Staff Engineer – Authentication & Authorization (f/m/x)

Role Mission 

As a Staff Engineer for Authentication & Authorization, you will define and lead the identity and access strategy across Enpal’s digital and device ecosystem. 

This role is critical to ensuring that: 

• Millions of device, user, and service interactions are secure by design 

• Our platform scales safely across customers, partners, installers, and internal operations 

• Identity becomes a shared platform capability, not reinvented per team 

• We meet evolving compliance, privacy, and security requirements while maintaining developer velocity 

You will operate as both an architect and a hands-on engineer, shaping how identity, trust, and access are implemented across cloud services, IoT infrastructure, and customer-facing applications 

What You Will Do 

Define the Identity Architecture 

• Own the end-to-end authentication and authorization model across Enpal systems. 

• Design scalable identity solutions for: 

• Customer platforms and mobile/web apps 

• Internal operational tools and partner integrations 

• Machine-to-machine and event-driven communication 

• Establish patterns for multi-tenant identity and access control across markets and product lines 

Build a Secure-by-Default Platform 

• Lead implementation of modern protocols (OAuth2, OIDC, mTLS, SAML where required) 

• Define standards for: 

• Fine-grained authorization (RBAC / ABAC / policy-based access) 

• Secure API access and gateway enforcement 

• Create reusable libraries, SDKs, and guardrails that make the secure path the easiest path 

Drive Zero-Trust and Cloud-Native Security Practices 

• Design identity-aware infrastructure aligned with Zero Trust principles 

• Integrate authentication into our Azure and Kubernetes environments 

• Secure event-driven systems and messaging infrastructure 

• Collaborate with security teams on threat modeling and risk reduction 

Enable Teams Through Platform Thinking 

• Provide a shared identity platform used by multiple engineering domains 

• Reduce duplication by standardizing authentication flows and access decisions 

• Mentor teams on correct usage patterns and security best practices 

• Balance strong security guarantees with usability and developer experience 

Ensure Compliance, Privacy, and Auditability 

• Support GDPR-aligned identity handling and data minimization strategies 

• Implement traceable authorization decisions and audit logging 

• Contribute to regulatory and certification readiness