Yandex 360 is a digital workspace that helps organize workflows. It includes Mail, Disk, Calendar, Telemost, and other products (more than 10 in total), which simplify life for millions of people and allow them to work from anywhere in the world.

Each product in Yandex 360 has its own history and specifics, but they are all united into a single ecosystem by Yandex 360's platform services. Security services are a subset of these services; they are designed to ensure consistent security management for each product individually and for the entire ecosystem as a whole.

Yandex 360 security services consist of three major components with a consistent tech stack and development principles.

Authorizator 360 is the main authorization component of Yandex 360. While its main functional requirement is easy to guess from its name, its main non-functional requirement is to withstand high loads of hundreds of thousands of RPS for read operations from all ecosystem products under any circumstances. Strategic challenges associated with this component stem from the need to support transitive assignment and compute roles for arbitrary user groups with support for deep nesting, as well as the heterogeneity of authorization requirements from each Yandex 360 product.

Configurator 360 is the component for asynchronous management of settings within Yandex 360. It receives and processes heterogeneous settings from source services and distributes them to configurable recipient systems. It allows setting flexible rules for aggregating and processing incoming settings and guarantees the delivery of resulting settings to recipient services. It is designed to withstand the assignment of hundreds of settings to millions of users and group management of settings in organizations with hundreds of thousands of employees.

Audit Logs 360 is the component for centralized management of Yandex 360 security events, ensuring collection, enrichment, short-term and long-term storage, search, and retrieval of events. Since security events can be generated by both write and read operations, including failed ones, this component must handle tens of thousands of RPS for write operations.

Main tech stack: * Code in Java * Spring Boot as the main framework * PostgreSQL as the main database * YDB Topics as the data bus

What tasks await you

Scaling security services Since Yandex 360 is a young ecosystem with heterogeneous products, not all of them yet fully utilize platform services. But we have long-term plans to integrate each of these products with all security services. This means that in the near future, loads and the complexity of interaction models will only grow, so we are looking for colleagues ready to bring these plans to life with us.

Functional development of security services Each of the three security components has its own backlog. Yandex 360 uses quarterly planning, within which we redistribute the team's resources between components according to current tasks and technical initiatives. This provides an opportunity to focus on developing one component while being able to take tasks from the other two.

Influencing the architecture of the entire Yandex 360 through managing the architecture of security services Most projects of the security services team influence not only individual components, but also the entire Yandex 360 and each product in the ecosystem. Working on such projects involves not so much writing code as architectural design and justification of changes. All architectural decisions go through an architectural review procedure and are documented.

More about backend at Yandex — in the Yandex for Backend channel

We expect you to

• Know how and want to write clean, optimized code in Java
• Strive to decompose and solve tasks efficiently
• Have strong communication skills and know how to negotiate with related teams
• Are willing to delve into security domains: authorization, settings management, audit logs

Will be a plus

• Have developed high-load systems with complex data structures
• Know how to design scalable, fault-tolerant architecture
• Have worked with complex graph data structures
• Have written and maintained recursive SQL queries
• Have designed or developed authorization systems, log collection systems, or guaranteed message delivery systems
• Strive to develop in the context of leadership within the development team and beyond