Staff Backend Engineer

About the Role

We are seeking a Staff Backend Engineer to serve as the technical anchor for our Users team at HighLevel. This role focuses on identity, access control, auditing, notifications, and security foundations within our multi-tenant SaaS platform.

Unlike feature-focused roles, this position prioritizes building systems that are correct, resilient, and safe by default, enabling other teams to move fast without compromising trust.

Key Responsibilities

• Design and evolve secure multi-tenant architectures supporting 100k+ agencies (Agency → Account → App hierarchy).
• Define and enforce tenant isolation guarantees at data, API, and infrastructure levels.
• Build and review authorization models including RBAC, ABAC, and hybrid approaches.
• Own token systems covering API keys, OAuth flows, JWTs, scoped tokens, rotation, and expiry management.
• Design fine-grained scopes for internal APIs, public APIs, and partner integrations to prevent privilege escalation.
• Lead security-critical backend designs regarding authZ boundaries, impersonation risks, and auditability.
• Partner with Infra/Security teams on Secrets management, Key rotation, Rate limiting, abuse prevention, and SOC2-style compliance readiness.
• Act as a multiplier by raising the security bar across engineering through reviews, RFCs, and mentoring.

Requirements

• 8+ years of backend engineering experience.
• Proven track record building secure, multi-tenant SaaS platforms.
• Deep expertise in authorization models (RBAC, ABAC), OAuth2/JWT/API key systems, threat modeling, and security tradeoffs.
• Strong system design skills for long-lived platforms with the ability to own ambiguous, high-impact areas.