Staff Engineer - Authentication & Authorization (f/m/x)

Department: Tech

Location: Berlin

Employment Type: FullTime

At Enpal, we are not just a company; we are a movement. As a recognized greentech unicorn and one of Europe’s fastest-growing energy companies, we’re dedicated to making solar energy accessible and effortless for homeowners across the continent. Our innovative business model for solar panels, heat pumps, home energy storage systems, and EV charging stations is redefining the residential energy market. With our mission to empower homeowners to embrace clean energy, we are paving the way for a sustainable, decentralized energy future.

As a leader in the residential solar energy market, Enpal is expanding and our vision is clear: to become the leading force in Europe’s transition to sustainable and decentralized energy generation.

Job Description

Role Mission

As a Staff Engineer for Authentication & Authorization, you will define and lead the identity and access strategy across Enpal’s digital and device ecosystem.

This role is critical to ensuring that:

• Millions of device, user, and service interactions are secure by design

• Our platform scales safely across customers, partners, installers, and internal operations

• Identity becomes a shared platform capability, not reinvented per team

• We meet evolving compliance, privacy, and security requirements while maintaining developer velocity

You will operate as both an architect and a hands-on engineer, shaping how identity, trust, and access are implemented across cloud services, IoT infrastructure, and customer-facing applications

What You Will Do

Define the Identity Architecture

• Own the end-to-end authentication and authorization model across Enpal systems.

• Design scalable identity solutions for:

• Customer platforms and mobile/web apps

• Internal operational tools and partner integrations

• Machine-to-machine and event-driven communication

• Establish patterns for multi-tenant identity and access control across markets and product lines

Build a Secure-by-Default Platform

• Lead implementation of modern protocols (OAuth2, OIDC, mTLS, SAML where required)

• Define standards for:

• Fine-grained authorization (RBAC / ABAC / policy-based access)

• Secure API access and gateway enforcement

• Create reusable libraries, SDKs, and guardrails that make the secure path the easiest path

Drive Zero-Trust and Cloud-Native Security Practices

• Design identity-aware infrastructure aligned with Zero Trust principles

• Integrate authentication into our Azure and Kubernetes environments

• Secure event-driven systems and messaging infrastructure

• Collaborate with security teams on threat modeling and risk reduction

Enable Teams Through Platform Thinking

• Provide a shared identity platform used by multiple engineering domains

• Reduce duplication by standardizing authentication flows and access decisions

• Mentor teams on correct usage patterns and security best practices

• Balance strong security guarantees with usability and developer experience

Ensure Compliance, Privacy, and Auditability

• Support GDPR-aligned identity handling and data minimization strategies

• Implement traceable authorization decisions and audit logging

• Contribute to regulatory and certification readiness

Qualifications

We are looking for roughly a 50% fit with what we ask. The other 50% is the perspective and strengths you bring

Required Experience

• 8+ years in software engineering, including experience designing distributed systems

• Proven experience designing or operating authentication and authorization systems at scale

• Strong background in cloud-native architectures and microservices

• Hands-on experience implementing identity protocols such as OAuth2, OIDC, or similar.

• Experience designing secure service-to-service communication patterns including the ability to translate security requirements into practical engineering solutions

• Feel comfortable with: Azure, Kubernetes, Terraforn

• you communicate clearly in English, spoken and written. Crisp and concise ways of formulating your ideas and opinions. Knowledge of German is a plus

• you are inspired by the energy transition and want to make a difference. We are one of the biggest players in the solar business and want to make this change with you.

• you want to participate in a company where empowerment and initiative is valued. We are looking for people who want to grow their personal skills and knowledge, take responsibility, steer and influence for what they feel is right.

• agile and lean values are embodied by you. People over processes. Code over documentation. Reducing waste by building minimum viable products first, testing it with real users, growing and maintaining solutions as requirements evolve.

Additional information

• Work at Germany’s first green unicorn and actively shape the solar energy transition with us.

• The sun shines everywhere – and so do we. At Enpal, you’ll join a highly motivated and diverse team with over 65 nationalities working toward one mission.

• Office or home? You choose. We offer a hybrid work model – even after the pandemic – so you can balance focus and flexibility.

• Yes, we’re a startup cliché – and proud of it. From ping-pong and yoga corners to a rooftop terrace and fully stocked fridges – our Berlin HQ in Friedrichshain has everything you need to thrive.

• Your Enpal kick-start: On your onboarding day, you’ll meet the team, get to know the company – and have a welcome session with our founder, Mario.

• Stay in the loop: From company updates in our monthly All-Hands to solar deep dives in our Lunch & Learns – we make sure everyone understands the bigger picture.

• The energy transition is a team sport. Expect strong team spirit, ownership – and unforgettable team events.

• No progress without feedback. We embrace a strong feedback culture and believe your input drives our collective growth.

At Enpal, we are proud of the diversity of our team. No decisions are made on the basis of skin colour, religion or religious belief, ethnic or national origin, nationality, gender identity, sexual orientation, disability or age, either during recruitment or employment. Enpal stands for a safe workplace and takes action against discrimination and harassment of any kind.