About this role
We're looking for a Senior Software Engineer with deep Identity and Access Management (IAM) domain expertise to take ownership of a large-scale enterprise OIDC platform supporting thousands of users, hundreds of applications, and mission-critical authentication services.
This is not a Kubernetes, DevOps, SRE, or infrastructure engineering role. It is a senior application engineering and identity architecture position focused on the design, operation, troubleshooting, and evolution of a custom-built authorization platform. You'll become the technical authority for the platform, leading complex investigations, guiding architectural decisions, mentoring other engineers, and driving the roadmap toward a modern, standards-based identity solution.
The ideal candidate has hands-on experience building, operating, or extending identity platforms and authorization servers, with deep fluency in OAuth2, OpenID Connect, JWTs, claims, scopes, federation, MFA, token lifecycle management, and authentication architecture. You should be comfortable working in Node.js and TypeScript codebases, diagnosing production issues across application and data layers, and translating identity and security requirements into robust engineering solutions.
This role operates with core collaboration hours of 6:00 PM – 12:00 AM IST to provide overlap with global teams. Outside of core hours, work is flexible and outcome-focused.
What you'll doPlatform operationsOwn the operational health, reliability, and availability of the OIDC platformLead incident investigation and root cause analysisDiagnose authentication, authorization, MFA, federation, and token-related failuresDevelop operational runbooks and platform documentationIdentity engineeringDesign and implement enhancements to authentication and authorization workflowsMaintain OAuth2 and OIDC integrationsSupport MFA technologies including TOTP, SMS, Email, WebAuthn, and passwordless authenticationSupport federation with Active Directory and Azure Active DirectoryMaintain token issuance, claims mapping, scopes, audiences, and client registrationsApplication developmentDevelop and maintain Node.js and TypeScript servicesTroubleshoot production issues through code analysis and debuggingPerform dependency upgrades and security remediationBuild automation and operational toolingPlatform modernisationAssess migration paths toward modern identity platformsLead technical evaluations of platforms such as Zitadel, Keycloak, Authentik, or similarDefine migration strategies for applications, clients, claims, and identity dataDrive platform simplification and reduction of technical debtData and infrastructureSupport Elasticsearch-backed identity data storesTroubleshoot token, session, account, permission, and client data issuesWork with Kubernetes-based deployments and GitOps workflowsSupport Redis, background processing, and synchronisation servicesOperational Support & On-CallParticipate in a shared on-call rotation.Assist with incident response, troubleshooting, root cause analysis, and continuous service improvements.Requirements
Identity and security5+ years working with OAuth2 and OpenID Connect in production environmentsDeep understanding of Authorization Code Flow, Client Credentials Flow, Device Authorization Flow, Token Exchange, JWT, JWK/JWKS, PKCE, Refresh Tokens, Federation, and Claims and ScopesDevelopment5+ years of Node.js developmentStrong TypeScript experienceExperience supporting and debugging production systemsPlatform and infrastructureKubernetes experienceElasticsearch and Redis experienceCI/CD and GitOps exposureProduction incident response experienceNice to haveExperience with panva/oidc-provider, Zitadel, Keycloak, or AuthentikLDAP, Active Directory, or Azure AD / Entra IDWebAuthn / FIDO2Benefits
Portainer is a leading tech company offering a broad benefits package including a highly competitive salary and the ability to work anywhere in the world while still being part of a dynamic team taking on some of the most interesting challenges in the technology/infrastructure space.