Staff Software Engineer I - Internal Access Management
Confluent1 months ago
Location
Remote, United States
Workplace
Remote
Type
Full Time
Salary
CAD 225,100 – 264,500
Level
Staff
Role
Staff Software Engineer
Posted
Jan 16, 2026
Full TimeRemoteStaff
The role
Summary
Confluent is seeking a Staff Software Engineer to lead Internal Access Management, architecting zero-trust security models across Kubernetes and multi-cloud environments. The role involves building scalable access authorization systems using OPA, cloud IAM, and workload identity while collaborating with cross-functional teams to implement enterprise-grade security boundaries and authentication frameworks.
What you'll do
Architecture Leadership: Define and drive long-term architecture and roadmap for Internal Access Management across Kubernetes and multi-cloud environments
Zero-Trust Implementation: Architect and implement least privilege, just-in-time access, and zero-trust models across all Confluent services
Access Authorization Systems: Build and evolve scalable access-authorization workflows and lifecycle management systems using OPA, cloud IAM policies, and workload identity
Security Boundaries: Strengthen security boundaries through threat modeling, defense-in-depth practices, and comprehensive access-auditing capabilities
Cross-Functional Collaboration: Partner with Platform, Kafka, Observability, Developer Productivity, Release Engineering, and SRE teams to drive adoption of secure identity patterns
Technical Mentorship: Mentor senior engineers, elevate engineering standards, and influence architectural decisions across the organization
Stakeholder Communication: Communicate complex technical decisions clearly and align stakeholders across engineering and security domains
Domain Ownership: Own the complete Internal Access Management domain including policy enforcement, audit trails, and compliance requirements
What we look for
Technical
Kubernetes ExpertiseDeep expertise in Kubernetes, workload identity, and container orchestration
Cloud IAM MasteryStrong experience with AWS, GCP, and Azure identity and access management services
Authentication TechnologiesDeep understanding of IAM, OAuth2, OIDC, policy engines, and zero-trust principles
Distributed SystemsStrong knowledge of distributed systems, cloud infrastructure, and service mesh architectures
Security FrameworksExperience with security platform architecture and cross-organizational security initiatives
Education
Bachelor's DegreeBachelor's degree in Computer Science, Engineering, or related technical field preferred
Experience
Senior Engineering Experience10+ years of software engineering experience with proven track record of technical leadership
Security/IAM Specialization4+ years focused experience in security, IAM, or distributed systems architecture
Staff-Level LeadershipProven track record leading multi-team technical initiatives at Staff or Senior Staff level
Cross-Functional InfluenceDemonstrated ability to influence and collaborate across engineering and security domains
Skills
Required skills
Kubernetes AdministrationExpert-level knowledge of Kubernetes deployment, scaling, and security configurations
Cloud IAM PlatformsHands-on experience with AWS IAM, GCP IAM, and Azure Active Directory
Zero-Trust ArchitectureDeep understanding of zero-trust security principles and implementation patterns
Policy EnginesExperience with Open Policy Agent (OPA), Rego policy language, and policy-driven access control
Authentication ProtocolsExpertise in OAuth2, OIDC, SAML, and modern authentication standards
Distributed Systems DesignStrong foundation in designing scalable, fault-tolerant distributed systems
Security ArchitectureExperience with threat modeling, security boundaries, and defense-in-depth strategies
Technical LeadershipProven ability to lead complex technical initiatives and mentor senior engineers
Nice to have
Apache Kafka ExperienceFamiliarity with Kafka ecosystem and event-driven architecture patterns
Service Mesh TechnologiesExperience with Istio, Linkerd, or similar service mesh implementations
SPIFFE/SPIREKnowledge of SPIFFE specification and SPIRE implementation for workload identity
HashiCorp VaultExperience with Vault for secrets management and dynamic credential provisioning
Infrastructure as CodeProficiency with Terraform, Pulumi, or similar IaC tools for cloud resource management
Compliance FrameworksUnderstanding of SOC 2, ISO 27001, PCI DSS, and other security compliance standards
Compensation & benefits
Salary
CAD 225,100 – 264,500 (annual)
Stock options
Available
Benefits
Equity Compensation
Stock options and equity participation in Confluent's growth
Remote Work Flexibility
Fully remote position with flexible working arrangements across time zones
Professional Development
Opportunities for technical growth, conference attendance, and skill development
Inclusive Culture
Equal opportunity workplace with emphasis on belonging and diverse perspectives
Healthcare Benefits
Comprehensive health, dental, and vision insurance coverage
Learning Budget
Annual budget for books, courses, and professional development resources
Interview process
- 1Initial Screening — 30-minute phone/video call with talent acquisition to discuss background, interest, and basic qualifications
- 2Technical Phone Screen — 45-minute technical discussion with senior engineer focusing on distributed systems, security architecture, and past experience
- 3System Design Interview — 90-minute session designing a large-scale access management system with focus on zero-trust principles and cloud-native architecture
- 4Technical Deep Dive — 60-minute interview with engineering manager discussing specific IAM technologies, Kubernetes security, and policy engine implementation
- 5Cross-Functional Panel — 60-minute panel interview with representatives from Security, Platform, and Product teams to assess collaboration and communication skills
- 6Leadership Interview — 45-minute discussion with senior leadership about technical vision, mentorship approach, and alignment with company values
- 7Final Interview — 30-minute conversation with hiring manager covering team dynamics, growth opportunities, and mutual expectations
Apply for this position
You'll be redirected to the company's application page
More Jobs at Confluent
36 other open positions
Software Engineer
MidGB Remote United KingdomRemote
Senior Software Engineer II - Kafka Client
SeniorIN Remote India
Software Engineer- Cloud Traffic
JuniorCA Office Toronto
Engineering Manager - CC UI Apps (Kafka, Governance, and Tableflow)
ManagerRemote, Ontario, CanadaRemote
Senior Software Engineer II
SeniorRemote, IndiaRemote
Confluent
View all jobs
Confluent is an American data streaming platform company based on Apache Kafka.
Mountain View, California, United StatesFounded 2014confluent.io
Tech Stack
Languages
GoPythonJava
Frameworks
KubernetesOAuth2/OIDCService Mesh (Istio)
Databases
Apache KafkaPostgreSQLRedis
Tools
Open Policy Agent (OPA)TerraformAWS IAM/GCP IAM/Azure ADHelmVault
Other
Zero-Trust ArchitectureWorkload IdentitySPIFFE/SPIRE
Interview Guides
14 guides available for Confluent
Apply Now