ZapierSr. Fullstack Engineer - Identity Platform
AI at Zapier. Zapier's Identity Platform team builds the authentication, session management, and credential infrastructure foundation for enterprise SaaS. Senior Fullstack Engineer to own the foundation, drive strategic direction, and unlock enterprise deals. What you'll work on: Enterprise authentication infrastructure; User session auth across services; Enterprise authentication controls and compliance; Platform APIs that other teams depend on. Level: Senior Engineer. About you: You've set the vision and built identity systems for enterprise SaaS at scale. Not configured them, built them. You have hands-on experience with SAML, SCIM, OAuth/OIDC, or JWT in a multi-tenant SaaS environment. You understand authentication at a protocol level, not a checkbox level. You've dealt with token replay, session fixation, key rotation under load, multi-IdP federation, just-in-time provisioning, or identity linking across auth methods in real systems serving real users. You know what breaks when an organization with 5,000 employees connects their IdP to your platform for the first time. You are a thought leader in the Identity domain who proactively follows industry trends and Enterprise user management best practices. You work through AI agents, not alongside them. Your daily development workflow is built around directing and reviewing agent-written code, not writing it by hand. You have opinions about which models to use for which tasks, you've hit real failure modes and built mitigations, and your workflow is actively evolving. When you hit unfamiliar territory, you don't slow down; you point your agent at the codebase, research the domain, and draft a plan. Then you build a POC or working prototype to demonstrate the concept in hours, not iterate on a planning doc for days. You jump into unfamiliar codebases, use your agent to map the landscape, and ship draft MRs or integration proposals within days. At this level, that means going into other teams' code when an integration is blocked, not waiting for their capacity. You think in platforms, not features. You've built systems other engineering teams depend on. You know what it means to ship a breaking change to an internal API, maintain backward compatibility under pressure, and write contracts that hold up as the organization scales. You understand the cost of coupling and the discipline of good boundaries. You're comfortable across the stack. This is a fullstack role on a platform team. You'll write backend services in Python and Node.js, work with Django and Fastify, touch React when building admin tooling or developer-facing UIs, and navigate infrastructure concerns like Kubernetes, Terraform, and CI/CD pipelines. You don't need to be an expert in all of these, but you can't be afraid of any of them. You believe enterprise can move fast, and you ship through ambiguity to prove it. You've seen (or want to prove) that shipping to enterprise customers doesn't have to mean slow, waterfall-style cycles. When there's no spec, no designs, and no clear path forward, your first instinct is to gather evidence, break the problem into a narrow first slice, and get rough working software into production within days, not weeks. You use working prototypes to drive alignment rather than waiting for consensus. You see compliance, security, and rollout considerations as interesting design constraints, not reasons to slow down. You're comfortable throwing work away when direction changes and you treat discarded work as a fast learning loop, not a loss. You work close to the customer. Customer for this team means enterprise buyers evaluating Zapier's security posture and internal engineering teams integrating with your APIs. You pull from both; reviewing customer security questionnaires, sitting in on enterprise calls, reading support tickets, and talking directly to engineers who consume your platform. You’ll also work closely with customer support teams to provide them with the tools and processes to troubleshoot customer issues and incidents. You own your work, yourself, and your communication. You take initiative without waiting for permission and ship fast and share early. You manage up and across in an async-first culture, flagging risks, surfacing decisions, and keeping stakeholders informed without being asked. You use written artifacts, working demos, and rough prototypes as your primary communication tools, not meetings. You also own your mistakes, your gaps, and your role in friction, openly. You say I dont know and I was wrong out loud, early, and without shame. Things youll do: Design and maintain authentication and session systems (SAML, SCIM, OAuth/OIDC, MFA, login, sign-up, 2FA, user provisioning) as Zapier scales to larger and more security-conscious customers. Own user session propagation and JWT validation across a multi-service architecture spanning Python, Node.js, and Go. Build enterprise authentication controls and governance APIs: forced SSO, domain capture, credential lifecycle, admin authentication policies. Build and maintain platform libraries consumed by dozens of internal teams. Treat reliability, latency, and efficiency of auth systems as non-negotiables; build the monitoring, observability, and audit logging to back that up. Respond to authentication-related incidents and participate in on-call rotation. Enable Security, Enterprise Response, and product team partners to move faster by removing auth bottlenecks and proactively surfacing what they need. Join yearly company retreats that rotate to various cities throughout North America. Application Deadline: The anticipated application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later, or if the position is filled. Even though we’re an all-remote company, we still need to be thoughtful about where we have Zapiens working. Check out this resource for a list of countries where we currently cannot have Zapiens permanently working.