• Design and implement secure AWS architectures leveraging EC2, S3, RDS, Lambda, IAM, VPC, CloudWatch, and CloudTrail. • Lead migration of legacy systems to AWS cloud environments. • Implement Infrastructure as Code using Terraform or CloudFormation. • Configure network security groups, encryption mechanisms, and logging frameworks. • Ensure FedRAMP Moderate/High compliance and support ATO documentation. • Optimize performance and cost management strategies. • Provide technical oversight for container deployments using Docker and Kubernetes/EKS.

• Design and implement services utilizing Go for cloud-based platforms • Collaborate with partners to develop APIs for medical data • Implement unit testable and maintainable code • Partner with InfoSec for secure solution design • Contribute to architectural and operational decisions • Build internal tooling and APIs for efficiency • Engage in technical planning and design

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Platform Auth team’s goal is to support our ‘one customer identity’ vision by providing tools, processes, and expertise for our engineering teams to create a unified access management experience while simplifying and standardizing engineering patterns in the space. We are looking for engineers to join our growing team! - Develop, manage and collaborate with other engineering teams for authentication, authorization, audit logging and monitoring. - Ensure customers and internal users are provided a secure, user-friendly way to access systems, including support for SAML, SCIM, MFA and passwordless auth. - Ensure resources have the proper level of authorization that is secure, easy for users to understand and easy for engineers to develop against. - Ensure events are captured for analysis and surfaced for both internal teams and customers as appropriate. - Collaborate with other engineering teams to understand database access management patterns, provide guidance for security or usability improvements and contribute where possible. - Collaborate with other engineering teams to understand integration patterns for third party systems and work to develop common patterns and platforms to enable secure management of credentials for this application. - Ensure systems comply with relevant security and compliance frameworks, such as NIST. - Create and maintain internal documentation to enable other teams to on-board and integrate with identity & access management systems. - Respond to on-call escalations involving the identity and access management platform. Qualifications - 4+ years of experience as a software engineer, with focus on complex system design and development, working with diverse programming languages (i.e. C++, TypeScript). - Bachelor’s or Master’s degree in Computer Science or a related field; or equivalent experience. - Experience implementing authentication and authorization services to a standard such as SAML, SCIM, OAuth2, or OIDC. - Direct experience with Auth0, Okta, Cloud IAM (AWS, GCP, Azure) and AuthZ systems. - Experience implementing access control on web applications, APIs and databases. - Experience with distributed systems, cloud computing, and scalable architectures. - You are passionate about building secure systems that are easy to use and easy to develop against. - You have excellent communication skills and the ability to work well within a team and across engineering teams. - You are a strong problem solver and have solid production debugging skills. - You thrive in a fast paced environment, and see yourself as a partner with the business with the shared goal of moving the business forward. - You have a high level of responsibility, ownership and accountability. Benefits - Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in 20 countries. - Healthcare - Employer contributions towards your healthcare. - Equity in the company - Every new team member who joins our company receives stock options. - Time off - Flexible time off in the US, generous entitlement in other countries. - A $500 Home office setup if you’re a remote employee. - Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites. - Culture - We All Shape It - As part of our first 500 employees, you will be instrumental in shaping our culture.

• Cloud strategy & target-state architecture: Define the multi-year AWS platform strategy, principles, and “golden paths” for teams to build on. • Security & compliance architecture: Own cloud security posture and compliance-by-design for HIPAA and audit readiness (e.g., SOC 2, HITRUST). • AWS landing zone & governance: Design and operate a multi-account AWS environment (Control Tower/Organizations), including guardrails, identity, network segmentation, and centralized logging. • Reliability & operational excellence: Set SRE-aligned practices for observability, incident response, disaster recovery, and operational readiness. • Platform enablement: Create reusable Infrastructure-as-Code modules, templates, and reference architectures to accelerate safe delivery across teams. • FinOps & cost governance: Implement cost allocation, tagging, budgeting, and optimization practices that improve visibility and reduce total cost of ownership. • Design and evolve a secure multi-account AWS environment (Control Tower/Organizations) with clear boundaries for production/non-production, workloads, and data sensitivity. • Define and socialize reference architectures for core workload types (web apps, APIs, data pipelines, event-driven/serverless), including secure defaults and “golden paths.” • Establish architectural standards and governance (design reviews, threat modeling, pre-launch checklists) that improve quality without slowing delivery. • Build and maintain infrastructure as code and delivery automation (IaC modules, promotion strategies, automated checks) in partnership with engineering. • Implement cloud security controls for PHI and sensitive data (identity, encryption, secrets, logging/detection, auditability) and drive continuous posture improvement. • Partner with hospital IT/security teams to implement secure data exchange links, including joint testing, documentation, and operational runbooks. • Operationalize reliability: SLIs/SLOs, observability, alerting, incident response, and DR readiness - improving time-to-detect and time-to-recover. • Evaluate emerging cloud and AI capabilities and run focused POCs when they materially improve security, reliability, cost, or developer velocity.