Senior CIAM Software Engineer

About the Role

As part of this role, the engineer will work closely with partner engineering teams to ensure that identity features are integrated seamlessly, contributing to the overall security and user experience of Affirm's platforms. This includes collaborating on the design, implementation, and maintenance of authentication and authorization protocols, ensuring that they meet the highest standards of security and scalability. The engineer will also be involved in the integration of CIAM platforms with internal systems, such as user data stores, messaging, fraud signals, and downstream customer platforms, further emphasizing the need for a holistic understanding of Affirm's technology stack and security posture.

What You Will Do

• Design, build, and operate core CIAM backend services that support customer registration, authentication, authorization, account lifecycle, and profile management for B2C and B2B platforms.
• Implement and extend identity standards such as OAuth 2.0, OIDC, SAML, and SCIM in code, ensuring correctness, scalability, and clean integration patterns.
• Develop backend APIs and services in Python and Kotlin that expose identity capabilities to web, mobile, and partner applications, focusing on reliability and performance.
• Integrate CIAM platforms with internal systems, including user data stores, messaging, fraud signals, and downstream customer platforms, to create a unified and secure user experience.
• Own secure authentication and account flows end to end, including MFA, step-up authentication, device binding, consent, and adaptive authentication logic, ensuring that these flows meet the highest security standards.
• Automate CIAM infrastructure and deployments using Infrastructure as Code and CI/CD pipelines, treating identity as a core platform service that requires continuous monitoring and improvement.
• Monitor, debug, and optimize CIAM services for performance, resilience, and abuse detection in high-scale environments, leveraging tools and methodologies that enhance operational efficiency and security.
• Collaborate with cross-functional teams to ensure that CIAM solutions meet business requirements and security standards, facilitating a culture of security and compliance across the organization.

What We Are Looking For

• Strong experience designing and implementing CIAM systems, with deep, hands-on knowledge of OAuth 2.0, OIDC, SAML, and SCIM beyond basic configuration.
• 5+ years of professional backend software engineering experience, with a focus on building secure, scalable, and reliable systems.
• Strong production experience in Python or a similar backend language, with the ability to develop efficient, well-documented code.
• Experience designing APIs, automation frameworks, and distributed systems, with a understanding of how these components interact and impact overall system performance.
• Hands-on experience building and maintaining CI/CD pipelines, with knowledge of how to optimize pipeline performance and reduce deployment risks.
• Experience with GitHub-based development workflows and Buildkite or similar build systems, emphasizing collaboration and version control.
• Experience with cloud-native development, preferably AWS, with an understanding of how to leverage cloud services to enhance security, scalability, and cost-efficiency.
• Hands-on experience extending and integrating CIAM platforms such as Okta, Auth0, Ping Identity, ForgeRock, or Azure AD B2C using custom code, hooks, and APIs.
• Solid understanding of backend and distributed systems fundamentals, including API design, data modeling, latency, error handling, and observability, with the ability to apply this knowledge to complex system design and troubleshooting.

Nice to Have

• Familiarity with tools such as Cursor and other AI-augmented development environments, with an interest in exploring how these tools can enhance development productivity and code quality.
• Experience with machine learning or artificial intelligence, particularly in the context of security and authentication, with an understanding of how these technologies can be leveraged to improve security posture and user experience.
• Knowledge of containerization using Docker and orchestration using Kubernetes, with an understanding of how these technologies can be used to deploy and manage CIAM services in a scalable and secure manner.
• Participation in open-source projects or personal projects that demonstrate expertise in CIAM, security, or related fields, showcasing a commitment to continuous learning and professional development.

Benefits and Perks

• Competitive compensation package, with a focus on rewarding performance and contributions to the company's mission.
• Equity opportunities, providing a chance to share in the company's success and growth.
• Comprehensive health insurance, offering peace of mind and protection for employees and their families.
• Generous PTO policy, recognizing the importance of work-life balance and employee well-being.
• Remote work stipend, supporting employees in their remote work setup and ensuring that they have the resources needed to be productive and successful.
• Professional development opportunities, including training, mentorship, and conference attendance, to help employees grow in their careers and stay up-to-date with industry trends and best practices.
• Access to cutting-edge technologies and tools, enabling employees to work efficiently and effectively in their roles.
• Collaborative and dynamic work environment, with a team of experienced professionals who are passionate about their work and committed to making a positive impact.

• Highlight CIAM Experience: Ensure that your resume and cover letter clearly outline your experience with CIAM systems, particularly with OAuth 2.0, OIDC, SAML, and SCIM.
• Showcase Security Fundamentals: Demonstrate a deep understanding of security fundamentals, including access control models, token handling, encryption, MFA, and privacy by design, as these are critical to the CIAM role.
• Prepare for Technical Interviews: Be ready to discuss your experience with backend software engineering, including designing and building secure and scalable systems, and your proficiency in languages such as Python.
• Demonstrate Collaboration Skills: Highlight your ability to work closely with cross-functional teams, including product, frontend, mobile, and security teams, to deliver CIAM solutions that meet business requirements and security standards.
• Discuss Cloud-Native Development: Show familiarity with cloud-native development, preferably AWS, and how you have leveraged cloud services to enhance security, scalability, and cost-efficiency in your previous roles.
• Be Ready to Talk About Your Projects: Prepare to discuss personal or open-source projects that demonstrate your expertise in CIAM, security, or related fields, and be ready to explain your design choices and technical decisions.
• Inquire About Remote Work Setup: If you're applying for a remote position, ask about the company's remote work stipend and what support they offer for remote employees to ensure a productive work environment.