Staff Software Engineer, Identity and Access Management

Are you ready to power the World's connections?

If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.

About the role:
Kong is building the future of API management for developers. We’re a fast-growing, well-funded company with happy customers and motivated employees. Insomnia, acquired in 2019, is a full-lifecycle API development platform that has quickly become an integral part of Kong’s product portfolio.
As a Staff Software Engineer on the Konnect team at Kong, you’ll architect Kong Identity's multi-tenant identity platform supporting complex organizational hierarchies, cross-tenant isolation, and enterprise-grade security controls.

What you'll do:

• Design and implement advanced token management systems, including refresh token rotation, proof-of-possession tokens, and custom token introspection with real-time revocation capabilities.

• Lead development of Kong Identity's extensible claims engine supporting dynamic attribute resolution, contextual claim injection, and complex business logic evaluation at token issuance.

• Architect global identity infrastructure with edge optimization, intelligent token caching, and cross-region replication strategies for sub-millisecond authentication latency worldwide.

• Design sophisticated rate limiting, anomaly detection, and fraud prevention systems to protect against credential stuffing, token abuse, and distributed attacks.

• Build enterprise identity federation capabilities, including SAML bridge patterns, external IdP chaining, and custom protocol adapters for legacy system integration.

• Lead technical strategy for Kong Identity's developer experience, including SDKs, webhooks, audit logging, and real-time analytics dashboards for token lifecycle visibility.

• Architect advanced client management systems supporting dynamic client registration, automated credential rotation, and programmatic policy enforcement.

• Design Kong Identity's plugin architecture enables custom grant flows, protocol extensions, and third-party integrations while maintaining security boundaries.

• Drive implementation of compliance frameworks (SOC 2, FedRAMP, GDPR), including comprehensive audit trails, data residency controls, and privacy-preserving token designs.

• Lead technical initiatives for Kong Identity's integration with observability platforms, supporting distributed tracing, metrics collection, and security event correlation.

• Mentor engineering teams on advanced identity concepts including zero-trust architectures, workload identity, and service mesh integration patterns.

What you'll bring:

• 7+ years of experience building production identity platforms at leading identity providers or enterprise software companies, with proven track record of handling millions of authentication requests daily.

• Deep expertise in advanced OAuth 2.0 extensions (PKCE, mTLS, JWT bearer assertions, token exchange), OpenID Connect profiles, and emerging standards like OAuth 2.1 and GNAP.

• Proven experience architecting multi-tenant identity platforms with complex isolation requirements, tenant-specific configurations, and enterprise feature sets.

• Strong background in cryptographic protocols including advanced JWT patterns, key rotation strategies, Hardware Security Module (HSM) integration, and post-quantum cryptography considerations.

• Experience building identity platforms with sophisticated analytics, real-time monitoring, and security event detection capabilities at enterprise scale.

• Expertise in global identity infrastructure including edge deployment strategies, geo-distributed token validation, and cross-region data consistency patterns.

• Deep understanding of enterprise identity integration patterns including SAML federation, LDAP/AD bridges, SCIM provisioning, and custom protocol adapters.

• Proven track record building developer-first identity platforms including comprehensive SDKs, webhook systems, and extensible API designs.

• Experience with identity platform security including threat modeling, penetration testing coordination, and implementation of advanced attack prevention mechanisms.

• Strong background in compliance and regulatory requirements for identity systems including audit trail design, data residency controls, and privacy engineering.

• Experience building identity platforms supporting complex organizational structures, delegated administration, and fine-grained permission models.

• Expertise in high-performance system design including horizontal scaling strategies, caching architectures, and latency optimization for identity operations.

• Knowledge of service mesh identity patterns, workload identity bootstrapping, and integration with container orchestration platforms.

• Experience with identity protocol extensions, custom grant flows, and building extensible identity platforms that support diverse use cases.

• Proven ability to lead technical initiatives in complex, regulated environments while balancing innovation with security and compliance requirements.

About Kong:

Kong Inc., a leading developer of cloud API technologies, is on a mission to enable companies around the world to become “API-first” and securely accelerate AI adoption. Kong helps organizations globally — from startups to Fortune 500 enterprises — unleash developer productivity, build securely, and accelerate time to market. For more information about Kong, please visit www.konghq.com or follow us on X @thekonginc.

Compensation Range: CA$163.7K - CA$245.8K