Role Summary: As a Staff Engineer on the Users team, you will be the technical anchor for identity, access, auditing, notifications and security foundations across our multi-tenant SaaS platform. This role is not about feature velocity - it’s about building systems that are correct, resilient, and safe by default, and enabling other teams to move fast without breaking trust.

You’ll work closely with EMs, Product, and other engineers to design and evolve core primitives such as users, roles, permissions, tokens, and tenant isolation, auditing, notifications - at scale.

Responsibilities:

• Design and evolve secure multi-tenant architectures (Agency → Account → App or equivalent hierarchy) for 100k+ agencies
• Define and enforce tenant isolation guarantees at data, API, and infra levels
• Build and review authorization models (RBAC / ABAC / hybrid)
• Own token systems (API keys, OAuth flows, JWTs, scoped tokens, rotation, expiry)
• Design fine-grained scopes for internal APIs, public APIs, and partner integrations
• Map scopes → permissions → resources consistently
• Prevent over-scoped tokens and privilege escalation
• Lead security-critical backend designs (authZ boundaries, impersonation, auditability)
• Set patterns for secure-by-default APIs used by internal and external teams
• Partner with Infra/Security teams on Secrets management, Key rotation, Rate limiting & abuse prevention, Compliance readiness (SOC2 style thinking)
• Act as a multiplier: raise the security bar across engineering via reviews, RFCs, and mentoring