We're looking for a Staff Engineer to join our Identity & Access Management (IAM) platform team. This is an individual contributor role with outsized technical scope: you'll be the technical anchor for how Xsolla builds secure, high-scale auth infrastructure — setting direction, making hard architectural calls, and raising the bar across the org.
You will own the strategy behind authentication, authorization, and session management at scale, and evolve our OAuth 2.0 / OIDC flows and token lifecycle to meet both product and compliance needs. You operate with significant autonomy, but your decisions ripple across teams — so you'll spend real time building buy-in with engineering and security stakeholders, not just designing in isolation.
You are technically deep, calm under pressure, and comfortable being the escalation point when production IAM issues get hard. You write the RFCs and design docs that people actually read, and you create leverage for the broader engineering org through documentation, tooling, and mentorship — without needing a management title to do it.
Responsibilities
- Own IAM Architecture & Strategy — Own the technical strategy and architecture of our IAM platform, covering authentication, authorization, and session management at scale.
- Design Auth Protocols — Design and evolve our OAuth 2.0 / OIDC flows, token lifecycle, and security primitives to meet both product and compliance requirements.
- Drive Cross-Team Technical Decisions — Drive decisions on protocol design, data modeling, and platform reliability, and build buy-in across engineering and security teams.
- De-Risk Proactively — Identify systemic risks and performance bottlenecks; lead initiatives to resolve them before they become incidents.
- Set Engineering Standards — Define engineering standards, review critical code and designs, and create leverage for the team through documentation, tooling, and mentorship.
- Align with Stakeholders — Collaborate with product, security, and infra teams to align on roadmap and translate business needs into well-scoped technical plans.
- Own Production Escalations — Serve as the go-to escalation point for complex production issues in the IAM domain.
Requirements
- OAuth 2.0 / OIDC Depth — Deep understanding of OAuth 2.0, OIDC, and related auth flows: authorization code + PKCE, client credentials, device flow, token introspection, refresh strategies.
- Web Security Fundamentals — Solid grasp of cookie security, CSRF, XSS, token storage, TLS, and secure session management.
- Production IAM Experience — Experience designing or operating production-grade IAM or auth systems.
- Go Engineering — Strong Go (Golang) engineering skills: idiomatic code, concurrency patterns, performance profiling.
- Distributed Systems — Experience with distributed systems and their trade-offs (consistency, availability, failure modes).
- PostgreSQL — Schema design, query optimization, migrations at scale.
- Kubernetes — Deploying, operating, and debugging services in a k8s environment.
- Message Streaming — Kafka or NATS — event-driven patterns, consumer groups, at-least-once delivery.
- Git & CI/CD — Git and modern CI/CD practices.
- Cross-Team Initiative Leadership — Proven ability to lead multi-quarter technical initiatives across teams.
- Architectural Influence — Track record of influencing architecture and standards beyond your immediate team.
- Written & Verbal Communication — You write RFCs and design docs that people actually read.
Identity & Security
Backend Engineering
Data & Infrastructure
Leadership
Nice to Have
- Hands-on experience with the Ory ecosystem (Hydra, Kratos, Keto) — operating it in production or building on top of its APIs
- Experience with CockroachDB or other distributed SQL databases (multi-region deployments, clock skew handling, survivability trade-offs)
- Familiarity with compliance requirements relevant to IAM: SOC 2, ISO 27001, GDPR data minimization, audit logging
- Contributions to open-source security or identity projects
- Experience building or integrating with SCIM, SAML, or enterprise SSO (LDAP / Active Directory)
- Background in platform or infrastructure engineering — building systems other engineers build on top of
- Hands-on, up-to-date experience with modern AI tools (e.g. Claude, Copilot, Cursor) for code generation, review, and accelerating day-to-day engineering work
Skills Required
- Deep understanding of OAuth 2.0 and OIDC (authorization code + PKCE, client credentials, device flow, token introspection, refresh strategies)
- Web security fundamentals (cookie security, CSRF, XSS, token storage, TLS, secure session management)
- Experience designing or operating production-grade IAM or authentication systems
- Strong Go (Golang) engineering skills including idiomatic code, concurrency patterns, performance profiling
- Experience with distributed systems and trade-offs (consistency, availability, failure modes)
- PostgreSQL schema design, query optimization, and migrations at scale
- Deploying, operating, and debugging services in Kubernetes
- Message streaming experience (Kafka or NATS), event-driven patterns, consumer groups, at-least-once delivery
- Git and modern CI/CD practices
- Proven ability to lead cross-team, multi-quarter technical initiatives
- Track record of influencing architecture and engineering standards across teams
- Strong written and verbal communication; produces clear RFCs and design docs
- Hands-on experience with the Ory ecosystem (Hydra, Kratos, Keto)
- Experience with CockroachDB or other distributed SQL databases (multi-region deployments, clock skew handling)
- Familiarity with compliance for IAM: SOC 2, ISO 27001, GDPR data minimization, audit logging
- Contributions to open-source security or identity projects
- Experience building or integrating with SCIM, SAML, or enterprise SSO (LDAP / Active Directory)
- Background in platform or infrastructure engineering
- Hands-on, up-to-date experience with modern AI tools for code generation/review (e.g., Claude, Copilot, Cursor)
Xsolla Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Xsolla and has not been reviewed or approved by Xsolla.
-
Fair & Transparent Compensation — Pay is considered fair or good in many cases, with mentions of high salary or being paid well in certain roles and markets. Market-aligned ranges for several U.S. roles indicate base pay is not out of step with peers.
-
Healthcare Strength — Health coverage is described as comprehensive for full-time employees and families, with employer-paid medical, dental, and vision noted in some U.S. postings. Positive remarks on medical coverage appear on dedicated benefits pages.
-
Leave & Time Off Breadth — Flexible or unlimited paid time off is repeatedly highlighted, alongside parental leave and remote or hybrid flexibility. These elements contribute to an overall package that many view as solid.
Xsolla Insights
What We Do
Xsolla's video game business engine helps game developers and publishers operate more efficiently and sell more games. Serving only the video game industry, Xsolla caters to businesses from indie to enterprise, with solutions that solve the complexities of distribution, marketing, and monetization so developers, publishers, and platform partners. Our goal is to increase your audience, sales and revenue. Headquartered in Los Angeles, with offices worldwide, Xsolla operates as a merchant and seller of record for major gaming entities like Valve, Twitch, Ubisoft, Epic Games, and PUBG Corporation.







