Pincipal Software Engineer - Identity & Access Management

Responsibilities :

- Design, develop, and maintain core identity services including authentication, authorization, token issuance, and policy enforcement.

- Lead, implement, and optimize OIDC, OAuth2.0 and JWT-based flows across distributed systems.

- Build and manage JWKS endpoints, token validation logic, and secure key rotation mechanisms.

- Develop and enforce OPA (Open Policy Agents)policies for fine-grained access control.

- Integrate identity solutions with third-party providers (e. g., Ping, WS02 etc) and internal services.

- Leadcode reviews, contribute to architecture decisions, and ensure high-quality engineering practices.

- Build custom middleware and SDKs to abstract identity logic for internal consumers.

- Troubleshoot and resolve complex identity-related issues in production environments.

- Collaborate with DevSecOps to implement Zero Trust principles, secure service-to-service communication, and audit trails.

- Conduct threat modeling, security audits, and vulnerability assessments for identity systems to mitigate risks such as token forgery, session hijacking, etc.

- Mentor engineers and promote best practices in identity, security, and cloud-native development.

- Stay abreast of industry trends in identity management and contribute to open-source projects.

Requirements :

- 15+ years of experience in software engineering, with at least 5 years focused on identity and access management.

- Proven experience in designing and deploying scalable cloud solutions using platforms such as AWS, Azure, or Google Cloud.

- Deep knowledge of microservices architecture and containerization technologies (e. g., Docker, Kubernetes).

- Excellent understanding of cloud-native design patterns and best practices.

- Strong understanding of authentication protocols(e. g., OIDC, SAML, OAuth2.0).

- Deep knowledge of JWT, JWKS, and token-based authentication mechanisms.

- Experience with OPA and policy-as-code frameworks.

- Proficiency in designing and implementing RBAC/ABAC models.

- Hands-on experience with identity platforms (e. g., Auth0 Okta, Ping, Azure AD).

- Strong programming skills in languages such as Java, Go, Python, or Node.js .

- Familiarity with cloud-native architectures and microservices.

- Excellent problem-solving, communication, and leadership skills.

- Experience in using GenAI tools in the design and development of cloud native services

Nice-to-Have Skills :

- Experience working with multi-cloud or hybrid cloud deployments.

- Open-source contributions, technical publications, or public speaking at conferences.

- Relevant certifications such as CISSP, CISM, or AWS Security Specialty.

- Cloud architecture certifications (e. g., AWS Certified Solutions Architect.