Staff Software Engineer - Internal Access Management

Location: Remote, United States Employment Type: Full-Time Department: Engineering Compensation: CA$225.1K - CA$264.5K - Offers Equity At Confluent, we are dedicated to offering competitive pay and benefits that align with industry standards. We consider various factors in determining compensation, including work history, education, professional experience, and location. Actual pay may vary based on skills, qualifications, experience, and work location. Additionally, Confluent provides a wide range of employee benefits. Overview At Confluent, we are not just creating better technology; we are transforming the way data flows and enhancing global capabilities. Our platform enables near real-time information streaming, allowing companies to respond faster, be more innovative, and deliver dynamic experiences that adapt to the ever-changing world. This role calls for individuals who are curious, ask challenging questions, and provide constructive feedback. We value teamwork and humility—no egos, just smart, inquisitive individuals collaborating towards a greater purpose. About the Role: We are looking for a Staff Software Engineer to shape the technical direction, architecture, and implementation for Internal Access Management at Confluent. This pivotal role requires in-depth knowledge of distributed systems, cloud security, authentication, and authorization frameworks guided by policies. As the domain authority, you will define how Confluent implements least privilege, oversees workload identity, sets access boundaries, and ensures secure, auditable authorization across all engineering systems. You will collaborate with Security, Product, and Engineering teams to establish a comprehensive access strategy. What You Will Do: Set and guide the long-term architecture and development plan for Internal Access Management in Kubernetes and multi-cloud frameworks. Design and implement least privilege, just-in-time access, and zero-trust models throughout Confluent services. Create and enhance scalable authorization workflows and lifecycle management systems utilizing technologies like OPA, cloud IAM policies, workload identity, and internal enforcement engines. Fortify security boundaries through threat modeling, defense-in-depth practices, and comprehensive access auditing. Work alongside cross-functional teams, including Platform, Kafka, Observability, Developer Productivity, Release Engineering, and SRE, to promote the adoption of secure identity and access patterns. Mentor senior engineers, elevate engineering practices, and influence architectural decisions across the organization. Effectively communicate complex technical decisions and align stakeholders across engineering and security sectors. What You Will Bring: 10+ years of engineering experience, including 4+ years focused in security, IAM, or distributed systems. Expertise in Kubernetes, workload identity, cloud IAM (AWS, GCP, Azure), and zero-trust architectures. A strong grasp of authentication technologies: IAM, OAuth2, OIDC, policy engines, and contemporary zero-trust principles. A proven history of leading multi-team technical initiatives at a Staff or Senior Staff level. Solid understanding of distributed systems, cloud infrastructure, container orchestration, and service mesh. Exceptional communication and stakeholder-influence skills across engineering and security domains. What Gives You an Edge: Experience in leading cross-organizational security platform architecture projects. A background in creating developer-focused authentication and authorization platforms. Ready to build what's next? Join us in this exciting journey. Come As You Are Belonging is fundamental here. We thrive across time zones and diverse backgrounds, believing the best ideas emerge from varied perspectives. We create an environment where everyone can lead, grow, and push boundaries. We are proud to be an equal opportunity employer. Employment decisions are made based on job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by law.

Created: 2026-03-10