Senior Security Engineer in Manchester

At Anaplan, we are a team of innovators focused on optimizing business decision‑making through our leading AI‑infused scenario planning and analysis platform so our customers can outpace their competition and the market. Our customers rank among the who’s who in the Fortune 50. Coca‑Cola, LinkedIn, Adobe, LVMH and Bayer are just a few of the 2,400+ global companies who rely on our best‑in‑class platform.

You’ll join the Platform & AI Enablement team within our GPTO Engineering organization, as part of the Data Orchestration domain. The team is responsible for building core capabilities that power our data and AI infrastructure—enabling scalable, resilient, and intelligent systems to support enterprise‑scale Business Planning Software solutions.

We are looking for a Senior Security Engineer with deep experience in Java/Kotlin and a strong background in authentication, authorization, integrations, and secure platform architecture. You will design and build services that integrate with third‑party identity providers, manage multi‑tenant access patterns, enforce security controls, and contribute to the long‑term strategy of how our platform securely interacts with customers and external products. This role requires strong systems thinking, hands‑on engineering ability, and the experience to guide architectural decisions that keep our platform robust, trustworthy, and enterprise‑grade.

• Design and implement secure backend services using Java or Kotlin, with a heavy focus on authentication, authorization, and cross‑system integrations.
• Lead the architecture for identity and access integrations, including OAuth2/OIDC, SCIM, SAML, mTLS, and certificate‑based access pattern.
• Define platform‑wide security patterns for multi‑tenant isolation, key lifecycle management, token issuance, secrets handling, and secure API‑to‑API communication.
• Own integrations with external identity providers such as Okta, Auth0, Ping, Azure Entra, and other enterprise IdPs.
• Develop and operate features for authorization using policy engines like Open Policy Agent (OPA) and Rego‑based policy evaluation.
• Collaborate with platform and infrastructure teams to ensure services integrate securely with mesh‑based architectures (e.g., Istio) and workload identity systems (SPIFFE/SPIRE).
• Contribute to the strategy around compliance and governance, including GDPR, data minimization, auditability, and least‑privilege design.
• Build high‑quality internal libraries and SDKs to make security integration and best practices accessible across engineering teams.
• Collaborate cross‑functionally with product, platform, SRE, and frontend engineers to deliver secure, seamless user flows.
• Participate in threat modeling and platform architecture sessions, helping shape how application code interacts with infrastructure security controls.
• Mentor and guide other engineers, promoting secure coding practices and elevating the maturity of the engineering organization.

• Experienced in backend development in Java or Kotlin.
• Proven expertise in OAuth2, OIDC, JWT, SAML, and modern identity protocols.
• Hands‑on experience integrating with enterprise identity providers (Okta, Auth0, Ping, Entra, ForgeRock, etc.).
• Strong knowledge of mTLS, certificate‑based auth, PKI, CA chains, CSR workflows, and certificate rotation.
• Experience with multi‑tenant architectures, isolation strategies, and developing secure APIs for B2B SaaS products.
• Solid understanding of Zero Trust principles, workload identity (e.g. SPIFFE/SPIRE), and secure service mesh patterns.
• Exposure to Open Policy Agent, Rego, and runtime authorization systems.
• Familiar with regulatory and compliance concerns such as GDPR, data residency, and audit logging requirements.
• Strong grasp of core engineering fundamentals: concurrency, resilient systems, distributed systems concepts, and performance tuning.
• Experience with API security: Personal Access Tokens, API keys, signature schemes, rate limiting, and revocation flows.
• Ability to work end‑to‑end across design, implementation, testing, and deployment.

• Experience working in international and distributed teams.
• Familiarity with cloud‑agnostic architectures.
• Exposure to observability tools and practices.
• Experience contributing to long‑term technology strategy.