We're building Keymate—a next-gen identity and access management platform built on:

• Fine-Grained Authorization (FGAC, OpenFGA)
• Multi-Tenant IAM Orchestration
• Event-Driven Policy Enforcement
• Real-Time Observability via OpenTelemetry

We're looking for a Senior Java Developer to join our platform team, where infrastructure, authorization, and domain logic converge.

You won't just "write APIs"—you'll build a modular, reactive, and auditable IAM architecture, working across systems like Keycloak, Kafka, PostgreSQL, OpenMetadata, and Access Gateways.

This is a product engineering role focused on architecture, scale, and traceability.

To maintain our global agility, this role is opened as a B2B / Independent Contractor position. This allows us to work with the best talent regardless of their local labor laws, offering you a competitive international rate and the flexibility to manage your own workspace.

What You'll Work On

• Develop Quarkus-based microservices using gRPC, REST, and Kafka
• Design and implement authorization APIs, token flow logic, and event-driven policy engines
• Contribute to OpenFGA-integrated modules using ReBAC and contextual attribute access models
• Implement fine-grained permission checks, parameter extractors, and decision evaluators
• Build DSL-based policy engines with versioning, preview, and rollback capabilities
• Participate in multi-tenant context handling, impersonation flows, and session-bound access logic
• Collaborate with frontend and DevOps teams to enable real-time observability and access event tracing
• Ensure secure, auditable, and high-performance code—tested, profiled, and monitored

What We're Looking For

• 5+ years of professional Java experience, ideally in platform-level systems
• Strong proficiency with Java 17+, modern features, and clean architecture principles
• Hands-on experience with Quarkus, gRPC, REST, and Kafka
• Deep understanding of authorization concepts (RBAC, ABAC, ReBAC) and token lifecycles
• Experience with test-driven development, observability, and structured logging
• Familiarity with PostgreSQL, event sourcing, and reactive programming is a plus
• Passion for building developer-friendly, traceable, and extensible backend systems

Nice to Have

• Experience integrating with Keycloak, SPI extensions, or token mappers
• Knowledge of OpenFGA, policy engines, or DSL interpreters
• Understanding of multi-tenant architecture, impersonation, and scoped access models
• Interest in security engineering, audit traceability, and compliance-friendly design
• Familiarity with OpenTelemetry, Infinispan, and distributed caching strategies

What We Offer

• A core role in building a product that extends open-source IAM with enterprise-grade architecture
• High autonomy and direct collaboration with technical architects and product owners
• A platform where you can build and improve the security foundation used by thousands
• Fully remote, async-friendly work environment
• Chance to shape and own parts of the platform that define its long-term evolution

Note: This is a backend engineering role where architecture, security, and extensibility matter. You'll write APIs—but more importantly, you'll shape the systems that enforce trust at scale.