Senior Software Engineer (Authentication & Identity)

Remote must be in the United States

Must be a US Citizen with the ability to obtain Secret Clearance required

@Orchard LLC is seeking an experienced Software Engineer to be the Lead Identity & Security Developer and to join a specialized 5-person product team. Your job is to build the security DNA of our product from scratch—writing the Python code that allows autonomous agents to navigate sensitive data pipelines securely.

Our client is inventing a new class of AI-driven data integration platforms. They use multi-agent systems to automate mission-critical workflows for government and enterprise applications.

Abou the role: Build, Don’t Just Configure

This is a pure backend engineering role. You will be the resident expert on authentication and authorization systems within the product codebase. You will bridge the gap between internal product security and the platform environment it runs on, ensuring that when a platform engineer deploys our tool, it is "secure by design."

Key focuses include:

• Architecting from Scratch: Building an authentication/authorization system within our tool (think: building the functionality of KeyCloak into the product).
• Fine-Grained Control: Managing user roles, groups, permissions, and pass-through credentials for both human users and AI agents.
• Integration: Engineering seamless handshakes with external systems like Active Directory, IAM, and SSO providers.
• Python Mastery: Developing high-performance middleware and SDKs to enforce security across distributed and air-gapped environments.

Your background, you are…

• A Solid Python Developer: You have deep experience building production-level backend services.
• An Identity Specialist: You haven't just used OAuth2 or OIDC; you understand the mechanics under the hood. You’ve built RBAC/ABAC models from the ground up.
• Tool Agnostic: You are familiar with the "Identity Stack" (Vault, KeyCloak, AWS IAM, Azure Key Vault) but prefer writing code to solve problems.
• Clearance Ready: You are a U.S. Citizen. While an active clearance isn't required to start, you’re excited by the opportunity to engage with classified systems and debug in high-security environments.

Why Join Us?

• High Impact: You are the Lead for Identity on a tight-knit team of five. Your architectural decisions will define the security posture of our AI platform.
• True Remote Culture: Work from anywhere in the U.S.
• High-Touch Hiring: We’ve had false starts before, so we’re doing things differently. If the initial phone interview goes well, we will fly you in to meet the whole team in person. We want to ensure we're the right fit for you, and you're the right fit for us.

Your background and qualifications

• 4+ years of backend engineering with a focus on Auth/Identity.
• Expertise in Python and API design.
• Deep knowledge of OAuth2, OIDC, SAML, and SSO.
• Experience with multi-tenant application design and tenant isolation.
• U.S. Citizenship (required for clearance eligibility).

Desired Qualifications (Plus Factors)

• Experience building or integrating authorization frameworks or policy engines. (e.g., OPA, Cedar, Zanzibar-inspired systems)
• Experience designing authorization for dynamic systems. (e.g., agent-based systems, workflow engines, or plugin architectures)
• Experience implementing relationship-based or context-aware access control models.
• Experience supporting on-prem or air-gapped deployments.
• Experience with enterprise identity integrations in complex environments.
• Experience working in high-assurance or regulated environments.
• Familiarity with secrets management tools. (e.g., Vault)
• Exposure to compliance frameworks. (SOC2, FedRAMP, etc.)
• Advanced degree in Computer Science or related field.
• Active security clearance

Compensation: The compensation for this role is based on a number of factors, primarily your credentials, experience and demonstrated capabilities. The base salary is expected to be the in the range $145,000 – $155,000.

Interview process; what to expect. While this is a remote role within the United States we value meeting our team members. Therefore, in addition to a video technical screen, you can expect to be required to come meet with the team in Northern Virginia, if selected for the latter stages of the interview process. We believe meeting in person is a critical step in ensuring cohesion, even for remote teams.

Established in 2010, @Orchard LLC has an exceptional reputation, providing staffing solutions to time-sensitive, talent scarcity issues to deliver better talent management ROI.  Our specialty lies in the critical area of program talent acquisition and resource management, not in one narrow skillset, but across many areas of technical and functional delivery. To learn more about our other exciting opportunities, visit our Jobs Page at www.atOrchard.com.