WorkOS provides the enterprise auth features (SAML SSO, SCIM provisioning, audit logs, directory sync) that startups need to sell upmarket — without building any of it themselves. The engineering culture is small-team, deeply technical, and famously well-written. The interview is selective and rewards engineers with strong written communication.
Process
Recruiter screen → take-home async work sample (paid) → 60-minute pair-programming → 60-minute system design → 60-minute past-project deep dive → behavioral. Cycle: 3–5 weeks.
What they actually ask
- Design a SAML SSO integration that handles arbitrary IdP idiosyncrasies (Okta, Azure AD, Google Workspace)
- Design SCIM provisioning with bidirectional sync and conflict handling
- Design an audit log API with immutable append and queryable retention
- Coding: practical Node/TypeScript, often involving XML or JSON parsing
- Past-project deep dive: defend choices and articulate tradeoffs
Levels and comp (2026)
- SE: $180K–$240K total
- Senior SE: $260K–$340K
- Staff: $360K–$470K
- Principal: $490K–$640K
Prep priorities
- Be fluent in TypeScript and at least one auth protocol (SAML, OIDC, SCIM)
- Read the WorkOS engineering blog — they hire people who already engage
- Have a strong portfolio of writing — blog posts, RFCs, OSS contributions
Frequently Asked Questions
Is WorkOS fully remote?
Yes. ~80 employees globally with concentration in North America. Quarterly off-sites are optional.
How does WorkOS compare to Auth0 (Okta) or Clerk?
Auth0/Okta is broader and more enterprise. Clerk is consumer-app-friendly. WorkOS is laser-focused on the B2B “make my SaaS enterprise-ready” niche.
What is the take-home like?
Realistic and bounded — usually 3–4 hours, paid. Quality of writing matters as much as code.