|
What to Expect
At Tesla, we are building the future of identity in-house. As a Senior Software Engineer on the Identity & Zero Trust Engineering team, you will own the design and development of the platforms that secure every human and workload at Tesla across our identity provider (IdP/SSO), Identity Governance & Administration (IGA), workload identity (SPIFFE/SPIRE), Public Key Infrastructure (PKI), Zero Trust Network Access (ZTNA), and infrastructure access strategy. This is a hands-on, build-first engineering role: you will write production software (primarily Go and Python) that replaces commercial point-solutions with scalable, highly available services we own end to end, and you will set the technical direction for how identity and access are engineered across the company.
What You'll Do
- Design, build, and own production services across the identity and Zero Trust stack: IdP/SSO, IGA, workload identity, PKI, ZTNA, and infrastructure access focused on developing in-house rather than bought
- Architect workload identity using SPIFFE/SPIRE as the cryptographic root of trust, issuing short-lived identities and securing service-to-service traffic with mTLS
- Build a centralized authorization platform (ABAC/RBAC, policy-as-code) that operates on the hot path at high request rates with sub-millisecond p99 latency and high availability
- Develop the IGA platform: just-in-time access, birthright/role-based provisioning, access reviews, separation-of-duties, and automated evidence collection for SOX/PCI and audits
- Own internal PKI: certificate issuance, rotation, and revocation; certificate-lifecycle automation; HSM-backed key management; and shared mTLS/PKI libraries
- Build Zero Trust infrastructure access: short-lived, certificate-based access to SSH, Kubernetes, and production systems via identity-aware proxies/bastions, eliminating standing access and static keys
- Develop identity-aware gateways/proxies and integrations with the IdP (Entra/Azure AD), SCIM provisioning, and downstream services
- Build Kubernetes controllers/operators for service-identity and authorization-policy custom resources; integrate with the service mesh (Istio/Envoy)
- Define identity and authorization design standards; lead design and pre-launch security reviews; mentor engineers and raise the engineering bar across teams
- Drive reliability and operability: observability, automated testing, safe rollout/rollback, and secure software-development practices
What You'll Bring
- 6+ years of software engineering experience building and operating production distributed system
- Expert proficiency in Go and/or Python as primary build languages, with strong backend/systems fundamentals (working knowledge of C#, TypeScript, or Rust a plus)
- Demonstrated experience building (not just operating) software in multiple identity/security domains: workload identity (SPIFFE/SPIRE), PKI/X.509/mTLS, IGA, authorization (ABAC/RBAC/OPA), SO/identity protocols, or infrastructure access
- Track record of designing and shipping high-scale, low-latency, highly available services with clear ownership of throughput, latency, and availability outcomes
- Strong understanding of identity and access protocols: OIDC, OAuth2, SAML, SCIM, JWT/JWKS, and X.509/mTLS
- Deep Kubernetes experience, including controllers/operators and service mesh (Istio, Envoy, Consul, or Cilium)
- Proficiency in API design (REST, gRPC) and integration patterns (event-driven, webhooks, message queues)
- Experience with cloud platforms (Azure, AWS, GCP) and their IAM/networking primitives
Strong software-engineering practices: Git, code review, automated testing, CI/CD, observability, and secure coding - Degree in Computer Science, Software Engineering, or equivalent work experience
- Effective verbal and written communication and the ability to lead technical design
Compensation and Benefits
Benefits
Along with competitive pay, as a full-time Tesla employee, you are eligible for the following benefits at day 1 of hire:
- Medical plans > plan options with $0 payroll deduction
- Family-building, fertility, adoption and surrogacy benefits
- Dental (including orthodontic coverage) and vision plans, both have options with a $0 paycheck contribution
- Company Paid (Health Savings Accounts) HSA Contribution when enrolled in the High-Deductible medical plan with HSA
- Healthcare and Dependent Care Flexible Spending Accounts (FSA)
- 401(k) with employer match, Employee Stock Purchase Plans, and other financial benefits
- Company paid Basic Life, AD&D
- Short-term and long-term disability insurance (90 day waiting period)
- Employee Assistance Program
- Sick and Vacation time (Flex time for salary positions, Accrued hours for Hourly positions), and Paid Holidays
- Back-up childcare and parenting support resources
- Voluntary benefits to include: critical illness, hospital indemnity, accident insurance, theft & legal services, and pet insurance
- Weight Loss and Tobacco Cessation Programs
- Tesla Babies program
- Commuter benefits
- Employee discounts and perks program
Expected Compensation
$140,000 - $252,000/annual salary + cash and stock awards + benefits
Pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other elements dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment. |
Tesla Motors, Inc.
140,000 - 252,000 USD
paid holidays, flex time, 401(k)
Jun 29, 2026