Staff Software Engineer, Authentication and Security

Onebrief is collaboration and AI-powered workflow software designed specifically for military staffs. By transforming this work, Onebrief makes the staff as a whole superhuman - meaning faster, smarter, and more efficient.

We take ownership, seek excellence, and play to win with the seriousness and camaraderie of an Olympic team. Onebrief operates as an all-remote company, though many of our employees work alongside our customers at military commands around the world.

Founded in 2019 by a group of experienced planners, today, Onebrief’s team spans veterans from all forces and global organizations, and technologists from leading-edge software companies. We’ve raised $123m+ from top-tier investors, including Battery Ventures, General Catalyst, Insight Partners, and Human Capital, and today, Onebrief is valued at $1.1B. With this continued growth, Onebrief is able to make an impact where it matters most.

We’re hiring a Staff Software Engineer to design, build, and operate the authentication and identity systems that power our platform. This is a hands-on engineering role with a focus on reliability, scalability, and secure user experience. Our authentication stack is built on modern technologies including Keycloak, OIDC/SAML/LDAP integrations, and cloud-native infrastructure. We value strong problem-solving skills, sound engineering judgment, and a deep understanding of distributed systems and security principles.

You’ll work on high-impact systems including (but not limited to) identity provider integrations, access control frameworks, token management, and policy enforcement infrastructure. Expect to tackle challenges in federated identity, Attribute-Based Access Control (ABAC), multi-tenant authorization, session management, and fault-tolerant authentication flows. You’ll play a key role in shaping our authentication architecture and defining the long-term strategy for identity and access management across the platform.

If you enjoy thinking deeply about security trade-offs, scaling authentication systems, and building reliable identity foundations that balance usability with robust access control, you’ll thrive here.

• Design, build, and maintain authentication and identity services that power mission-critical platform access and authorization.

• Integrate and extend Keycloak to support complex identity provider (IdP) integrations, single sign-on (SSO), and federated authentication.

• Implement and evolve Attribute-Based Access Control (ABAC) frameworks to enable fine-grained, policy-driven authorization across systems.

• Work across the stack — from APIs and access tokens to infrastructure automation, deployment, and observability of authentication workflows.

• Diagnose and resolve reliability, latency, and scalability issues in production authentication and authorization flows.

• Collaborate on architecture and long-term strategy for secure, resilient, and high-availability identity systems.

• Implement and refine monitoring, auditing, and alerting for authentication and access events to ensure security visibility and compliance.

• Balance security, user experience, and delivery velocity, ensuring pragmatic decisions that maintain both product agility and engineering quality.

• 8+ years of experience as a Software Engineer

• Recent experience driving technical impact across teams and time horizons

• A record of leading multi-quarter initiatives and evolving system architecture

• Strong architectural judgment with a tight link to product and business outcomes

• Thoughtful, high-context communication thats driven by a desire for clarity, not control

• A pattern of multiplying others: through systems, standards, and mentorship

• The ability to move fast with judgment while knowing when to ship, and when to reshape

• Frontend: React, TypeScript, Vite, shared component libraries, client-side observability

• Backend: Node.js, PostgreSQL, Redis, secure RESTful APIs, distributed identity and access services

• Authentication & Authorization: Keycloak, OpenID Connect (OIDC), SAML 2.0, OAuth 2.0, Attribute-Based Access Control (ABAC), JSON Web Tokens (JWT), role and policy-based access frameworks, federated identity provider integrations (e.g., Okta, Active Directory, Keycloak, etc…)

• Infrastructure: Kubernetes, AWS, Terraform, CI/CD pipelines, container security and secrets management

• Integrations: CSV/Excel/KML importers, PDF exports, DoD and enterprise data systems, secure API gateways, and auditing pipelines

Notice to Third Party Recruitment Agencies
Please note that Onebrief does not accept unsolicited resumes from recruiters or employment agencies. In the absence of an executed Recruitment Services Agreement, there will be no obligation to any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without an agreement Onebrief explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, shall be deemed the property of Onebrief.