Why SimSpace? We are an organization that is focused on building our culture and mindfully enhancing our atmosphere every day which is why we have collaborated on an integral value system. Our governing philosophy of being Human Centered is deeply embedded within our value system. We apply this philosophy to every one of our internal team members, external clients, and their customers.

How Do We Work? We believe that people are at the center of everything we do. SimSpace fosters a culture of continuous learning, curiosity, and professional growth. That belief shows up in action: in-house training, internal and external learning platforms, cyber conferences, industry events, and dedicated time for skill development. Our people are empowered to shape their careers - and it shows. Year over year, SimSpace consistently outperforms industry benchmarks in internal mobility, promotions, and total rewards growth.

Who Thrives Here? We are a team of innovators, protectors, and problem-solvers. We believe diversity of thought and experience fuels better solutions, and we’re committed to building teams that reflect the communities we serve. Whether you’re remote or office-based, you’ll collaborate with talented colleagues across departments and time zones, united by the mission to create a safer digital world.

We invite you to apply today!

We are looking for a Staff Software Engineer, Identity & Access Management, to serve as the technical authority for identity, authentication, and authorization across the SimSpace platform. The ideal candidate will possess deep expertise in designing and building secure, scalable software systems, a strong foundation in modern IAM concepts, and the ability to drive technical direction across teams in a complex, security-focused environment.

In this position, you'll own the architecture and technical strategy for the IAM stack, partnering with engineering teams across the organization to establish authn/authz standards and ensure consistent, secure access patterns throughout the SimSpace platform. The focus is on software engineering leadership — designing and building the services that underpin identity and access management at SimSpace, solving hard problems, and raising the engineering bar across the team. Specifically, this position will be responsible for:

• Identity Provider architecture and service development built on Keycloak

• Authorization policy design and enforcement using a Relationship-Based Access Control (ReBAC) model implemented in Topaz/OPA

• Design and development of IAM-adjacent services including directory services, user management, and other platform integrations that augment the core identity stack

• Cross-team authn/authz standards, patterns, and platform integrations

What will you be doing as a Staff Software Engineer, IAM at SimSpace?

• Define and own the technical architecture for authentication and authorization across the SimSpace platform, ensuring systems are secure, scalable, and maintainable.

• Lead the design and development of Keycloak-based identity infrastructure, including federation, SSO, token management, and multi-tenant identity flows — multi-tenancy is a core architectural concern and experience designing systems with strong tenant isolation is highly valued.

• Design and build the authorization layer for the SimSpace platform — including policy enforcement using a Relationship-Based Access Control (ReBAC) model (currently implemented with Topaz/OPA), authorization services, and the software infrastructure needed to deliver consistent, fine-grained access control across platform services. An understanding of ReBAC and how it differs from RBAC and ABAC models is essential.

• Design and build new services that extend and augment the IAM stack — including directory services, user management services, and other components that integrate with or enhance Keycloak and Topaz.

• Establish and evangelize cross-team authn/authz standards, providing technical guidance to engineering teams consuming IAM services to ensure correct and secure integration patterns.

• Partner with technical leaders across the organization to translate business and security requirements into clear technical roadmaps and executable implementation plans.

• Lead project scoping and estimation for new initiatives — breaking down ambiguous requirements into well-defined work, producing credible SWAGs early in the process, and driving planning that the team can execute against with confidence.

• Identify and drive resolution of systemic technical risk, performance bottlenecks, and security gaps within the IAM stack.

• Actively contribute to architectural review processes, raising the quality bar across the broader engineering organization.

• Mentor and grow senior engineers on the IAM team, sharing deep expertise in software design, identity protocols, and security patterns.

Who you are:

• Experienced Staff or Senior Software Engineer with a strong background in building platform or infrastructure services, with meaningful exposure to identity and access management concepts.

• Proven ability to design, build, and ship production-grade distributed services — comfortable owning the full software development lifecycle from architecture through delivery.

• Solid understanding of authentication protocols (OAuth 2.0, OIDC, SAML) and authorization patterns, with enough hands-on experience to make sound engineering decisions around identity systems.

• Experience with Keycloak or comparable identity providers is a plus; willingness to develop deep expertise in Keycloak, Topaz/OPA, and adjacent technologies is essential.

• Demonstrated ability to drive technical standards and architectural decisions across multiple teams, balancing idealism with pragmatic delivery.

• Strong project scoping and estimation instincts — able to SWAG a new initiative quickly, break it into meaningful milestones, and produce plans that are realistic without being over-engineered. Contributes actively to quarterly planning cycles, helping the team arrive at commitments that are grounded in technical reality.

• Strong communicator who can translate complex security and identity concepts for both technical and non-technical audiences.

• Proficient in modern software engineering practices: API design, service decomposition, testing strategies, and CI/CD.

• Experience with Kubernetes and modern container-based infrastructure as the environment in which these services operate. Comfort with self-hosted, on-premises infrastructure is a strong plus — SimSpace operates its own data centers and candidates should be prepared for the operational realities that come with that.

• Comfortable operating with ambiguity — at the Staff level, the roadmap isn't always fully defined, and this role is expected to help shape it. We're looking for someone who drives clarity rather than waiting for it.

• Experience working in security-sensitive or compliance-driven environments (DoD, FedRAMP, SOC 2, or similar) is a strong plus.

We’re proud to offer a competitive and comprehensive package designed to support your well-being, growth, and success:

• Compensation. Base salary range: $185,000 - $260,000, reflecting our confidence in your expertise and impact, with the opportunity for annual bonuses tied to company performance and individual contributions.

• Health & Wellness. Comprehensive medical, dental, and vision benefits, plus savings plans—coverage starts on day one!

• Mental Health Support. Access to company-paid counseling, coaching, and resources for you and your family through Spring Health.

• Financial Well-Being. Plan for your future with a 401(k)-retirement savings plan featuring a company match.

• Flexible Time Off. Take the time you need with unlimited vacation and dedicated health & wellness days. SimSpace provides flexible solutions to meet the diverse work-life needs of team members.

• Parental Leave. Paid leave plans to support you and your loved ones during life’s most important moments.

• Ownership Opportunities: Equity stock options at hire, with annual performance-based grants—become an invested stakeholder in our shared success.

• Referral Rewards: Earn $1,500–$3,500 for every qualified hire through our employee referral program.

• Peloton Interactive Wellness Program: Full- and partial- subsidized membership plans and equipment discounts to help you reach your personalized fitness goals.

• Continuous Learning: Access a LinkedIn Learning membership to prioritize your personal and professional development.

• Social Connections: Monthly reimbursements for meaningful connections with teammates through our SocialSpace Community.

• Extra Perks: Legal plan coverage, pet insurance, wellness reimbursements, and more to simplify life’s details.

SimSpace is an Equal Opportunity Employer:

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

SimSpace is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws. We are committed to providing an inclusive and welcoming environment for all members of our staff, clients, volunteers, subcontractors, vendors, and clients.

Research shows that women and people from underrepresented groups only apply to jobs if they meet all of the qualifications. However, no one ever meets 100% of the qualifications. SimSpace encourages you to break that statistic and to apply. We look forward to your application!

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact careers@simspace.com.

SimSpace does not accept unsolicited resumes from employment agencies.

Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range.