HighLevel
Website:
gohighlevel.com
Job details:
As a Staff Engineer on the Users team, you will be the technical anchor for identity, access, auditing, notifications, and security foundations across our multi-tenant SaaS platform. This role is not about feature velocity - it's about building systems that are correct, resilient, and safe by default and enabling other teams to move fast without breaking trust. You'll work closely with EMs, Product, and other engineers to design and evolve core primitives such as users, roles, permissions, tokens, tenant isolation, auditing, and notifications - at scale.
Responsibilities
- Design and evolve secure multi-tenant architectures (Agency Account App or equivalent hierarchy) for 100k+ agencies.
- Define and enforce tenant isolation guarantees at data, API, and infra levels.
- Build and review authorization models (RBAC / ABAC / hybrid).
- Own token systems (API keys, OAuth flows, JWTs, scoped tokens, rotation, expiry).
- Design fine-grained scopes for internal APIs, public APIs, and partner integrations.
- Map scopes, permissions, and resources consistently.
- Prevent over-scoped tokens and privilege escalation.
- Lead security-critical backend designs (authorization boundaries, impersonation, and auditability).
- Set patterns for secure-by-default APIs used by internal and external teams.
- Partner with Infra/Security teams on Secrets management, Key rotation, Rate limiting and abuse prevention, and Compliance readiness (SOC2 style thinking).
- Act as a multiplier: raise the security bar across engineering via reviews, RFCs, and mentoring.
Requirements
- 8+ years of backend engineering experience.
- Proven experience building secure, multi-tenant SaaS platforms.
- Deep understanding of: Authorization models (RBAC, ABAC), OAuth2 / JWT / API key systems, Threat modeling and security tradeoffs.
- Strong system design skills - especially for long-lived platforms Be comfortable owning ambiguous, high-impact areas.
Nice To Have
- Experience designing platforms used by multiple internal teams.
- Security reviews, incident learnings, or compliance exposure.
- Experience with large-scale migrations (auth or identity-related).
- Background in developer platforms or core infrastructure teams.
This job was posted by CS Srinivas Rao from HighLevel.
Click on Apply to know more.