Senior Principal Security Engineer
Anaplan
Job Description
We are seeking a Senior Principal Engineer to lead the architectural evolution of our Product Security and Customer Identity & Access Management (CIAM) capabilities. In this role, you will define and execute the technical strategy for secure multi‑tenant isolation, modern identity migrations, and secure API‑to‑API communications across our highly distributed global SaaS platform. Responsibilities Security Architecture & Strategy: Lead the long‑term technical roadmap for platform‑wide security patterns, including multi‑tenant isolation, key lifecycle management, secure token issuance (JWT), secrets management, and robust API‑to‑API communication.
Modern Identity Engineering: Design and implement next‑generation CIAM solutions and secure backend services (using Java/Kotlin) to migrate from legacy IAM systems to modern, highly scalable identity platforms. Access Control & Policy Enforcement: Architect and operate declarative authorization systems utilizing policy‑as‑code engines (e.g., Open Policy Agent (OPA) with Rego‑based evaluation) for granular, high‑throughput access decisions. Platform Standardization: Influence company‑wide engineering standards and define best practices for secure‑by‑default software development.
Lead cross‑functional collaboration with core engineering teams (including API Gateway, Platform Security, and Infrastructure) to ensure consistent security postures. Technical Leadership & Mentorship: Guide, mentor, and elevate the maturity of the engineering organization, promoting secure coding practices and driving threat‑modeling initiatives. Qualifications – Identity, Access & Security Protocols Deep IAM/CIAM expertise: Significant software engineering experience in architecting and operating enterprise‑scale Identity and Access Management platforms.
Standard Federation Protocols: Expert‑level knowledge of OAuth2, OIDC, SAML, and SCIM user provisioning. Hands‑on Platform Experience: Comprehensive experience deploying and managing industry‑standard IAM platforms (e.g., Auth0, Keycloak, Ping Identity, or Ory). Policy‑as‑Code: Strong experience implementing and scaling fine‑grained authorization policies using Open Policy Agent (OPA), Rego, or similar policy engines.
Modern Access Control Expertise: Proven knowledge of RBAC, ABAC, and ReBAC using decoupled policy‑as‑code engines (such as OPA/Rego or AWS Cedar). LDAP/Active Directory Integration: Solid understanding of LDAP/AD integration patterns for enterprise user authentication and centralized group management. Digital Identity: Strong expertise in MFA, SSO, Passwordless, and identity protocols forming the foundation for authorization architectures.
Qualifications – Software Engineering & Distributed Systems Backend Engineering: Proven experience building high‑throughput, low‑latency secure microservices in JVM‑based languages (Java or Kotlin). System Reliability at Scale: Solid understanding of highly available (HA/DR) distributed systems, observability (metrics, logs, traces), and SRE principles. API Security & Gateways: Deep experience securing API architectures and designing edge security patterns (e.g., rate limiting, token exchange, and mutual TLS).
Legacy Migration: Demonstrated ability to untangle and reverse‑engineer complex monolithic legacy applications, extract undocumented business rules, and translate them into modern, decoupled policy‑as‑code authorization architectures. Qualifications – Compliance, Environment & Leadership Regulated Environments: Experience building, operating, and auditing identity solutions in compliance‑heavy or regulated cloud environments (e.g., FedRAMP Moderate/High). Identity Migrations: Proven track record of successfully executing seamless, zero‑downtime migrations from legacy directory services or monolithic IAM systems to modern distributed CIAM frameworks.
Cross‑Functional Leadership: Strong communication, presentation, and alignment skills, with a history of driving complex technical initiatives across multiple business units and executive stakeholders. Our Commitment to Diversity, Equity, Inclusion & Belonging (DEIB) We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce, enhances trust with our partners and customers, and drives business success.
Build your career in a place where diversity, equity, inclusion and belonging aren’t just words on paper – this is how we innovate, connect, and maintain our competitive edge. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request accommodation. #J-18808-Ljbffr