Staff Java Engineer (Platform / IAM & Administration)

As a Staff Engineer within the Nextiva Platform organization, focusing on Identity and Access Management (IAM) and platform data access, you will lead initiatives that ensure secure, compliant, and seamless access to critical systems and data across our SaaS offerings. You will design and evolve scalable IAM solutions and enforce data governance best practices that are integral to customer trust, platform integrity, and internal operations. 

The ideal candidate will be a technical leader with strong experience in IAM systems, authentication/authorization patterns, data access governance, and distributed platform architecture. Your role will include shaping the strategy and implementation of robust user access models, service identity, permissioning infrastructure, and compliance-driven controls at scale. 

Responsibilities:  

• Lead the design and development of secure, scalable IAM and access control mechanisms, including role-based access control (RBAC), attribute-based access control (ABAC), and fine-grained permissions systems
• Improve and maintain centralized authentication and authorization services (e.g., OAuth2, OIDC, SAML, SCIM integrations)
• Ensure secure-by-design principles are embedded across platform services and APIs with a focus on access patterns, identity federation, token lifecycle management, and user provisioning
• Drive architecture and code-level decisions to mitigate identity risks, reduce complexity, and improve the developer experience around secure access patterns
• Contribute to operational systems that support auditing, anomaly detection, access reviews, and governance reporting
• Be involved in every stage of the project - from ideation and system design to delivering products and features in a timely manner 
• Build robust, scalable, and maintainable software
• Improve code quality through writing unit tests, automation, and code reviews
• Apply and advocate for team coding, documenting and testing standard
• Lead code reviews and communicate application changes
• Provide technical leadership, mentorship and guidance to engineers on the team 
• Collaborate closely with internal teams as well as stakeholders 
• Implement and influence business and operational systems that support billing and usage monitoring needs

Basic Qualifications:

8-10+ years of experience building large-scale, secure SaaS platforms, with a strong focus on IAM, access management, and distributed systems. 

• Deep proficiency in Java, Spring Boot, and designing stateless backend services that integrate with identity providers (IdPs) and security frameworks
• Experience implementing authentication protocols (OAuth 2.0, OIDC, SAML), and designing systems that support single sign-on (SSO), multi-factor authentication (MFA), and Just-In-Time (JIT) provisioning
• Familiarity with access governance tools, secrets management, and key management systems  
• Hands-on experience with Kafka for distributed messaging and event-driven pipelines (e.g., audit logs, user session lifecycle, policy updates)
• Expertise with cloud infrastructure platforms (AWS/GCP) and IAM-related services such as IAM roles/policies, STS tokens, and cross-account identity
• Solid understanding of data privacy and regulatory compliance standards (e.g., SOC 2, GDPR, HIPAA) as they relate to access and identity

Preferred Skills:

• Experience building or integrating with IAM platforms (e.g., Okta, Auth0, ForgeRock, Keycloak)
• Knowledge of fine-grained data access control, masking policies, and dynamic authorization patterns at the data layer
• Experience developing or integrating policy-as-code solutions (e.g., OPA, Cedar, Rego)
• Familiarity with front-end identity contexts and modern frameworks like React and TypeScript for secure session and role propagation
• Deep understanding of zero trust architecture principles and secure service-to-service authentication

Additional Qualities to Have:  

• Demonstrated ownership of complex, cross-functional IAM and security initiatives. 
• Ability to abstract technical complexity into platform capabilities for use by product teams. 
• Strategic mindset with the ability to anticipate and access risks before they emerge. 
• Effective communicator, mentor, and partner to engineers and stakeholders across security, compliance, and product. 
• Passion for driving a culture of security and least-privilege access within a high-scale engineering organization 
• Self-motivation, dedication, and a commitment to meeting deadlines 
• Willingness to contribute as both a team player and an individual contributor 
• Eagerness to drive new projects, troubleshoot issues, and contribute to continuous improvement 

Nextiva DNA (Core Competencies)

Nextiva’s most successful team members share common traits and behaviors:

• Drives Results: Action-oriented with a passion for solving problems. They bring clarity and simplicity to ambiguous situations, challenge the status quo, and ask what can be done differently. They lead and drive change, celebrating success to build more success.
• Critical Thinker: Understands the "why" and identifies key drivers, learning from the past. They are fact-based and data-driven, forward-thinking, and see problems a few steps ahead. They provide options, recommendations, and actions, understanding risks and dependencies.
• Right Attitude: They are team-oriented, collaborative, competitive, and hate losing. They are resilient, able to bounce back from setbacks, zoom in and out, and get in the trenches to help solve important problems. They cultivate a culture of service, learning, support, and respect, caring for customers and teams.

Total Rewards 

Our Total Rewards offerings are designed to allow Nexties to take care of themselves and their families so they can be their best, in and out of the office. 

Our compensation packages are tailored to each role and candidate's qualifications. We consider a wide range of factors, including skills, experience, training, and certifications, when determining compensation. We aim to offer competitive salaries or wages that reflect the value you bring to our team. Depending on the position, compensation may include base salary and/or hourly wages, incentives, or bonuses. 

The expected hiring range is $115,000-$178,720. A different level in the job hierarchy may apply to a specific candidate, resulting in a different hiring range. 

• Health 🍏 - Multiple health plan options to suit your needs, including medical, dental, vision, and telemedicine coverage 
• Insurance 💼 - Life, disability, and supplemental indemnity plans 
• Work-Life Balance ⚖️ - Flexible Time Off (FTO) for salaried employees, PTO for hourly employees, Paid Sick Time (PST), paid parental bonding leave, and paid holidays 
• Financial Security 💰 - 401(k) with company match, Health Savings Accounts with company contributions, Dependent Care FSA 
• Wellness 🤸‍ - Employee Assistance Program and comprehensive wellness initiatives 
• Growth 🌱 - Access to ongoing learning and development opportunities and career advancement 

At Nextiva, we're committed to supporting our employees' health, well-being, and professional growth. Join us and build a rewarding career! 

Established in 2008 and headquartered in Scottsdale, Arizona, Nextiva secured $200M from Goldman Sachs in late 2021, valuing the company at $2.7B.To check out what’s going on at Nextiva, check us out on Instagram, Instagram (MX), YouTube, LinkedIn, and the Nextiva blog. 

Nextiva is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Nextiva participates in the E-Verify Program where and as required by law. For additional information about E-Verify visit USCIS. 

#LI-JG1   #LI-Remote