Staff Software Engineer – Identity and Access, Identity Squads
Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 7
Go @ 4
Grafana @ 4
Kubernetes @ 3
Prometheus @ 3
TypeScript @ 4
Distributed Systems @ 4
Leadership @ 4
Communication @ 7
React @ 4
Technical Leadership @ 4
OAuth @ 4
Compliance @ 4
OpenTelemetry @ 3
Observability @ 4
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
Grafana Labs is the company behind the open observability cloud and Grafana Cloud — a fully managed observability platform trusted by millions of users and thousands of customers. We are a 100% remote company with a global engineering organization. The Identity and Access team manages authentication and authorization across Grafana’s open-source and proprietary codebases. The Identity squad owns the authentication layer and implements protocols such as MCP OAuth (OAuth 2.1), OIDC, SAML, LDAP, and SCIM. The team is redesigning Grafana’s authentication at the edge, impacting millions of users and requiring careful attention to latency and reliability.
This role is available for candidates located in the UK, Germany, Spain, Ireland and Sweden.
Responsibilities
- Set the technical direction for the Identity squad’s authentication systems and own the technical architecture, including the edge authentication redesign.
- Lead the design and implementation of large-scale, multi-quarter initiatives that span multiple services and teams and sit on critical user interaction paths.
- Spend approximately 55% of time on backend development (Golang), 25% on technical leadership and cross-team collaboration, and 20% on operations and reliability.
- Mentor and develop senior engineers, provide technical guidance and design feedback, and support professional growth.
- Serve as a technical authority for identity protocols at Grafana and drive alignment on how OAuth, OIDC, SAML, LDAP, and SCIM are implemented and evolved.
- Drive cross-team technical alignment on authentication standards, patterns, and best practices across the engineering organization.
- Represent Grafana Labs at meetups and conferences and contribute to the broader identity and authentication community.
- Work effectively in a remote-first environment using video calls; strong communication and independent attitude required.
Requirements
- Deep, proven expertise in distributed systems engineering with Go (Golang) and a track record of owning and delivering large-scale production systems end-to-end.
- Demonstrated ability to define technical direction and drive architectural decisions independently with organization-wide impact.
- Extensive experience building and operating low-latency, high-throughput services in distributed, multi-tenant environments.
- Proven track record of leading and delivering complex, multi-quarter initiatives spanning multiple teams or systems.
- Ability to mentor and develop senior engineers and elevate technical quality across the team.
- Strong understanding of SLOs, SLIs, error budgets, and designing systems that balance reliability, security, and product velocity.
- Excellent written and verbal communication skills in English.
- Expert-level understanding of modern identity standards and threat models (OAuth 2.x / 2.1, OIDC, SAML) and how to implement them securely at scale.
Bonus
- Familiarity with Kubernetes.
- TypeScript / React experience.
- Experience working with OpenFGA and KiFederate IDP.
- Experience in security-critical environments.
- Experience contributing to or maintaining open source projects.
- Familiarity with observability tooling (Grafana, Prometheus, OpenTelemetry).
Benefits
- In Spain, the base compensation range for this role is €94,000 - €117,000 (country-specific compensation ranges apply; recruiters will discuss market-specific pay ranges for other locations).
- Equity and potential bonus (if applicable) and other benefits (link provided in the original posting).
- 100% remote company culture, global collaboration, and career growth pathways.
- In-person onboarding to help new hires integrate with the team.
- Global annual leave policy: 30 days per annum (with 3 days reserved for Grafana Shutdown Days) and compliance with local legislation where applicable.
- Transparent, innovation-driven environment and approachable leadership.