Staff Identity Engineer
AI is transforming how every company operates, but most enterprises are stuck. They want to move fast with AI agents, tools, and workflows, but they can't do it safely. We're fixing that.
Our team built AI Actions for OpenAI, shipped Zapier Agents to millions of users, and launched the first remote MCP server with Anthropic. The co-creator of MCP is on our cap table. We helped establish the protocol, and now we're building the platform enterprises need to actually use it.
Runlayer is one platform for MCPs, Skills, and Agents. Purpose-built security, fine-grained governance, and complete observability so organizations can push AI forward across the entire company without the risk. We raised $11M from Khosla Ventures and Felicis, and customers include Gusto, Instacart, and Opendoor.
We're a team of 20, mostly engineers, shipping fast. If you want to work at the center of how AI gets things done, this is the moment.
Why You'll Thrive Here
Impact: Own the identity and authentication layer that secures every AI-to-enterprise connection on our platform.
Excellence: Work alongside engineers who've shipped AI systems at scale.
Ownership: Shape how MCP & AI agent authentication works, from spec-level decisions to production code.
What You'll Do
Architect and implement authentication and authorization systems for MCP servers (OAuth 2.0, Dynamic Client Registration, token management).
Build and extend our OAuth broker that handles enterprise identity integrations across dozens of vendors.
Design identity propagation for AI agents, ensuring secure, auditable access to enterprise systems.
Integrate with enterprise identity providers (Okta, WorkOS, Azure AD) and SCIM systems.
Define fine-grained access control policies for MCP tools and resources.
Collaborate directly with customers like Gusto and Rippling to solve real-world identity challenges.
Contribute to the MCP Auth spec and help define how agent identity works industry-wide.
What We're Looking For
5+ years of software engineering experience with significant focus on identity, authentication, or authorization systems.
Deep experience with OAuth 2.0/OIDC, including DCR, token exchange, and audience restriction.
Background building or integrating with enterprise identity systems (Okta, WorkOS, Auth0, AWS IAM, GCP IAM).
Strong fundamentals in distributed systems and API security.
Experience with Python and TypeScript (our stack is Python/FastAPI backend, TypeScript/React frontend).
Comfortable working directly with enterprise customers to understand and solve their security requirements.
Heavy AI user who leverages tools like Claude Code or Cursor to multiply output.
Nice to Have
Experience with Kubernetes-native authorization patterns or service mesh security.
Background in ML security (differential privacy, LLM security research).
Prior work on identity for multi-tenant SaaS platforms.
Familiarity with the MCP specification.
What We Offer
We provide a competitive package designed to attract and retain top talent who can work effectively with enterprise customers.
Competitive salary and equity — compensation that reflects your expertise and customer-facing responsibilities.
Paid time off — 4 weeks paid vacation, paid sick leave, and paid parental leave.
Professional development — budget for conferences, courses, and certifications in AI, enterprise software, and customer success.
Top-tier equipment — your choice of laptop and accessories to create your ideal work environment.
Health benefits — comprehensive health, dental, and vision coverage.
Customer interaction opportunities — work directly with innovative companies and see the immediate impact of your work.
Not quite the right fit? Reach out to careers@runlayer.com with details about your experience and interests.