Sr. Fullstack Engineer, Identity Platform

At Zapier, we build and use automation every day to make work more efficient, creative, and human. So if you’re using AI tools while applying here - that’s great! We just ask that you use them responsibly and transparently.

Check out our guidance on How to Collaborate with AI During Zapier’s Hiring Process, including how to use AI tools like ChatGPT, Claude, Gemini, or others during our hiring process - and when not to.

Job Posted: March 17, 2026

Location: Americas - North, Central and South America

Zapier's mission is to enable enterprise companies to build and maintain dependable AI workflows at scale. The Identity Platform team builds the golden path that every product team uses to deliver reliable, consistent, and secure experiences to these customers. Authentication, session management, and credential infrastructure are the foundation. Get them right, and every product team ships faster with confidence. We're hiring a Senior Fullstack Engineer to own this foundation, drive the strategic and architectural direction of this layer for years to come, and directly unlock our largest enterprise deals.

• Enterprise authentication infrastructure. You'll design and extend the systems that handle SAML SSO, SCIM provisioning, OAuth/OIDC flows, multi-factor authentication, login, sign-up, and secure session for organizations with thousands of users. That spans the full auth surface: SCIM-driven user provisioning and de-provisioning, invitation flows, 2FA setup, SSO-enforced login, domain capture for auto-routing new signups, and session hardening. Reliability, latency, and efficiency are non-negotiables; auth is the most critical-path system at the company. You'll make these systems faster, more resilient, and easier for other teams to integrate with.

• User session auth across services. Zapier is a multi-service platform. You'll own how user sessions propagate across service boundaries; making sure authentication context is consistent, secure, and performant whether a request hits the monolith, a Node.js service, or a Go microservice. You'll evolve JWT validation, token exchange, and session tracking to handle the complexity of a growing service footprint.

• Enterprise authentication controls and compliance. Enterprise customers need org-level authentication policy enforcement: forced SSO, domain capture, admin-managed authentication requirements, and credential lifecycle controls like JWT key rotation, token refresh, and session expiry policies. You'll build and extend the APIs that give admins confidence their organization meets their security standards. SOC 2 access control evidence, GDPR data subject requests, and audit trail requirements are design constraints you'll work within regularly, not afterthoughts.

• Platform APIs that other teams depend on. Identity is infrastructure. Your APIs, libraries, and contracts are consumed by dozens of teams. You'll design for backward compatibility, clear documentation, and low integration friction. But shipping the API is half the job. You'll also drive adoption: writing integration guides, running migration paths, and embedding with product teams to help them use auth capabilities correctly. Internal engineering teams' needs carry the same weight as end-customer value.

This is a Senior Engineer role. Senior engineers at Zapier own outcomes end-to-end within their team and extend impact beyond it. You'll coordinate across ownership boundaries, shape technical direction for adjacent systems, and bring other engineers along with you.

Our level definitions may look different from what you've seen elsewhere. We'll be transparent about leveling before you reach the final stages.

• You've set the vision and built identity systems for enterprise SaaS at scale. Not configured them, built them. You have hands-on experience with SAML, SCIM, OAuth/OIDC, or JWT in a multi-tenant SaaS environment. You understand authentication at a protocol level, not a checkbox level. You've dealt with token replay, session fixation, key rotation under load, multi-IdP federation, just-in-time provisioning, or identity linking across auth methods in real systems serving real users. You know what breaks when an organization with 5,000 employees connects their IdP to your platform for the first time. You are a thought leader in the Identity domain who proactively follows industry trends and Enterprise user management best practices.

• You work through AI agents, not alongside them. Your daily development workflow is built around directing and reviewing agent-written code, not writing it by hand. You have opinions about which models to use for which tasks, you've hit real failure modes and built mitigations, and your workflow is actively evolving. When you hit unfamiliar territory, you don't slow down; you point your agent at the codebase, research the domain, and draft a plan. Then you build a POC or working prototype to demonstrate the concept in hours, not iterate on a planning doc for days. You jump into unfamiliar codebases, use your agent to map the landscape, and ship draft MRs or integration proposals within days. At this level, that means going into other teams' code when an integration is blocked, not waiting for their capacity. Bonus: you enable others on your team to work this way too.

• You think in platforms, not features. You've built systems other engineering teams depend on. You know what it means to ship a breaking change to an internal API, maintain backward compatibility under pressure, and write contracts that hold up as the organization scales. You understand the cost of coupling and the discipline of good boundaries.

• You're comfortable across the stack. This is a fullstack role on a platform team. You'll write backend services in Python and Node.js, work with Django and Fastify, touch React when building admin tooling or developer-facing UIs, and navigate infrastructure concerns like Kubernetes, Terraform, and CI/CD pipelines. You don't need to be an expert in all of these, but you can't be afraid of any of them.

• You believe enterprise can move fast, and you ship through ambiguity to prove it. You've seen (or want to prove) that shipping to enterprise customers doesn't have to mean slow, waterfall-style cycles. When there's no spec, no designs, and no clear path forward, your first instinct is to gather evidence, break the problem into a narrow first slice, and get rough working software into production within days, not weeks. You use working prototypes to drive alignment rather than waiting for consensus. You see compliance, security, and rollout considerations as interesting design constraints, not reasons to slow down. You're comfortable throwing work away when direction changes and you treat discarded work as a fast learning loop, not a loss.

• You work close to the customer. "Customer" for this team means both enterprise buyers evaluating Zapier's security posture and internal engineering teams integrating with your APIs. You pull from both; reviewing customer security questionnaires, sitting in on enterprise calls, reading support tickets, and talking directly to engineers who consume your platform. You’ll also work closely with customer support teams to provide them with the tools and processes to troubleshoot customer issues and incidents.

• You own your work, yourself, and your communication. You take initiative without waiting for permission and ship fast and share early. You manage up and across in an async-first culture, flagging risks, surfacing decisions, and keeping stakeholders informed without being asked. You use written artifacts, working demos, and rough prototypes as your primary communication tools, not meetings. You also own your mistakes, your gaps, and your role in friction, openly. You say "I don't know" and "I was wrong" out loud, early, and without shame.

• Design and maintain authentication and session systems (SAML, SCIM, OAuth/OIDC, MFA, login, sign-up, 2FA, user provisioning) as Zapier scales to larger and more security-conscious customers

• Own user session propagation and JWT validation across a multi-service architecture spanning Python, Node.js, and Go

• Build enterprise authentication controls and governance APIs: forced SSO, domain capture, credential lifecycle, admin authentication policies

• Build and maintain platform libraries consumed by dozens of internal teams

• Treat reliability, latency, and efficiency of auth systems as non-negotiables; build the monitoring, observability, and audit logging to back that up

• Respond to authentication-related incidents and participate in on-call rotation

• Enable Security, Enterprise Response, and product team partners to move faster by removing auth bottlenecks and proactively surfacing what they need

• Join yearly company retreats that rotate to various cities throughout North America

The anticipated application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later, or if the position is filled.

Even though we’re an all-remote company, we still need to be thoughtful about where we have Zapiens working. Check out this resource for a list of countries where we currently cannot have Zapiens permanently working.