Jobs · Engineering · North Carolina

Software Engineer – Identity Shield (Backend)

Ally · Charlotte, NC · 2 wk ago
HybridEngineering$110k–$180k/yrFull-time

About the role

Join Ally's Identity Shield team to build authentication and identity infrastructure that protects our digital banking customers. You'll develop systems that implement fine-grained access control, manage authentication and authorization flows across Ally's digital banking ecosystem, and generate the behavioral and contextual signals that power adaptive fraud detection.

Responsibilities

  • Design and develop authentication and authorization services implementing modern identity protocols (OAuth 2.0, OpenID Connect, SAML, JWT)
  • Build scalable APIs for identity management, user registration, verification, and account recovery
  • Implement session management and token lifecycle systems across web and mobile platforms
  • Develop fine-grained authorization engines and policy evaluation services for access control
  • Implement passwordless authentication flows using passkeys, biometrics, and device attestation
  • Build adaptive authentication logic that adjusts requirements based on risk signals and context
  • Instrument authentication events with rich contextual metadata that power fraud detection and analytics
  • Write clean, tested code in Node.js, TypeScript, and Python following engineering best practices and team standards
  • Collaborate with frontend engineers, security teams, and data scientists to deliver solutions that drive real outcomes
  • Contribute to documentation, runbooks, and knowledge sharing across the team
  • Experiment with emerging technologies and propose innovations that enhance platform capabilities
  • Mentor team members and contribute to a culture of continuous learning and improvement

Requirements

  • 7+ years of relevant experience or equivalent combination of education and experience
  • High School Diploma or GED equivalent
  • Strong experience with RESTful API design, GraphQL, and microservices architectures
  • Hands-on experience with AWS serverless technologies (Lambda, API Gateway, AppSync, ECS/Fargate)
  • Solid understanding of authentication and authorization concepts, patterns, and best practices
  • Experience working with both relational databases (PostgreSQL) and NoSQL databases (DynamoDB) in production environments
  • Strong grasp of security principles including encryption, token management, secret handling, and threat modeling
  • Passion for writing maintainable code, automated tests, and clear documentation
  • Collaborative mindset with excellent communication skills across technical and non-technical audiences
  • Self-motivated learner who stays curious about new technologies and approaches
  • BSc/BA in Computer Science, Engineering or a related field, or equivalent practical experience
  • Deep knowledge of identity protocols and standards (OAuth 2.0, OpenID Connect, SAML, JWT, PKCE, WebAuthn)
  • Familiarity with identity providers and platforms (Auth0, Okta, Cognito etc.)
  • Experience building authentication or authorization systems from scratch or at scale
  • Understanding of passwordless authentication patterns (passkeys, FIDO2, WebAuthn)
  • Experience with mobile authentication patterns (biometric authentication, device binding, push notifications)
  • Understanding of zero-trust architecture principles and continuous verification patterns
  • Experience designing adaptive or risk-based authentication systems
  • Understanding of cryptographic concepts (signing, encryption, key management, certificate handling)
  • Experience with Infrastructure as Code tools like Terraform
  • Knowledge of observability tools and distributed tracing (Dynatrace, OpenTelemetry, CloudWatch, X-Ray)
  • Experience designing and deploying systems across multi-region architectures
  • Understanding of compliance requirements (SOC2, PCI-DSS, GDPR, CCPA)
  • Experience with CI/CD pipelines and automated security testing (SAST, DAST, dependency scanning)
  • Knowledge of caching strategies for authentication state (ElastiCache, Redis)
  • Understanding of compliance requirements (SOC2, PCI-DSS, GDPR, CCPA)
  • Experience with event-driven architectures and how authentication signals power fraud detection systems

Qualifications

  • BSc/BA in Computer Science, Engineering or a related field, or equivalent practical experience
  • Deep knowledge of identity protocols and standards (OAuth 2.0, OpenID Connect, SAML, JWT, PKCE, WebAuthn)
  • Familiarity with identity providers and platforms (Auth0, Okta, Cognito etc.)
  • Experience building authentication or authorization systems from scratch or at scale
  • Understanding of passwordless authentication patterns (passkeys, FIDO2, WebAuthn)
  • Experience with mobile authentication patterns (biometric authentication, device binding, push notifications)
  • Understanding of zero-trust architecture principles and continuous verification patterns
  • Experience designing adaptive or risk-based authentication systems
  • Understanding of cryptographic concepts (signing, encryption, key management, certificate handling)
  • Experience with Infrastructure as Code tools like Terraform
  • Knowledge of observability tools and distributed tracing (Dynatrace, OpenTelemetry, CloudWatch, X-Ray)
  • Experience designing and deploying systems across multi-region architectures
  • Understanding of compliance requirements (SOC2, PCI-DSS, GDPR, CCPA)
  • Experience with CI/CD pipelines and automated security testing (SAST, DAST, dependency scanning)
  • Knowledge of caching strategies for authentication state (ElastiCache, Redis)
  • Understanding of compliance requirements (SOC2, PCI-DSS, GDPR, CCPA)
  • Experience with event-driven architectures and how authentication signals power fraud detection systems

Skills

  • 7+ years of professional software development experience with strong fundamentals in data structures and algorithms
  • Strong experience with RESTful API design, GraphQL, and microservices architectures
  • Hands-on experience with AWS serverless technologies (Lambda, API Gateway, AppSync, ECS/Fargate)
  • Solid understanding of authentication and authorization concepts, patterns, and best practices
  • Experience working with both relational databases (PostgreSQL) and NoSQL databases (DynamoDB) in production environments
  • Strong grasp of security principles including encryption, token management, secret handling, and threat modeling
  • Passion for writing maintainable code, automated tests, and clear documentation
  • Collaborative mindset with excellent communication skills across technical and non-technical audiences
  • Self-motivated learner who stays curious about new technologies and approaches
  • BSc/BA in Computer Science, Engineering or a related field, or equivalent practical experience
  • Deep knowledge of identity protocols and standards (OAuth 2.0, OpenID Connect, SAML, JWT, PKCE, WebAuthn)
  • Familiarity with identity providers and platforms (Auth0, Okta, Cognito etc.)
  • Experience building authentication or authorization systems from scratch or at scale
  • Understanding of passwordless authentication patterns (passkeys, FIDO2, WebAuthn)
  • Experience with mobile authentication patterns (biometric authentication, device binding, push notifications)
  • Understanding of zero-trust architecture principles and continuous verification patterns
  • Experience designing adaptive or risk-based authentication systems
  • Understanding of cryptographic concepts (signing, encryption, key management, certificate handling)
  • Experience with Infrastructure as Code tools like Terraform
  • Knowledge of observability tools and distributed tracing (Dynatrace, OpenTelemetry, CloudWatch, X-Ray)
  • Experience designing and deploying systems across multi-region architectures
  • Understanding of compliance requirements (SOC2, PCI-DSS, GDPR, CCPA)
  • Experience with CI/CD pipelines and automated security testing (SAST, DAST, dependency scanning)
  • Knowledge of caching strategies for authentication state (ElastiCache, Redis)
  • Understanding of compliance requirements (SOC2, PCI-DSS, GDPR, CCPA)
  • Experience with event-driven architectures and how authentication signals power fraud detection systems

Benefits

  • Time Away: Program starts at 20 paid time off days in addition to 11 paid holidays and 8 hours of volunteer time off yearly (time off days are prorated based on start date and program varies based on full or part-time status and management level).
  • Planning for the Future: plan for the near and long term with an industry-leading 401K retirement savings plan with matching and company contributions, student loan pay downs and 529 educational save up assistance programs, tuition reimbursement, employee stock purchase plan, and financial learning center and financial coach access.
  • Supporting your Health & Well-being: flexible health and insurance options including medical, dental and vision, employee, spouse and child life insurance, short- and long-term disability, pre-tax Health Savings Account with employer contributions, Healthcare FSA, critical illness, accident & hospital indemnity insurance, and a total well-being program that helps you and your family stay on track physically, socially, emotionally, and financially.
  • Building a Family: adoption, surrogacy and fertility assistance as well as paid parental and caregiver leave, Dependent Day Care FSA back-up child and adult/elder care days and childcare discounts.
  • Work-Life Integration: other benefits including Mentally Fit Employee Assistance Program, subsidized and discounted Weight Watchers® program and other employee discount programs.

Pay

$110,000 - $180,000 USD

Schedule

Work Schedule: Ally designates roles as (1) fully on-site, (2) hybrid, or (3) fully remote. Hybrid roles are generally expected to be in the office a certain number of days per week as indicated by your manager. Your hiring manager will discuss this role's specific work requirements with you during the hiring process. All work requirements are subject to change at any time based on leader discretion and/or business need.

Similar jobs