Software Engineer, Enterprise Platform

at Cursor · Coding AI · San Francisco, CA · Engineering

Software Engineer, Enterprise Platform at Cursor, focused on building foundational systems for enterprise customers including organization management, access control (RBAC), compliance features, and administrative tooling. This role is deeply technical and emphasizes building secure, scalable infrastructure for large organizations.

What you'd actually do

  1. Build and evolve our organization management system — multi-level org structures, groups, roles, lifecycle, and provisioning via SCIM, so admins can manage thousands of seats without friction.
  2. Design and implement RBAC with fine-grained roles, permissions, and resource scopes that cover organizations, teams, agents, and other resources — balancing security with developer ergonomics.
  3. Extend enterprise settings and policies — org-wide defaults, security policies (allowed models, MCPs, Tools, network restrictions), and configuration inheritance across different products.
  4. Deepen our audit logging infrastructure — comprehensive, queryable, tamper-evident audit trails that satisfy customer-specific compliance requirements.
  5. Build admin APIs and internal tooling that enterprise admins, customer success, and sales engineering depend on to manage organizations, investigate access issues, and onboard large accounts.

Skills

Required

  • Experience building multi-tenant organization or IAM systems
  • Experience shipping RBAC or ABAC systems
  • Deep understanding of authorization correctness and security principles
  • Ability to balance feature velocity with security and stability
  • Proficiency in designing and implementing secure, scalable enterprise infrastructure
  • Experience with SCIM provisioning
  • Experience with audit logging and compliance requirements
  • API design and development
  • Database schema design

Nice to have

  • Experience with WorkOS (SSO/IdP integration)

What the JD emphasized

  • build the foundational systems that make Cursor ready for the world's largest engineering organizations
  • design and build the platform layer that powers organization management, access control, compliance, and administrative tooling across Cursor's product surface
  • deeply technical IC role focused on building correct, secure, and scalable enterprise infrastructure
  • You will own organization management, RBAC and authorization, enterprise settings and policies, audit logs, admin APIs, and compliance-related platform features.
  • You will be a technical authority on how Cursor models identity, access, and governance for enterprise customers.
  • You've built multi-tenant organization or IAM systems in production and have opinions on permission models, role inheritance, and policy evaluation.
  • You've shipped RBAC or ABAC systems and understand the tradeoffs between flexibility and complexity.
  • You deeply about correctness in authorization and understand why "fail closed" matters.
  • ship enterprise features fast
  • do not create security gaps or break existing access patterns.
Read full job description

Our mission is to automate coding. The first step in our journey is to build the best tool for professional programmers, using a combination of inventive research, design, and engineering. Our organization is very flat, and our team is small and talent dense. We particularly like people who are truth-seeking, passionate, and creative. We enjoy spirited debate, crazy ideas, and shipping code.

About the role

We're hiring an Enterprise Platform Engineer to build the foundational systems that make Cursor ready for the world's largest engineering organizations.

Today we have basic organizations, simple IAM primitives, early audit logs, analytics APIs, and admin APIs — but enterprise customers need much more. You will design and build the platform layer that powers organization management, access control, compliance, and administrative tooling across Cursor's product surface. This is a deeply technical IC role focused on building correct, secure, and scalable enterprise infrastructure — not gluing together vendor SDKs.

What you’ll do

  • Build and evolve our organization management system — multi-level org structures, groups, roles, lifecycle, and provisioning via SCIM, so admins can manage thousands of seats without friction.
  • Design and implement RBAC with fine-grained roles, permissions, and resource scopes that cover organizations, teams, agents, and other resources — balancing security with developer ergonomics.
  • Extend enterprise settings and policies — org-wide defaults, security policies (allowed models, MCPs, Tools, network restrictions), and configuration inheritance across different products.
  • Deepen our audit logging infrastructure — comprehensive, queryable, tamper-evident audit trails that satisfy customer-specific compliance requirements.
  • Build admin APIs and internal tooling that enterprise admins, customer success, and sales engineering depend on to manage organizations, investigate access issues, and onboard large accounts.
  • Ship compliance features end-to-end — SSO enforcement, session management, allowlisting, data analytics, and the controls that procurement and security teams require before signing.
  • Partner with product, security, and infrastructure teams to define enterprise platform abstractions that scale across the product without slowing down feature development.
  • You will own organization management, RBAC and authorization, enterprise settings and policies, audit logs, admin APIs, and compliance-related platform features. You will be a technical authority on how Cursor models identity, access, and governance for enterprise customers.
  • You will not own SSO/IdP integration at the protocol level (we use WorkOS) or billing and payments.
  • Security and correctness are part of the job, but the goal is to build systems with enough rigor and observability that enterprise operations are boring — not to manually triage every access control edge case.

You may be a fit if

  • You've built multi-tenant organization or IAM systems in production and have opinions on permission models, role inheritance, and policy evaluation.
  • You've shipped RBAC or ABAC systems and understand the tradeoffs between flexibility and complexity.
  • You deeply about correctness in authorization and understand why "fail closed" matters.
  • You can hold the tension between "ship enterprise features fast" and "do not create security gaps or break existing access patterns."
  • You feel comfortable shipping features end-to-end — from database schema and API design to admin UI and documentation.

#LI-DNI