Sr Engineer, IAM
Optimum · Bethpage, NY · 1 wk ago
Engineering$100k–$165k/yrFull-time
Job Summary
The Senior IAM Engineer is the technical anchor of the Customer IAM team. Where the IAM Engineer executes established patterns, the Senior Engineer defines them. You own the platform architecture, author the standards that every integration must meet, design the automation that keeps configuration consistent at scale, and provide the technical leadership that enables your teammates and application development teams to move faster and more securely.
Responsibilities
- CIAM Architecture & Platform Governance
- Own the architecture and design of the enterprise customer identity platform, including authentication policy frameworks, authorization models, and identity lifecycle standards
- Define and enforce integration standards across identity protocols (OAuth 2.0, OpenID Connect, SAML, SCIM), ensuring consistency and scalability across all applications
- Establish governance practices for platform configuration, including naming standards, policy structures, and change management controls
- Lead the evaluation and adoption of new identity capabilities and platform features aligned to enterprise security and scalability goals
- Authentication Modernization & Technical Leadership
- Lead the technical design of enterprise authentication modernization initiatives, defining integration patterns and reference architectures for application teams
- Develop and maintain standardized migration frameworks for onboarding applications to modern CIAM solutions
- Define token design, scope models, and session management strategies aligned to security and business requirements
- Drive adoption of advanced authentication capabilities, including phishing-resistant and passwordless authentication
- Identify and resolve cross-cutting architectural challenges impacting identity integrations across the application portfolio
- Developer Platform & Enablement
- Own the IAM developer experience, including integration guides, reference architectures, code samples, and reusable implementation patterns
- Build and maintain reference implementations demonstrating best practices for authentication flows, token validation, and session management
- Design and improve onboarding processes and self-service capabilities for application teams integrating with the CIAM platform
- Lead architecture reviews for complex or high-risk integrations, providing clear, standards-based guidance and decision rationale
- Foster a community of practice to promote identity best practices and knowledge sharing across engineering teams
- Security Engineering & Risk Management
- Conduct threat modeling for the CIAM platform and application integrations, identifying risks and designing appropriate controls
- Define and maintain identity security standards, including authentication assurance levels, MFA requirements, and session policies
- Design and tune identity-related monitoring and detection capabilities, including integration with SIEM tools
- Lead security design reviews for identity workflows, integrations, and custom services to ensure adherence to best practices
- Support vulnerability management by assessing risks, prioritizing remediation, and driving resolution across the platform
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (or equivalent experience)
- 6+ years of experience in Identity & Access Management, security engineering, or a related technical field
- Strong hands-on experience designing and operating CIAM or identity provider platforms at scale
- Deep understanding of identity standards and protocols (OAuth 2.0, OpenID Connect, SAML, SCIM, FIDO2/WebAuthn)
- Experience leading authentication modernization or large-scale IAM integration initiatives
- Proficiency in at least one modern programming language (e.g., JavaScript, Python, Java, Go) for building integrations and automation
- Experience implementing Infrastructure-as-Code and CI/CD practices for platform configuration
- Proven ability to perform threat modeling, security reviews, and produce clear technical guidance
- Experience working with compliance frameworks (e.g., SOX, SOC 2, PCI) and supporting audit activities
- Demonstrated ability to mentor engineers and influence technical direction across teams