Staff Software Engineer, Authentication and Security

About Onebrief

Onebrief is collaboration and AI-powered workflow software designed specifically for military staffs. By transforming this work, Onebrief makes the staff as a whole superhuman - meaning faster, smarter, and more efficient.

We take ownership, seek excellence, and play to win with the seriousness and camaraderie of an Olympic team. Onebrief operates as an all-remote company, though many of our employees work alongside our customers at military commands around the world.

Founded in 2019 by a group of experienced planners, today, Onebrief’s team spans veterans from all forces and global organizations, and technologists from leading-edge software companies. We’ve raised $123m+ from top-tier investors, including Battery Ventures, General Catalyst, Insight Partners, and Human Capital, and today, Onebrief is valued at $1.1B. With this continued growth, Onebrief is able to make an impact where it matters most.

About the role

We’re hiring a Staff Software Engineer to design, build, and operate the authentication and identity systems that power our platform. This is a hands-on engineering role with a focus on reliability, scalability, and secure user experience. Our authentication stack is built on modern technologies including Keycloak, OIDC/SAML/LDAP integrations, and cloud-native infrastructure. We value strong problem-solving skills, sound engineering judgment, and a deep understanding of distributed systems and security principles.

You’ll work on high-impact systems including (but not limited to) identity provider integrations, access control frameworks, token management, and policy enforcement infrastructure. Expect to tackle challenges in federated identity, Attribute-Based Access Control (ABAC), multi-tenant authorization, session management, and fault-tolerant authentication flows. You’ll play a key role in shaping our authentication architecture and defining the long-term strategy for identity and access management across the platform.

If you enjoy thinking deeply about security trade-offs, scaling authentication systems, and building reliable identity foundations that balance usability with robust access control, you’ll thrive here.

What you'll do

• Design, build, and maintain authentication and identity services that power mission-critical platform access and authorization.

• Integrate and extend Keycloak to support complex identity provider (IdP) integrations, single sign-on (SSO), and federated authentication.

• Implement and evolve Attribute-Based Access Control (ABAC) frameworks to enable fine-grained, policy-driven authorization across systems.

• Work across the stack — from APIs and access tokens to infrastructure automation, deployment, and observability of authentication workflows.

• Diagnose and resolve reliability, latency, and scalability issues in production authentication and authorization flows.

• Collaborate on architecture and long-term strategy for secure, resilient, and high-availability identity systems.

• Implement and refine monitoring, auditing, and alerting for authentication and access events to ensure security visibility and compliance.

• Balance security, user experience, and delivery velocity, ensuring pragmatic decisions that maintain both product agility and engineering quality.

What we look for

• 8+ years of experience as a Software Engineer

• Recent experience driving technical impact across teams and time horizons

• A record of leading multi-quarter initiatives and evolving system architecture

• Strong architectural judgment with a tight link to product and business outcomes

• Thoughtful, high-context communication thats driven by a desire for clarity, not control

• A pattern of multiplying others: through systems, standards, and mentorship

• The ability to move fast with judgment while knowing when to ship, and when to reshape

Core tech we use

• Frontend: React, TypeScript, Vite, shared component libraries, client-side observability

• Backend: Node.js, PostgreSQL, Redis, secure RESTful APIs, distributed identity and access services

• Authentication & Authorization: Keycloak, OpenID Connect (OIDC), SAML 2.0, OAuth 2.0, Attribute-Based Access Control (ABAC), JSON Web Tokens (JWT), role and policy-based access frameworks, federated identity provider integrations (e.g., Okta, Active Directory, Keycloak, etc…)

• Infrastructure: Kubernetes, AWS, Terraform, CI/CD pipelines, container security and secrets management

• Integrations: CSV/Excel/KML importers, PDF exports, DoD and enterprise data systems, secure API gateways, and auditing pipelines