Senior Software Engineer

Identity Architecture & Distributed Systems

Location: Remote / Australia Preferred

Company: Smallsoft Pty Ltd

About Smallsoft

Smallsoft is building Smallsoft Identity (SI) — a modern identity infrastructure platform designed for secure authentication, authorization, and distributed service ecosystems.

SI is not a conventional web application.

It is an identity core designed to power multiple services, dashboards, APIs, and future products under a unified authorization model.

We are looking for an engineer who understands that identity is infrastructure — not a feature.

The Role

You will take ownership of the architecture and evolution of our Identity Provider (IdP) and Service Provider (SP) ecosystem.

This role requires deep understanding of authentication flows, token lifecycle design, distributed session management, and cloud-native architecture.

You will not be implementing CRUD APIs.

You will be designing trust boundaries.

Core Responsibilities

Architect and implement scalable identity infrastructure
Design and maintain OAuth 2.0 / OpenID Connect flows
Build and evolve IdP + SP Dashboard systems
Design token lifecycle strategies (JWT, refresh tokens, revocation)
Implement secure cookie/session strategies across domains
Define authorization models for distributed services
Ensure system resilience, scalability, and security hardening
Participate in architectural decisions for future platform expansion

Required Technical Expertise

Backend & Architecture

Expert-level proficiency in .NET 8 / ASP.NET Core
Deep understanding of middleware pipeline & dependency injection
Strong RESTful API design principles
Experience with BFF (Backend-for-Frontend) architecture
Experience designing high-concurrency systems

Identity & Security

Strong practical experience with OAuth 2.0 and OpenID Connect
Clear understanding of Authorization Code Flow and PKCE
JWT structure, signing, validation, rotation strategies
Session and cookie security (HttpOnly, Secure, SameSite)
CORS handling in authentication scenarios
Threat modeling for authentication systems

Distributed Systems

Understanding of stateless vs stateful service design
Experience with distributed session/token architecture
Familiarity with microservice-oriented systems

Data Layer

Experience with NoSQL systems (Cosmos DB preferred)
Understanding partition strategy and consistency models
Repository pattern and clean architecture practices

Cloud & DevOps

Experience with AWS, Azure, or Oracle Cloud
Docker containerization
CI/CD pipelines (GitHub Actions preferred)
HTTPS/TLS and certificate management
Linux-based deployment environments

Strongly Preferred

Experience building Identity Providers or SSO systems
iOS security knowledge (Swift / Keychain / mobile OAuth flows)
Familiarity with Zero Trust architecture
Experience with usage-based API billing systems
OWASP Top 10 security mitigation practices

What “Senior” Means Here

Senior is not about years of experience.

Senior means:

You can design authentication systems from first principles.
You understand trust boundaries and attack surfaces.
You can critique and improve token lifecycle design.
You can reason about security tradeoffs at an architectural level.
You can explain OAuth flows without referring to documentation.

What This Role Is Not

It is not a front-end heavy role.
It is not a maintenance-only role.
It is not a framework-driven implementation position.

This role is about architecture ownership.

Why Join Smallsoft

You will be part of building identity infrastructure from the ground up — without legacy constraints.

You will work on foundational systems that enable future products.

You will have direct architectural influence.

Application

Send your CV and a short architectural description of a system you have designed to:

careers@smallsoft.com.au

Include in your application:

A short explanation of how OAuth Authorization Code Flow works.
A description of how you would design token revocation in a distributed environment.