Senior Staff Software Engineer, Identity Platform
About the role
We’re looking for a Senior Staff Software Engineer to join our Identity Platform team. This role is a hybrid position requiring 3 days per week in the office and is only open to candidates located or willing to relocate to San Francisco, CA.
Responsibilities
- Define and evolve the end-to-end identity architecture spanning authentication, authorization, session management, and token lifecycle across consumer and enterprise contexts.
- Establish trust boundaries, integration contracts, and platform primitives that make the secure path the default path for every team consuming identity services.
- Make principled build-vs-integrate decisions across vendor systems, owning the tradeoffs and migration paths.
- Design repeatable, self-service enterprise identity onboarding (SSO, SCIM provisioning, multi-tenant trust) so that each new partnership does not require bespoke integration.
- Architect federation and provisioning patterns that support GoFundMe’s growing enterprise and nonprofit partnerships.
- Own the consumer identity lifecycle including account continuity, progressive trust, confidence scoring, and anonymous-to-authenticated transitions.
- Build identity resolution capabilities (visitor stitching, account linking, confidence-weighted models) that power personalization and fraud prevention.
- Own the identity platform technical roadmap, prioritizing initiatives based on user impact, enterprise requirements, compliance obligations, and technical feasibility.
- Set integration standards and publish platform APIs and SDKs that enable product engineering teams to consume identity correctly without absorbing auth complexity.
- Mentor engineers across the Identity team and the broader Platform Tribe; raise the bar on system design, security thinking, and operational rigor.
- Contribute to system reliability through on-call participation, incident response leadership, and postmortem-driven improvements to identity infrastructure.
- Communicate architecture decisions, tradeoffs, and roadmap progress clearly to engineering leadership, product partners, and cross-functional stakeholders.
Requirements
- 8+ years of software engineering experience, with significant time at senior, staff, or principal levels working on platform or infrastructure systems.
- Deep, hands-on expertise with identity protocols and standards: OAuth 2.x, OpenID Connect, SAML 2.0, and SCIM.
- Track record of designing and shipping identity or auth platforms that other engineering teams depend on in production.
- Experience architecting systems using federation standards, session/token management patterns, and well-defined trust boundaries, with an eye toward minimizing the cost of future change.
- Strong security instincts: you threat-model as you design, understand credential risk and account takeover patterns, and build systems where the secure path is the easy path.
- Proficiency in relational database design and data modeling for identity systems, including schema evolution strategies for high-availability environments.
- Demonstrated ability to lead projects from ambiguity through delivery, balancing technical depth with business context and keeping teams aligned across organizational boundaries.
- Strong observability and reliability skills: experience with monitoring, alerting, and incident response for mission-critical identity infrastructure.
Preferred
- Hands-on experience with commercial identity platforms (Descope, Auth0/Okta, Ping, or comparable) in production, including migration between providers.
- Experience spanning both enterprise and consumer identity contexts, such as at fintech, SaaS, payments, or identity-forward companies.
- Familiarity with advanced authorization models: RBAC, ABAC, ReBAC, or policy engines such as OPA/Cedar.
- Experience with compliance and audit requirements relevant to identity systems (SOC 2, PCI DSS, GDPR, CCPA) and data residency considerations.
- Practical experience deploying and operating identity services on cloud infrastructure (AWS, GCP, or Azure) at scale.
- Contributions to identity standards bodies, open-source identity projects, or published thought leadership in the IAM space.
Benefits
Competitive pay, comprehensive healthcare benefits, financial assistance for things like hybrid work, family planning, along with generous parental leave, flexible time-off policies, and mental health and wellness resources to support your overall well-being.
Schedule
This is a hybrid role that requires 3 days per week at the office.
Pay
The annual U.S. salary range for this full-time position is $233,500 - $321,200. The company also offers equity and other benefits to employees, including healthcare, dental, vision, life insurance and 401(k) saving program. In addition to this wage, there are geolocation differentials that will increase pay depending on the work location. Additionally pay may vary depending on other factors including skills, experience, education, or training.
Contact
If you require a reasonable accommodation to complete a job application or a job interview or to otherwise participate in the hiring process, please contact us at accommodationrequests@gofundme.com.
Global Data Privacy Notice for Job Candidates and Applicants
Depending on your location, the General Data Protection Regulation (GDPR) or certain US privacy laws may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here. By submitting your application, you are agreeing to our use and processing of your data as required.