About ClickHouse
Recognized on the 2025 Forbes Cloud 100 list, ClickHouse is one of the most innovative and fast-growing private cloud companies. With more than 3,000 customers and ARR that has grown over 250 percent year over year, ClickHouse leads the market in real-time analytics, data warehousing, observability, and AI workloads.
The company’s sustained, accelerating momentum was recently validated by a $400M Series D financing round. Over the past three months, customers including Capital One, Lovable, Decagon, Polymarket, and Airwallex have adopted the platform or expanded existing deployments. These customers join an established base of AI innovators and global brands such as Meta, Cursor, Sony, and Tesla.
We’re on a mission to transform how companies use data. Come be a part of our journey!
The Platform Auth team’s goal is to support our ‘one customer identity’ vision by providing tools, processes, and expertise for our engineering teams to create a unified access management experience while simplifying and standardizing engineering patterns in the space. We are looking for engineers to join our growing team!
What you will be doing:
- Design and build the platform services that power authentication, authorization, and audit across ClickHouse Cloud. This includes a unified RBAC/ReBAC service, token issuance and session handling, and the SDKs that product teams embed to make authorization decision.
- Model permissions and access control primitives (resources, roles, relationships, policies) that work across ClickHouse, SQL Console, ClickPipes, and HyperDX. Ship the libraries and APIs that other engineers build against.
- Implement protocol-level support for SAML, SCIM, OIDC, OAuth2, and MFA/passwordless flows. Own the integrations that make enterprise SSO and provisioning work end to end.
- Build the audit and authorization-decision telemetry pipeline so every access decision is observable, queryable, and surfaceable to customers.
- Partner with product engineering teams to migrate bespoke per-product auth implementations onto the shared platform, and design APIs that make adoption straightforward.
- Carry the platform on-call rotation and own production reliability for systems on the critical path of every customer request.
What you bring along:
- Minimum 4+ years building production backend systems at scale. Comfort with at least one systems language (Go, Rust, C++) and one application language (TypeScript, Python).
- Hands-on experience designing and implementing an authentication or authorization service. Examples include building a token issuer, an OIDC or OAuth2 provider, a policy engine, a permissions model, or an FGA/ReBAC system in the style of Zanzibar, OpenFGA, SpiceDB, or Cedar.
- Working knowledge of SAML, SCIM, OIDC, and OAuth2 at the protocol level and are able to implement them.
- Experience designing APIs and SDKs that other engineers depend on, with strong opinions on what makes them adoptable.
- Experience operating distributed systems at scale, including caching strategies, consistency tradeoffs, and multi-region concerns.
- Familiarity with identity vendors (Auth0, WorkOS, AWS/GCP/Azure IAM) as building blocks you've extended or integrated into a larger platform.
- Strong production debugging instincts and a high bar for systems that are easy to develop against.
Bonus:
- You've built or contributed to a Zanzibar-style authorization system, or run an OpenFGA or SpiceDB deployment beyond the demo.
- You've designed a multi-tenant permission model that survived real customer requirements like custom roles, hierarchies, delegation, and ABAC attributes.
- You've shipped an SDK that product teams across an org actually adopted, and have opinions about why most internal SDKs fail.
The typical starting salary for this role in the US is
$141,000—$208,000 USD
The typical starting salary for this role in US Premium Markets is
$157,000—$232,000 USD
Compensation
For roles based in the United States, the typical starting salary range for this position is listed above. In certain locations, such as the San Francisco Bay Area and the New York City Metro Area, a premium market range may apply, as listed.
These salary ranges reflect what we reasonably and in good faith believe to be the minimum and maximum pay for this role at the time of posting. The actual compensation may be higher or lower than the amounts listed, and the ranges may be subject to future adjustments.
An individual’s placement within the range will depend on various factors, including (but not limited to) education, qualifications, certifications, experience, skills, location, performance, and the needs of the business or organization.
If you have any questions or comments about compensation as a candidate, please get in touch with us at paytransparency@clickhouse.com.
Perks
- Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in over 20 countries.
- Healthcare - Employer contributions towards your healthcare.
- Equity in the company - Every new team member who joins our company receives stock options.
- Time off - Flexible time off in the US, generous entitlement in other countries.
- **A $500 Home office setup **if you’re a remote employee.
- **Global Gatherings **– We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites.
Culture - We All Shape It
As part of a rapidly scaling start up, you will be instrumental in shaping our culture.
Are you interested in finding out more about our culture? Learn more about our values here. Check out ourblog posts or follow us on LinkedIn to find out more about what’s happening at ClickHouse.
**Equal Opportunity & Privacy **
ClickHouse provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type based on factors such as race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Please see here for our Privacy Statement.