Senior Software Engineer – IAM, OIDC, OAuth

This is a fully remote position, open to applicants in India.

📋 Description

• Take ownership of the operational health, reliability, and availability of the OIDC platform.

• Lead the investigation of incidents and conduct root cause analyses.

• Diagnose issues related to authentication, authorization, MFA, federation, and token failures.

• Create and maintain operational runbooks and documentation for the platform.

• Design and implement enhancements to workflows involving authentication and authorization.

• Manage OAuth2 and OIDC integrations.

• Provide support for MFA technologies such as TOTP, SMS, Email, WebAuthn, and passwordless authentication.

• Assist with federation capabilities utilizing Active Directory and Azure Active Directory.

• Oversee token issuance, claims mapping, scopes, audiences, and client registrations.

• Develop and maintain services using Node.js and TypeScript.

• Troubleshoot production issues through code analysis and debugging techniques.

• Carry out dependency upgrades and implement security remediation.

• Build automation tools and operational resources.

• Evaluate migration paths toward modern identity platforms.

• Conduct technical assessments of platforms like Zitadel, Keycloak, Authentik, or similar solutions.

• Define strategies for migrating applications, clients, claims, and identity data.

• Promote platform simplification and reduce technical debt.

• Support Elasticsearch-backed identity data repositories.

• Troubleshoot issues related to tokens, sessions, accounts, permissions, and client data.

• Work with Kubernetes-based deployments and GitOps workflows.

• Provide support for Redis, background processing, and synchronization services.

• Participate in a shared on-call rotation.

• Assist with incident responses, troubleshooting, root cause analyses, and continuous service improvements.

⛳️ Requirements

• 5+ years of experience with OAuth2 and OpenID Connect in production settings.

• Profound knowledge of Authorization Code Flow, Client Credentials Flow, Device Authorization Flow, Token Exchange, JWT, JWK/JWKS, PKCE, Refresh Tokens, Federation, and Claims and Scopes.

• 5+ years of experience in Node.js development.

• Strong expertise in TypeScript.

• Experience in supporting and debugging production systems.

• Familiarity with Kubernetes.

• Experience with Elasticsearch and Redis.

• Exposure to CI/CD and GitOps practices.

• Background in production incident response.

• Experience with panva/oidc-provider, Zitadel, Keycloak, or Authentik (preferred).

• Knowledge of LDAP, Active Directory, or Azure AD / Entra ID (preferred).

• Familiarity with WebAuthn / FIDO2 (preferred).

🏝️ Benefits

• Portainer is a leading technology company that provides a comprehensive benefits package, including a highly competitive salary.

• Opportunity to work from anywhere in the world while being part of a dynamic team.

• Engage with some of the most intriguing challenges in the technology/infrastructure domain.