Your future responsibilities:
Own the architecture of the authorization platform end-to-end — from design through production operations
Design and implement sidecar-based authorization mechanisms and policy enforcement engines
Define authorization models (RBAC, ABAC, ReBAC) and translate business requirements into enforceable policies
Drive technical decisions on authorization infrastructure — evaluate, select, and integrate tools (OpenFGA, OPA, SpiceDB, etc.)
Design token exchange and delegation flows (OAuth 2.0 OBO, Keycloak token exchange) for multi-service authorization
Collaborate with platform, security, and product teams to define access control policies and architectural standards
Mentor and enable other engineering teams on secure authorization patterns and integration best practices
Own CI/CD pipelines and infrastructure as code for authorization services — ensuring reliability, observability, and fast delivery
Lead incident response for authorization-related issues — troubleshoot, resolve, and drive root-cause improvements
Contribute to technical strategy — ADRs, RFCs, technical documentation, and knowledge sharing across teams
Leverage AI tools and automation to accelerate development, reduce toil, and improve code quality
Your skills and experience:
5+ years of professional Golang development
Expert-level understanding of Go concurrency patterns, interfaces, and idiomatic Go
Deep knowledge of authorization models and systems (RBAC, ABAC, ReBAC, Zanzibar-style)
Hands-on experience with policy engines (OPA/Rego, OpenFGA, or similar)
Experience designing and operating sidecar-based authorization at scale
Strong understanding of OAuth 2.0 / OIDC flows, token exchange, and identity federation (Keycloak or similar IdP)
Experience with PostgreSQL and data modeling for access control
Ability to design systems for high availability, low latency, and horizontal scalability
Practical use of AI-assisted development tools (GitHub Copilot, Claude, Cursor, etc.
Advanced Kubernetes experience (operators, CRDs, admission webhooks, troubleshooting at cluster level)
Experience designing and maintaining CI/CD pipelines (GitHub Actions)
Proficiency with ArgoCD for GitOps-based continuous delivery
Experience authoring and managing Helm charts for complex deployments
Infrastructure as code with Terraform/Terragrunt — including module design and state management
Observability setup for authorization services (metrics, tracing, alerting)
Nice to Have
Experience with Google Zanzibar-inspired systems (OpenFGA, SpiceDB, Authzed) in production
Experience with service mesh (Istio/Envoy) and integrating authorization at the mesh layer
Familiarity with MCP (Model Context Protocol) or/and agent-based architectures and their authorization challenges
Background in platform engineering or developer experience
Experience with security auditing, compliance standards, or regulated environments (banking/fintech)
Experience designing multi-tenant authorization with delegation patterns
Contributions to open-source authorization tooling
Experience automating workflows with AI-powered tools or building internal developer tooling
We offer what matters most to you:
Competitive salary: we guarantee a stable income and annual bonuses for your personal contribution. Additionally, we have a referral reward program for attracting new colleagues to Raiffeisen Bank
Social package: official employment, 28 days of paid leave, additional “maternity leave” for fathers, and financial assistance for parents upon the birth of children
Comfortable working conditions: the possibility of a hybrid work format, offices equipped with shelters and generators, provision with modern equipment
Wellbeing program: all employees have access to medical insurance from the first working day; consultations with a psychologist, nutritionist or lawyer; discount program for sports and shopping; family days for children and adults; massage in the office
