Staff Software Engineer, Identity and Access Management

Kong Inc.

Job Overview

Location

Toronto

Job Type

Full-time

Full Job Description

📋 Description

• As a Staff Software Engineer on the Konnect team at Kong, you will architect Kong Identity's multi-tenant identity platform supporting complex organizational hierarchies, cross-tenant isolation, and enterprise-grade security controls.
• You will design and implement advanced token management systems, including refresh token rotation, proof-of-possession tokens, and custom token introspection with real-time revocation capabilities.
• You will lead development of Kong Identity's extensible claims engine supporting dynamic attribute resolution, contextual claim injection, and complex business logic evaluation at token issuance.
• You will architect global identity infrastructure with edge optimization, intelligent token caching, and cross-region replication strategies for sub-millisecond authentication latency worldwide.
• You will design sophisticated rate limiting, anomaly detection, and fraud prevention systems to protect against credential stuffing, token abuse, and distributed attacks.
• You will build enterprise identity federation capabilities, including SAML bridge patterns, external IdP chaining, and custom protocol adapters for legacy system integration.
• You will lead technical strategy for Kong Identity's developer experience, including SDKs, webhooks, audit logging, and real-time analytics dashboards for token lifecycle visibility.
• You will drive implementation of compliance frameworks (SOC 2, FedRAMP, GDPR), including comprehensive audit trails, data residency controls, and privacy-preserving token designs.
• You will mentor engineering teams on advanced identity concepts including zero-trust architectures, workload identity, and service mesh integration patterns.
• Kong is building the future of API management for developers. We’re a fast-growing, well-funded company with happy customers and motivated employees. Insomnia, acquired in 2019, is a full-lifecycle API development platform that has quickly become an integral part of Kong’s product portfolio.
• Kong Inc., a leading developer of API and AI connectivity technologies, is building the infrastructure that powers the agentic era. Trusted by the Fortune 500 and startups alike, Kong's unified API and AI platform, Kong Konnect, enables organizations to secure, manage, accelerate, govern, and monetize the flow of intelligence across APIs and AI models.

🎯 Requirements

• 7+ years of experience building production identity platforms at leading identity providers or enterprise software companies, with proven track record of handling millions of authentication requests daily.
• Deep expertise in advanced OAuth 2.0 extensions (PKCE, mTLS, JWT bearer assertions, token exchange), OpenID Connect profiles, and emerging standards like OAuth 2.1 and GNAP.
• Proven experience architecting multi-tenant identity platforms with complex isolation requirements, tenant-specific configurations, and enterprise feature sets.
• Strong background in cryptographic protocols including advanced JWT patterns, key rotation strategies, Hardware Security Module (HSM) integration, and post-quantum cryptography considerations.
• Experience building identity platforms with sophisticated analytics, real-time monitoring, and security event detection capabilities at enterprise scale.
• Expertise in global identity infrastructure including edge deployment strategies, geo-distributed token validation, and cross-region data consistency patterns.

🏖️ Benefits

• Opportunity to work on cutting-edge identity and access management systems at a fast-growing, well-funded company.
• Chance to lead technical initiatives and mentor engineering teams on advanced identity concepts.
• Exposure to compliance frameworks including SOC 2, FedRAMP, and GDPR.
• Work with a company trusted by the Fortune 500 and startups alike, powering the agentic era through API and AI connectivity.

Skills & Technologies

OAuth

JWT

Senior

Onsite

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Kong Inc.

Visit Website

About Kong Inc.

Kong Inc. is a San Francisco-based software company that develops an open-source API gateway and service connectivity platform. The company offers Kong Gateway, Kong Mesh, and Konnect cloud services to manage, secure, and observe microservices and APIs across clouds and data centers. Founded in 2007 as Mashape, it rebranded to Kong in 2017. Kong’s technology provides traffic control, authentication, rate limiting, and analytics for modern distributed architectures, supporting organizations in digital transformation and cloud-native adoption.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.