Backend Engineer - Authorisation & Access Control

• REMOTE FROM BRAZIL
• CVs MUST BE IN ENGLISH
• CONTRACT TYPE:PJ

We are looking for an experienced backend engineer who wants real ownership. This role is centred on one of the hardest problems in modern software: authorisation at scale.

You will lead the design and evolution of our authorisation layer, defining how users, teams and organisations securely access and collaborate on complex, high-value data. Your work will sit at the core of the platform and will directly influence performance, security and developer experience.

This is not a feature factory role. You will shape systems, make trade-offs, and build foundations that other teams rely on.

• Own the architecture and implementation of a fine-grained authorisation system for B2B products.
• Design scalable permission models that support organisations, tenants, workspaces, user groups and cross-tenant sharing.
• Build low-latency authorisation checks suitable for real-time and collaborative applications.
• Integrate authorisation cleanly across API layers and microservices.
• Work closely with product and frontend teams to turn complex access rules into predictable behaviour for users.
• Raise the bar on security, resilience and operational reliability.

• Strong experience designing and running distributed systems at scale, with a clear focus on user authorisation in B2B environments.
• Hands-on experience with fine-grained authorisation models beyond basic RBAC, including ReBAC or ABAC style approaches.
• Proven ability to model complex organisational hierarchies and permission inheritance.
• Solid understanding of consistency vs availability trade-offs in high-performance authorisation systems.
• Experience with cloud platforms such as AWS, GCP or Azure, particularly identity, API gateways and service security.
• Deep expertise in at least one of the following languages: C#, Rust, Java, C++, Go, Scala or Python.
• Strong API design skills across REST, GraphQL or gRPC, including integration of authorisation middleware.
• Experience working with large datasets in systems such as Postgres, CockroachDB or DynamoDB.
• Comfort working in agile teams with modern CI/CD pipelines and infrastructure tooling.
• A security-first mindset, with experience building fault-tolerant, observable systems that run reliably at scale.

• Practical experience with Google Zanzibar-inspired systems such as OpenFGA, SpiceDB or Ory Keto.
• Experience with dynamic or user-defined permission schemas.
• Background in real-time, multi-user collaboration platforms with complex permission requirements.
• Familiarity with technologies such as Kubernetes, Docker and serverless architectures.

Authorisation is one of the most difficult areas to get right, and one of the easiest to get wrong. In this role, you will be trusted to design it properly, build it cleanly, and keep it fast and secure as the platform scales.

If you enjoy solving hard problems that sit right at the heart of a product, this is where you will do your best work.