Staff Engineer - Authentication & Authorization (f/m/x)

Job Description

As a Staff Engineer for Authentication & Authorization, you will define and lead the identity and access strategy across Enpal’s digital and device ecosystem.

Why This Role Matters

• Millions of device, user, and service interactions are secure by design.
• The platform scales safely across customers, partners, installers, and internal operations.
• Identity becomes a shared platform capability, not reinvented per team.
• We meet evolving compliance, privacy, and security requirements while maintaining developer velocity.

You will operate as both an architect and a hands‑on engineer, shaping how identity, trust, and access are implemented across cloud services, IoT infrastructure, and customer‑facing applications.

What You Will Do

Define the Identity Architecture

• Own the end‑to‑end authentication and authorization model across Enpal systems.
• Design scalable identity solutions for customer platforms and mobile/web apps, internal operational tools and partner integrations, machine‑to‑machine and event‑driven communication.
• Establish patterns for multi‑tenant identity and access control across markets and product lines.

Build a Secure‑by‑Default Platform

• Lead implementation of modern protocols (OAuth2, OIDC, mTLS, SAML where required).
• Define standards for fine‑grained authorization (RBAC / ABAC / policy‑based access), secure API access and gateway enforcement.
• Create reusable libraries, SDKs, and guardrails that make the secure path the easiest path.

Drive Zero‑Trust and Cloud‑Native Security Practices

• Design identity‑aware infrastructure aligned with Zero Trust principles.
• Integrate authentication into Azure and Kubernetes environments.
• Secure event‑driven systems and messaging infrastructure.
• Collaborate with security teams on threat modeling and risk reduction.

Enable Teams Through Platform Thinking

• Provide a shared identity platform used by multiple engineering domains.
• Reduce duplication by standardizing authentication flows and access decisions.
• Mentor teams on correct usage patterns and security best practices.
• Balance strong security guarantees with usability and developer experience.

Ensure Compliance, Privacy, and Auditability

• Support GDPR‑aligned identity handling and data minimization strategies.
• Implement traceable authorization decisions and audit logging.
• Contribute to regulatory and certification readiness.

Qualifications

Required Experience

• 8+ years in software engineering, including experience designing distributed systems.
• Proven experience designing or operating authentication and authorization systems at scale.
• Strong background in cloud‑native architectures and microservices.
• Hands‑on experience implementing identity protocols such as OAuth2, OIDC, or similar.
• Experience designing secure service‑to‑service communication patterns, translating security requirements into practical engineering solutions.
• Comfortable with Azure, Kubernetes, Terraform.
• Clear communication in English, spoken and written. Knowledge of German a plus.
• Motivated by the energy transition and eager to make a difference.
• Desire to work in an environment that values empowerment, initiative and continuous improvement.
• Embraces agile and lean values: people over processes, code over documentation, MVP mindset.

Benefits & Perks

• Hybrid work model – office or home, flexible.
• Inclusive, diverse team with over 65 nationalities.
• Onboarding includes team meet‑ups and sessions with leadership.
• Active feedback culture and continuous learning through events and all‑hands meetings.
• Dynamic work environment with amenities (ping‑pong, yoga corners, rooftop terrace, stocked fridges).

We are proud of the diversity of our team. No decisions are made on the basis of skin colour, religion or religious belief, ethnic or national origin, nationality, gender identity, sexual orientation, disability or age, either during recruitment or employment. Enpal stands for a safe workplace and takes action against discrimination and harassment of any kind.