Staff Software Engineer, Identity Platform

ABOUT THE ROLE You'll own Gamma's identity and authentication infrastructure as we scale beyond 100 million users. This means architecting the systems that enable secure authentication for every user interaction, building OAuth flows that power integrations with platforms like ChatGPT and Claude, and leading our migration to a modern identity platform. Your work will touch every user and enable critical partnerships that define how Gamma fits into the broader ecosystem. As a Staff Engineer focused on identity, you'll balance hands-on engineering with strategic technical leadership. You'll design authentication systems that balance security, usability, and performance, partner with security and compliance teams to meet SOC 2 and GDPR requirements, and establish best practices for authentication across Gamma's engineering organization. Our team has a strong in-office culture and works in person 4–5 days per week in San Francisco. We love working together to stay creative and connected, with flexibility to work from home when focus matters most. WHAT YOU'LL DO - Own Gamma's end-to-end authentication and authorization systems, ensuring security, reliability, and excellent user experience - Lead the technical strategy and execution for migrating 100M+ users from AWS Cognito to a modern identity platform - Design and implement OAuth 2.0 and OpenID Connect flows that enable Gamma to act as an identity provider for third-party integrations - Build and maintain SSO integrations (SAML, OIDC) for enterprise customers - Partner with security and compliance teams to ensure identity systems meet SOC 2, GDPR, and regulatory requirements - Collaborate with product and engineering teams to implement authentication features like MFA, passkeys, and session management WHAT YOU'LL BRING - 8+ years of software engineering experience with at least 3 years focused on identity, authentication, or security systems - Deep expertise with OAuth 2.0, OpenID Connect, SAML, and modern authentication protocols, including hands-on experience acting as an OAuth provider and implementing authorization servers - Proven track record executing large-scale identity migrations (millions of users) with zero downtime - Strong understanding of identity providers (Cognito, Auth0, WorkOS, Okta) and their tradeoffs, with expert knowledge of authentication security best practices including password hashing, token management, credential storage, and session security - Ability to partner across engineering, security, and product to establish authentication standards and best practices organization-wide - Experience with WebAuthn, FIDO2, and passwordless authentication, building developer-facing authentication SDKs or APIs, or working at a high-growth SaaS company with enterprise customers (Nice to have) COMPENSATION RANGE: The base salary for this full-time position, which spans multiple internal levels depending on qualifications, ranges between $230K - $310K plus benefits & equity. Final offer amounts are determined by multiple factors, including but not limited to experience and expertise in the requirements listed above. If you're interested in this role but you don't meet every requirement, we encourage you to apply anyway! We're always excited about meeting great people.