Backend Engineer - Authorisation & RBAC Systems

Before you apply

• Remote from Brazil
• CVs must be submitted in English
• Good written and spoken English is required

About the role

We are looking for an experienced backend engineer who wants real ownership. This role is centred on one of the hardest problems in modern software: authorisation at scale.

You will lead the design and evolution of our authorisation layer, defining how users, teams and organisations securely access and collaborate on complex, high-value data. Your work will sit at the core of the platform and will directly influence performance, security and developer experience.

This is not a feature factory role. You will shape systems, make trade-offs, and build foundations that other teams rely on.

What you will do

• Own the architecture and implementation of a fine-grained authorisation system for B2B products
• Design and evolve permission models supporting organisations, tenants, workspaces, roles, groups and cross-tenant sharing
• Build and maintain low-latency authorisation services suitable for real-time and collaborative applications
• Define how authorisation is enforced consistently across APIs, services and data layers
• Translate complex business rules into scalable and predictable access control systems
• Drive decisions around modelling (RBAC, ReBAC, ABAC), performance, and system boundaries
• Raise the bar on security, resilience and operational reliability

What you bring

• Hands-on experience building and maintaining RBAC or similar authorisation systems in production environments (not just consuming or integrating with existing auth frameworks)
• Strong experience designing distributed systems at scale, with a clear focus on access control and security
• Practical experience implementing fine-grained authorisation models (RBAC, ReBAC, ABAC), including permission inheritance and hierarchical structures
• Proven ability to model complex organisational relationships and access rules
• Deep understanding of consistency, latency and caching strategies in authorisation systems
• Experience integrating authorisation into APIs and service architectures (REST, GraphQL or gRPC)
• Experience with cloud platforms such as AWS, GCP or Azure, particularly identity and service security
• Strong backend expertise in at least one of: C#, Rust, Java, C++, Go, Scala or Python
• Experience working with data at scale (Postgres, CockroachDB, DynamoDB or similar)
• Security-first mindset, with experience building reliable, observable systems

Nice to have

• Experience designing or operating Zanzibar-inspired systems (OpenFGA, SpiceDB, Ory Keto)
• Experience building authorisation as a standalone service or platform capability
• Exposure to dynamic or user-defined permission schemas
• Background in real-time, collaborative, multi-user applications
• Familiarity with Kubernetes, Docker and modern infrastructure tooling

Why this role matters

Authorisation is one of the most difficult areas to get right, and one of the easiest to get wrong.

In this role, you won't just plug into an existing system. You will define it, build it, and ensure it scales with the product. Every decision you make will have direct impact on security, performance and how teams build on top of the platform.

If you've already built authorisation systems and want to do it properly at scale, this is where you'll do your best work.