Enterprise IAM Software Engineer II

AffirmAffirm·Remote(Remote Canada)
Software Development

WFA Digital Insight

The demand for skilled Identity and Access Management professionals has surged in recent years, with a 27% increase in job postings in the last 12 months alone. As companies like Affirm continue to navigate complex digital landscapes, the need for experts who can blend technical skills with operational prowess has never been more pressing. With the global remote workforce projected to reach 73% by 2028, opportunities for talented professionals to make a real impact are on the rise. Before applying, candidates should be prepared to showcase their ability to work independently in a remote setting, as well as their experience with backend languages like Python and familiarity with cloud environments.

Job Description

About the Role

The Enterprise IAM Software Engineer II plays a pivotal role in Affirm's mission to reinvent credit by ensuring the integrity and security of its digital platforms. This role combines the technical aspects of software engineering with the process-driven nature of operations, making it an exciting challenge for those looking to expand their skill set. As part of the identity and access management team, the successful candidate will work closely with cross-functional stakeholders, including security, IT, and engineering teams, to coordinate changes, troubleshoot issues, and contribute to the development of automation scripts and services.

The day-to-day operations of the enterprise IAM program are crucial to the company's overall security posture. This includes managing access lifecycle work, running and improving core IAM processes, and ensuring that all access requests are properly validated and executed. The role is split 50/50 between operational process and technical delivery, offering a unique balance that allows for both the implementation of process improvements and the development of technical solutions to automate repetitive tasks.

What You Will Do

  • Support the daily operations of the enterprise IAM program, including intake, triage, and execution of access lifecycle work.
  • Run and improve core IAM processes such as joiner/mover/leaver, access requests, certifications, and break-glass patterns.
  • Partner with Security, IT, and Engineering stakeholders to coordinate changes with clear ownership, approvals, and auditability.
  • Troubleshoot and resolve IAM-related issues, including access failures, provisioning bugs, and workflow errors.
  • Write and maintain scripts and small services that automate repetitive IAM tasks and reduce manual effort.
  • Contribute backend code and bug fixes in the IAM automation codebase, including tests and safe rollout practices.
  • Help document runbooks, standard operating procedures, and operational metrics for the program.
  • Participate in on-call or escalation rotations as needed for IAM-owned systems.
  • Debug provisioning workflows that intermittently fail and implement monitoring plus automated retries.
  • Write scripts to reconcile access between source systems and SailPoint.
  • Improve Jira intake workflows to ensure requests are validated and routed correctly before execution.

What We Are Looking For

  • 2+ years of professional software engineering experience or equivalent internship/co-op experience with strong projects.
  • Ability to write production-quality code in Python or a similar backend language.
  • Comfort working with operational processes, tickets/requests, and cross-functional stakeholders.
  • Experience with APIs, scripting, and debugging distributed systems issues.
  • Familiarity with CI/CD and GitHub-based workflows.
  • Familiarity with cloud environments, with AWS being preferred.
  • Strong written communication and documentation habits.
  • Ability to work in a remote environment with minimal supervision.
  • Experience with identity and access management concepts, though not required, is a significant plus.

Nice to Have

  • Any exposure to IAM/IGA/SSO concepts such as SAML/OIDC, SCIM, and RBAC.
  • Experience with SailPoint, Auth0, Okta, OneLogin, or similar identity platforms.
  • Experience with infrastructure as code (Terraform or similar).
  • Familiarity with compliance/audit-driven environments (SOC 2, SOX, ISO, PCI).

Benefits and Perks

  • Competitive salary package.
  • Equity options as part of the compensation package.
  • Comprehensive health insurance.
  • Generous PTO and holiday policy.
  • Remote work stipend to support home office setup.
  • Opportunities for professional growth and development.
  • Access to the latest tools and technologies.
  • Collaborative and dynamic work environment.
  • Recognition and reward for outstanding performance.

How to Stand Out

  • Ensure your portfolio includes examples of automation scripts and backend code you've developed, especially if related to IAM.
  • Highlight any experience with cloud environments, particularly AWS, and your understanding of CI/CD pipelines.
  • Practice explaining technical concepts simply, as strong communication skills are key in this role.
  • Prepare to discuss your experience with APIs, distributed systems, and debugging techniques.
  • Research Affirm's products and mission to demonstrate your interest in the company's goals and how your skills align with them.
  • Consider reaching out to current or former employees for insights into the company culture and what makes a candidate successful in this role.
  • Be prepared to discuss your approach to working remotely and how you stay motivated and connected with the team.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.