ 4 Communication @ 7 Networking @ 8 API @ 4 OAuth @ 4 Audit @ 4 Compliance @ 4 Agile @ 7 Observability @ 4 AI @ 4

Details

Reddit is a community of communities. As a Staff Software Engineer within the SPACE org (Security, Privacy, Assurance, and Corporate Engineering), you will play a critical role on the Identity & Access Management (IAM) team. In this role you will design, deliver, and support the lifecycle of digital identities, authentication, and access across Reddit, partnering closely with cross-functional teams to build scalable solutions that align with business priorities and regulatory standards.

Responsibilities

  • Engineering & Integration: Develop, scale and maintain Reddit’s core IAM internal identity capabilities, platforms and infrastructure. Design and deploy high-quality API integrations and custom enterprise IGA connectivity solutions.
  • Observability & Data Analytics: Build proactive monitoring frameworks, executive-friendly dashboards, and advanced alerting. Use synthetic transactions and anomaly detection to measure system availability and use identity data to track license utilization and drive platform adoption.
  • Process & Compliance: Create and maintain documentation, audit logs, and reports to continuously improve business processes and ensure seamless compliance execution.
  • Operations & Support: Troubleshoot complex production incidents, analyze failure conditions, and perform root-cause analysis to support a 24x7 operation.
  • Collaboration & Mentorship: Guide global, cross-functional partners on IAM best practices while raising the engineering bar through code reviews, technical standards, and optimized workflows.

Technologies we use

  • Languages: Go, Python, Java, TypeScript, SQL
  • Datastores: Postgres, Directory architectures (e.g., LDAP)
  • Tools: Docker, Kubernetes, AWS, SailPoint, Okta
  • Protocols & Concepts: OAuth, OIDC, SAML, IGA, MFA, PAM/PIM, JIT (just-in-time) access

Requirements / What We Are Looking For

  • 10+ years of backend development experience across multiple layers of the stack (databases, networking, efficient computing).
  • In-depth corporate IAM experience covering the full workforce identity lifecycle (Joiner, Mover, Leaver, Access Requests, and Certifications).
  • Ability to design and implement complex distributed systems operating under high load.
  • Proficiency in Go, Python, Java, or TypeScript, with a strong DevOps mindset and end-to-end code ownership (testing, monitoring, deploying, and maintaining).
  • Deep understanding of modern authentication protocols (OAuth, OIDC, SAML) and secure-by-design principles.
  • Hands-on familiarity with enterprise identity solutions including IGA, MFA, PAM/PIM, JIT and Directory architectures (Okta, LDAP, SailPoint).
  • Familiarity with governance and compliance frameworks (SOC2, SOX, PCI), including driving audit-related access certification reviews.
  • Strong collaborative communication skills, experience working in Agile environments, and a continuous learning mindset.

Benefits

  • Comprehensive healthcare benefits and income replacement programs
  • 401(k) with employer match
  • Global benefit programs (workspace, professional development, caregiving support)
  • Family planning support and gender-affirming care
  • Mental health & coaching benefits
  • Flexible vacation & paid volunteer time off
  • Generous paid parental leave

Pay Transparency

  • Base salary range (U.S.): $217,000 - $303,900 USD
  • This role may also be eligible for equity (restricted stock units) and, depending on position, commission.

Interview & Privacy

  • In select roles and locations, interviews may be recorded, transcribed and summarized by AI; candidates may opt out prior to scheduled interviews. The company will collect certain categories of personal information during interviews and will delete recordings promptly after a hiring decision, per the Candidate Privacy Policy.