Backend Engineer Authorisation & Access Control

• REMOTE FROM BRAZIL
• CVs MUST BE IN ENGLISH
• CONTRACT TYPE: PJ

We are looking for an experienced backend engineer who wants real ownership. This role is centred on one of the hardest problems in modern software: authorisation at scale.

You will lead the design and evolution of our authorisation layer defining how users teams and organisations securely access and collaborate on complex high-value data. Your work will sit at the core of the platform and will directly influence performance security and developer experience.

This is not a feature factory role. You will shape systems make trade-offs and build foundations that other teams rely on.

What you will do

• Own the architecture and implementation of a fine-grained authorisation system for B2B products.
• Design scalable permission models that support organisations tenants workspaces user groups and cross-tenant sharing.
• Build low-latency authorisation checks suitable for real-time and collaborative applications.
• Integrate authorisation cleanly across API layers and microservices.
• Work closely with product and frontend teams to turn complex access rules into predictable behaviour for users.
• Raise the bar on security resilience and operational reliability.

What you bring

• Strong experience designing and running distributed systems at scale with a clear focus on user authorisation in B2B environments.
• Hands-on experience with fine-grained authorisation models beyond basic RBAC including ReBAC or ABAC style approaches.
• Proven ability to model complex organisational hierarchies and permission inheritance.
• Solid understanding of consistency vs availability trade-offs in high-performance authorisation systems.
• Experience with cloud platforms such as AWS GCP or Azure particularly identity API gateways and service security.
• Deep expertise in at least one of the following languages: C# Rust Java C Go Scala or Python.
• Strong API design skills across REST GraphQL or gRPC including integration of authorisation middleware.
• Experience working with large datasets in systems such as Postgres CockroachDB or DynamoDB.
• Comfort working in agile teams with modern CI/CD pipelines and infrastructure tooling.
• A security-first mindset with experience building fault-tolerant observable systems that run reliably at scale.

Nice to have

• Practical experience with Google Zanzibar-inspired systems such as OpenFGA SpiceDB or Ory Keto.
• Experience with dynamic or user-defined permission schemas.
• Background in real-time multi-user collaboration platforms with complex permission requirements.
• Familiarity with technologies such as Kubernetes Docker and serverless architectures.

Why this role matters

Authorisation is one of the most difficult areas to get right and one of the easiest to get this role you will be trusted to design it properly build it cleanly and keep it fast and secure as the platform scales.

If you enjoy solving hard problems that sit right at the heart of a product this is where you will do your best work.