Senior Security Engineer

At Anaplan, we are a team of innovators focused on optimizing business decision‑making through our leading AI‑infused scenario planning and analysis platform so our customers can outpace their competition and the market. What unites Anaplanners across teams and geographies is our collective commitment to our customers' success and to our Winning Culture. Our customers rank among the who's who in the Fortune 50. Coca‑Cola, LinkedIn, Adobe, LVMH and Bayer are just a few of the 2,400+ global companies who rely on our best‑in‑class platform. Our Winning Culture is the engine that drives our teams of innovators. We champion diversity of thought and ideas, we behave like leaders regardless of title, we are committed to achieving ambitious goals, and we love celebrating our wins – big and small. Supported by operating principles of being strategy‑led, values‑based and disciplined in execution, you'll be inspired, connected, developed and rewarded here. Everything that makes you unique is welcome; join us and let's build what's next - together You'll join the Platform & AI Enablement team within our GPTO Engineering organization, as part of the Data Orchestration domain. The team is responsible for building core capabilities that power our data and AI infrastructure—enabling scalable, resilient, and intelligent systems to support enterprise‑scale Business Planning Software solutions. We are looking for a Senior Security Engineer with deep experience in Java/Kotlin and a strong background in authentication, authorization, integrations, and secure platform architecture. You will design and build services that integrate with third‑party identity providers, manage multi‑tenant access patterns, enforce security controls, and contribute to the long‑term strategy of how our platform securely interacts with customers and external products. This role requires strong systems thinking, hands‑on engineering ability, and the experience to guide architectural decisions that keep our platform robust, trustworthy, and enterprise‑grade. Your Impact Design and implement secure backend services using Java or Kotlin, with a heavy focus on authentication, authorization, and cross‑system integrations Lead the architecture for identity and access integrations, including OAuth2/OIDC, SCIM, SAML, mTLS, and certificate‑based access pattern Define platform‑wide security patterns for multi‑tenant isolation, key lifecycle management, token issuance, secrets handling, and secure API‑to‑API communication Own integrations with external identity providers such as Okta, Auth0, Ping, Azure Entra, and other enterprise IdPs Develop and operate features for authorization using policy engines like Open Policy Agent (OPA) and Rego‑based policy evaluation Collaborate with platform and infrastructure teams to ensure services integrate securely with mesh‑based architectures (e.g., Istio) and workload identity systems (SPIFFE/SPIRE) Contribute to the strategy around compliance and governance, including GDPR, data minimization, auditability, and least‑privilege design Build high‑quality internal libraries and SDKs to make security integration and best practices accessible across engineering teams Collaborate cross‑functionally with product, platform, SRE, and frontend engineers to deliver secure, seamless user flows Participate in threat modeling and platform architecture sessions, helping shape how application code interacts with infrastructure security controls Mentor and guide other engineers, promoting secure coding practices and elevating the maturity of the engineering organization Your Qualifications Experienced in backend development in Java or Kotlin Proven expertise in OAuth2, OIDC, JWT, SAML, and modern identity protocols Hands‑on experience integrating with enterprise identity providers (Okta, Auth0, Ping, Entra, ForgeRock, etc.) Strong knowledge of mTLS, certificate‑based auth, PKI, CA chains, CSR workflows, and certificate rotation Experience with multi‑tenant architectures, isolation strategies, and developing secure APIs for B2B SaaS products Solid understanding of Zero Trust principles, workload identity (e.g. SPIFFE/SPIRE), and secure service mesh patterns Exposure to Open Policy Agent, Rego, and runtime authorization systems Familiar with regulatory and compliance concerns such as GDPR, data residency, and audit logging requirements Strong grasp of core engineering fundamentals: concurrency, resilient systems, distributed systems concepts, and performance tuning Experience with API security: Personal Access Tokens, API keys, signature schemes, rate limiting, and revocation flows Ability to work end‑to‑end across design, implementation, testing, and deployment Preferred Skills Experience working in international and distributed teams Familiarity with cloud‑agnostic architectures Exposure to observability tools and practices Experience contributing to long‑term technology strategy #LI-SP1 Our Commitment to Diversity, Equity, Inclusion and Belonging (DEIB) We believe attracting and retaining the best talent and fostering an inclusive culture strengthens our business. DEIB improves our workforce, enhances trust with our partners and customers, and drives business success. Build your career in a place where diversity, equity, inclusion and belonging aren't just words on paper – this is what drives our innovation, it's how we connect, and it contributes to what makes us a market leader. We believe in a hiring and working environment where all people are respected and valued, regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes people unique. We hire you for who you are, and we want you to bring your authentic self to work every day We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request accommodation. Fraud Recruitment Disclaimer It has come to our attention that fraudulent and fictitious job opportunities are being circulated on the Internet. Prospective candidates are being contacted by certain individuals, mainly through telephone calls, emails and correspondence, claiming they are representatives of Anaplan. The main purpose of these correspondences and announcements is to obtain privileged information from individuals. Anaplan does not: Extend offers to candidates without an extensive interview process with a member of our recruitment team and a hiring manager via video or in person. Send job offers via email. All offers are first extended verbally by a member of our internal recruitment team whenever possible and then followed up via written communication. All emails from Anaplan would come from an @anaplan.com email address. Should you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Anaplan, please send an email to people@anaplan.com before taking any further action in relation to the correspondence. #J-18808-Ljbffr