Temporal is hiring a Senior Software Engineer for Identity to help design, build, and operate the identity and access systems behind Temporal Cloud — a multi-tenant SaaS platform. You'll work on the systems that authenticate users and workloads, authorize access to namespaces and APIs, and integrate with customer identity providers. You'll partner with Security, Product, and infrastructure teams to deliver "secure by default" capabilities while keeping the developer and operator experience strong.
What You'll Do- Build and improve core parts of Temporal Cloud's identity platform — authentication (OAuth 2.0/OIDC, SAML), authorization (RBAC and policy-based access), and workload identity — so customers and workloads can authenticate securely
- Help keep the auth path fast and reliable to meet Temporal Cloud's SLOs through caching, token handling, and revocation strategies
- Integrate with enterprise identity providers (Okta, Entra ID, Google Workspace) and support user provisioning (SCIM), with attention to common identity threats such as token replay and privilege escalation
- Partner with Security, Product, and platform teams to ship secure-by-default patterns and contribute to IAM lifecycle and audit practices
- Write clear architecture and design docs, and contribute to the team's technical direction
- Solid hands-on experience building and operating production identity or auth systems — OAuth 2.0/OIDC, SAML, JWT, and token/key rotation
- Good understanding of authorization models (RBAC, ABAC); familiarity with policy engines like OPA, Cedar, or OpenFGA is a plus
- Experience operating distributed systems in production, including some on-call responsibility
- Proficiency in Go; experience with Python, Java, or Rust is a plus
- Strong communication skills and the ability to collaborate across security, product, and engineering teams
- Exposure to workload identity or short-lived / federated credentials (SPIFFE/SPIRE, mTLS, WIF)
- Experience with SCIM provisioning and enterprise SSO integrations
- Contributions to identity OSS projects (Keycloak, Ory, Dex, OpenFGA, SPIRE)
- Familiarity with compliance frameworks (SOC 2, ISO 27001, HIPAA) as they apply to IAM
- Familiarity with Temporal or other durable-execution engines, especially auth implications around workers and task queues
- Experience designing customer-facing API auth (scoped tokens, API keys, rotation)
- Base Salary Range - $212,000 to $237,000, depending on qualifications and location
- Equity Options - Eligible for stock options as part of Temporal's equity plan
- Unlimited PTO, 12 Holidays + 2 Floating Holidays
- 100% Premiums Coverage for Medical, Dental, and Vision
- AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)
- Empower 401K Plan
- Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!
Paid Time Off (PTO) and Benefits outside the United States vary by country, and are issued in partnership with Remote.com. Additionally, Temporal offers perks to all international employees for learning & career development, a lifestyle spending account, in-home office setup (in addition to company-issued hardware), professional memberships, work-from-home meals, and access to the Calm app for mental wellness.
Travel
Temporal is a globally distributed, collaborative team that values opportunities for in-person connection. Occasional travel may be required for company events, team offsites, and other meaningful moments that bring us together.
- $3,600 / Year Work from Home Meals
- $1,800 / Year Professional Enrichment (Career Development & Professional Memberships)
- $1,200 / Year Lifestyle Spending Account
- $1,000 / Year In-Home Office Setup (In addition to Temporal issued equipment - laptop, monitor, keyboard, mouse, trackpad, and extension power cable at no cost to you)
- $74 / Month Reimbursement for Internet
- Calm App Subscription for Mental Health & Wellness
Skills Required
- Hands-on experience building and operating production identity/auth systems (OAuth 2.0/OIDC, SAML, JWT, token/key rotation)
- Good understanding of authorization models (RBAC, ABAC)
- Familiarity with policy engines like OPA, Cedar, or OpenFGA
- Experience operating distributed systems in production, including on-call responsibility
- Proficiency in Go
- Experience with Python, Java, or Rust
- Strong communication skills and ability to collaborate across security, product, and engineering teams
- Exposure to workload identity or short-lived/federated credentials (SPIFFE/SPIRE, mTLS, WIF)
- Experience with SCIM provisioning and enterprise SSO integrations
- Contributions to identity open-source projects (Keycloak, Ory, Dex, OpenFGA, SPIRE)
- Familiarity with compliance frameworks (SOC 2, ISO 27001, HIPAA) as they apply to IAM
- Familiarity with Temporal or other durable-execution engines and API auth design (scoped tokens, API keys, rotation)
Temporal Technologies Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Temporal Technologies and has not been reviewed or approved by Temporal Technologies.
-
Healthcare Strength — Healthcare coverage is described as 100% employer-paid for medical, dental, and vision, with AD&D, short- and long-term disability, and life insurance included. Feedback suggests this breadth and cost coverage is a strong differentiator for a remote-first employer.
-
Leave & Time Off Breadth — Time off includes unlimited PTO alongside 12 standard holidays and 2 floating holidays. Feedback suggests this structure supports rest and recharge across teams.
-
Wellbeing & Lifestyle Benefits — Wellbeing and remote-work support include a home office stipend, internet reimbursement, WFH meals, Calm app access, a lifestyle spending account, and learning/professional membership budgets. Feedback suggests these perks enhance overall total rewards beyond base pay.
Temporal Technologies Insights
What We Do
Temporal develops and distributes the world's leading open source durable execution system. We make code fault tolerant, durable and simple. Innovative companies like Datadog, Glovo, Indeed, Netflix, Qualtrics, Remitly, Snap and Yum! Brands build their services and applications with Temporal to make them reliable to run, productive to enhance and easy to troubleshoot and repair. More than a decade in the making, Temporal is powered by veterans behind some of the industry's most loved systems technologies, programming frameworks and open source communities as well as investors like Amplify Partners, Sequoia Capital and Index Ventures.
