At Anaplan we are a team of innovators focused on optimizing business decision-making through our leading AI-infused scenario planning and analysis platform so our customers can outpace their competition and the market.
What unites Anaplanners across teams and geographies is our collective commitment to our customers success and to our Winning Culture.
Our customers rank among the whos who in the Fortune 50. Coca-Cola LinkedIn Adobe LVMH and Bayer are just a few of the 2400 global companies who rely on our best-in-class platform.
Our Winning Culture is the engine that drives our teams of innovators. We champion diversity of thought and ideas we behave like leaders regardless of title we are committed to achieving ambitious goals and we love celebratingour wins big and small.
Supported by operating principles of being strategy-led values-based and disciplined in execution youll be inspired connected developed and rewarded here. Everything that makes you unique is welcome; join us and lets build whats next - together!
Anaplan is the leading enterprise decision-making platform powering the worlds largest enterprises with our proprietary Hyperblock technology and cloud infrastructure. We are seeking a Senior Principal Engineer to lead the architectural evolution of our Product Security and Customer Identity & Access Management (CIAM) this role you will define and execute the technical strategy for secure multi-tenant isolation modern identity migrations and secure API-to-API communications across our highly distributed global SaaS platform.
Your Impact
Security Architecture & Strategy: Lead the long-term technical roadmap for platform-wide security patterns including multi-tenant isolation key lifecycle management secure token issuance (JWT) secrets management and robust API-to-API communication.
Modern Identity Engineering: Design and implement next-generation CIAM solutions and secure backend services (using Java/Kotlin) to migrate from legacy IAM systems to modern highly scalable identity platforms.
Access Control & Policy Enforcement: Architect and operate declarative authorization systems utilizing policy-as-code engines (e.g. Open Policy Agent (OPA) with Rego-based evaluation) for granular high-throughput access decisions.
Platform Standardization: Influence company-wide engineering standards and define best practices for secure-by-default software development. Lead cross-functional collaboration with core engineering teams (including API Gateway Platform Security and Infrastructure) to ensure consistent security postures.
Technical Leadership & Mentorship: Guide mentor and elevate the maturity of the engineering organization promoting secure coding practices and driving threat-modeling initiatives.
Your Qualifications
Identity Access & Security Protocols
Deep IAM/CIAM Expertise: Significant software engineering experience in architecting and operating enterprise-scale Identity and Access Management platforms.
Standard Federation Protocols: Expert-level knowledge of OAuth2 OIDC SAML and SCIM user provisioning.
Hands-on Platform Experience: Comprehensive experience deploying and managing industry-standard IAM platforms (e.g. Auth0 Keycloak Ping Identity or Ory).
Policy-as-Code: Strong experience implementing and scaling fine-grained authorization policies using Open Policy Agent (OPA) Rego or similar policy engines.
Deep production-level expertise in architecting and implementing modern access control paradigms including Role-Based Access Control (RBAC) Attribute-Based Access Control (ABAC) and Relationship-Based Access Control (ReBAC) using decoupled Policy-as-Code engines (such as Open Policy Agent/Rego or AWS Cedar)
Solid understanding of LDAP/Active Directory integration patterns for enterprise user authentication and centralized group management
Strong expertise in modern digital identity concepts encompassing authentication mechanisms (MFA SSO Passwordless) and a thorough understanding of identity protocols acting as the foundation for authorization architectures
Software Engineering & Distributed Systems
Backend Engineering: Proven experience building high-throughput low-latency secure microservices in JVM-based languages (Java or Kotlin).
System Reliability at Scale: Solid understanding of highly available (HA/DR) distributed systems observability (metrics logs traces) and SRE principles.
API Security & Gateways: Deep experience securing API architectures and designing edge security patterns (e.g. rate limiting token exchange and mutual TLS).
Proven track record of untangling and reverse-engineering complex monolithic legacy applications to extract undocumented business rules and systematically translating them into modern decoupled Policy-as-Code authorization architectures
Compliance Environment & Leadership
Regulated Environments: Experience building operating and auditing identity solutions in compliance-heavy or regulated cloud environments (such as FedRAMP Moderate/High).
Identity Migrations: Proven track record of successfully executing seamless zero-downtime migrations from legacy directory services or monolithic IAM systems to modern distributed CIAM frameworks.
Cross-Functional Leadership: Strong communication presentation and alignment skills with a track record of driving complex technical initiatives across multiple business units and executive stakeholders.
#LI-SP1
Our Commitment to Diversity Equity Inclusionand Belonging (DEIB)
We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce enhances trust with our partners and customers and drives business success. Build your career in a place where diversity equity inclusion and belonging arent just words on paper this is what drives our innovation its how we connect and it contributes to what makes us a market leader. We believe in a hiring and working environment where all people are respected and valued regardless of gender identity or expression sexual orientation religion ethnicity age neurodiversity disability status citizenship or any other aspect which makes people unique. We hire you for who you are and we want you to bring your authentic self to work every day!
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process perform essential job functions and receive equitable benefits and all privileges of employment. Please contact us to request accommodation.
Fraud Recruitment Disclaimer
It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals mainly through telephone calls emails and correspondence claiming they are representatives of Anaplan. The main purpose of these correspondences and announcements is to obtain privileged information from individuals.
Anaplan does not:
Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person.
Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible and then followed up via written communication.
All emails from Anaplan would come from an @ email address. Should you have any doubts about the authenticity of an email letter or telephone communication purportedly from for or on behalf of Anaplan please send an email to before taking any further action in relation to the correspondence.
Required Experience:
Staff IC
At Anaplan we are a team of innovators focused on optimizing business decision-making through our leading AI-infused scenario planning and analysis platform so our customers can outpace their competition and the market.What unites Anaplanners across teams and geographies is our collective commitment...
At Anaplan we are a team of innovators focused on optimizing business decision-making through our leading AI-infused scenario planning and analysis platform so our customers can outpace their competition and the market.
What unites Anaplanners across teams and geographies is our collective commitment to our customers success and to our Winning Culture.
Our customers rank among the whos who in the Fortune 50. Coca-Cola LinkedIn Adobe LVMH and Bayer are just a few of the 2400 global companies who rely on our best-in-class platform.
Our Winning Culture is the engine that drives our teams of innovators. We champion diversity of thought and ideas we behave like leaders regardless of title we are committed to achieving ambitious goals and we love celebratingour wins big and small.
Supported by operating principles of being strategy-led values-based and disciplined in execution youll be inspired connected developed and rewarded here. Everything that makes you unique is welcome; join us and lets build whats next - together!
Anaplan is the leading enterprise decision-making platform powering the worlds largest enterprises with our proprietary Hyperblock technology and cloud infrastructure. We are seeking a Senior Principal Engineer to lead the architectural evolution of our Product Security and Customer Identity & Access Management (CIAM) this role you will define and execute the technical strategy for secure multi-tenant isolation modern identity migrations and secure API-to-API communications across our highly distributed global SaaS platform.
Your Impact
Security Architecture & Strategy: Lead the long-term technical roadmap for platform-wide security patterns including multi-tenant isolation key lifecycle management secure token issuance (JWT) secrets management and robust API-to-API communication.
Modern Identity Engineering: Design and implement next-generation CIAM solutions and secure backend services (using Java/Kotlin) to migrate from legacy IAM systems to modern highly scalable identity platforms.
Access Control & Policy Enforcement: Architect and operate declarative authorization systems utilizing policy-as-code engines (e.g. Open Policy Agent (OPA) with Rego-based evaluation) for granular high-throughput access decisions.
Platform Standardization: Influence company-wide engineering standards and define best practices for secure-by-default software development. Lead cross-functional collaboration with core engineering teams (including API Gateway Platform Security and Infrastructure) to ensure consistent security postures.
Technical Leadership & Mentorship: Guide mentor and elevate the maturity of the engineering organization promoting secure coding practices and driving threat-modeling initiatives.
Your Qualifications
Identity Access & Security Protocols
Deep IAM/CIAM Expertise: Significant software engineering experience in architecting and operating enterprise-scale Identity and Access Management platforms.
Standard Federation Protocols: Expert-level knowledge of OAuth2 OIDC SAML and SCIM user provisioning.
Hands-on Platform Experience: Comprehensive experience deploying and managing industry-standard IAM platforms (e.g. Auth0 Keycloak Ping Identity or Ory).
Policy-as-Code: Strong experience implementing and scaling fine-grained authorization policies using Open Policy Agent (OPA) Rego or similar policy engines.
Deep production-level expertise in architecting and implementing modern access control paradigms including Role-Based Access Control (RBAC) Attribute-Based Access Control (ABAC) and Relationship-Based Access Control (ReBAC) using decoupled Policy-as-Code engines (such as Open Policy Agent/Rego or AWS Cedar)
Solid understanding of LDAP/Active Directory integration patterns for enterprise user authentication and centralized group management
Strong expertise in modern digital identity concepts encompassing authentication mechanisms (MFA SSO Passwordless) and a thorough understanding of identity protocols acting as the foundation for authorization architectures
Software Engineering & Distributed Systems
Backend Engineering: Proven experience building high-throughput low-latency secure microservices in JVM-based languages (Java or Kotlin).
System Reliability at Scale: Solid understanding of highly available (HA/DR) distributed systems observability (metrics logs traces) and SRE principles.
API Security & Gateways: Deep experience securing API architectures and designing edge security patterns (e.g. rate limiting token exchange and mutual TLS).
Proven track record of untangling and reverse-engineering complex monolithic legacy applications to extract undocumented business rules and systematically translating them into modern decoupled Policy-as-Code authorization architectures
Compliance Environment & Leadership
Regulated Environments: Experience building operating and auditing identity solutions in compliance-heavy or regulated cloud environments (such as FedRAMP Moderate/High).
Identity Migrations: Proven track record of successfully executing seamless zero-downtime migrations from legacy directory services or monolithic IAM systems to modern distributed CIAM frameworks.
Cross-Functional Leadership: Strong communication presentation and alignment skills with a track record of driving complex technical initiatives across multiple business units and executive stakeholders.
#LI-SP1
Our Commitment to Diversity Equity Inclusionand Belonging (DEIB)
We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce enhances trust with our partners and customers and drives business success. Build your career in a place where diversity equity inclusion and belonging arent just words on paper this is what drives our innovation its how we connect and it contributes to what makes us a market leader. We believe in a hiring and working environment where all people are respected and valued regardless of gender identity or expression sexual orientation religion ethnicity age neurodiversity disability status citizenship or any other aspect which makes people unique. We hire you for who you are and we want you to bring your authentic self to work every day!
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process perform essential job functions and receive equitable benefits and all privileges of employment. Please contact us to request accommodation.
Fraud Recruitment Disclaimer
It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals mainly through telephone calls emails and correspondence claiming they are representatives of Anaplan. The main purpose of these correspondences and announcements is to obtain privileged information from individuals.
Anaplan does not:
Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person.
Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible and then followed up via written communication.
All emails from Anaplan would come from an @ email address. Should you have any doubts about the authenticity of an email letter or telephone communication purportedly from for or on behalf of Anaplan please send an email to before taking any further action in relation to the correspondence.
Job Location:
Monthly Salary:
Posted on:
Vacancies:
