The Fine-Grained Authorization (FGA) Engineer will design, implement, and operationalize authorization models using Auth0 Fine-Grained Authorization (FGA). You will partner closely with product and platform teams to model organizational hierarchies, roles, and resource access; implement tuple/policy write paths; integrate authorization checks into services; and establish testing, observability, and migration patterns. This role is hands-on and software-engineering heavy, with a strong emphasis on practical delivery and safe rollout.

Key Responsibilities

• Design and evolve authorization models in Auth0 FGA (relationship-based / ReBAC patterns) to support:
  • Hierarchical organizations (multi-level org trees where permissions can apply at multiple levels, with inheritance down the hierarchy).
  • Product-specific roles whose meanings may differ by product (avoid assuming a single “universal” role taxonomy).
  • Admin/support access patterns (e.g., elevated access for support teams, scoped appropriately).
• Translate ambiguous “who can do what” requirements into clear object types, relations, and permission checks suitable for FGA.
  • Where “shared services” own org hierarchy tuple writes vs. where product teams own role/permission tuple writes.
  • Where and how applications write tuples (user-to-org, user-to-role, role-to-permission, etc.).
• Collaborate with client teams on knowledge transfer, documentation, and operational handoff of authorization systems
• Contribute to internal best practices and delivery patterns for FGA engagements

Required Qualifications

• Strong software engineering background (backend/service development) and comfort operating in production systems.
• Experience implementing authorization in distributed systems (RBAC/ABAC/ReBAC concepts) and integrating authorization checks into APIs/services.
• Hands-on experience (or strong demonstrated ability to ramp quickly) with relationship-based authorization systems such as Auth0 FGA / OpenFGA (or equivalent).
• Experience modeling and implementing hierarchical org/account structures and inherited permissions.
• Practical understanding of identity/authorization integration boundaries (authentication vs authorization; token vs backend lookup patterns).
• Strong communication skills with the ability to translate ambiguous business requirements into precise authorization models
• Comfort working across multiple concurrent client projects

Preferred Qualifications

• Experience migrating from legacy authorization systems (roles in DB / code-level checks / per-app role silos) to a centralized authorization platform.
• Familiarity with product ecosystems where role names are reused but semantics differ across products (and you must avoid “global role” assumptions).
• Experience supporting multi-application/platform environments where a “core” system provides hierarchy data used by many dependent products.
• Experience with Auth0-based architectures (Auth0 for authentication paired with FGA as an authorization sidecar)
• Prior consulting or professional services delivery experience