Principal Engineer I, Senior(ciam)

Principal Engineer For Customer Identity And Access Management

We are seeking a highly experienced Principal Engineer to architect, develop, and enhance customer identity and access management (CIAM) capabilities across our digital platforms. This individual will serve as a technical expert responsible for building secure, scalable authentication and authorization services that support millions of customer interactions. You will work closely with cybersecurity, software engineering, cloud, compliance, and product teams to design identity solutions that strengthen security, streamline access, and deliver an exceptional digital experience. This is a hands-on engineering role with significant influence over CIAM strategy, platform evolution, and engineering best practices.

Key Responsibilities

Architecture and Engineering Leadership

• Design, build, and maintain CIAM services including authentication flows, MFA, single sign-on, identity federation, user directories, and secure session management.
• Develop and optimize CIAM integrations across mobile apps, web applications, APIs, and cloud-native services.
• Lead the technical architecture for identity platforms such as ForgeRock, Okta, Ping Identity, Auth0, Azure AD B2C, or custom-built identity services.
• Create high-scale, high-availability authentication components using modern engineering practices and zero-trust design principles.

Secure Development and Implementation

• Implement customer identity workflows following standards like OAuth2, OpenID Connect, SAML, JWT, SCIM, and FIDO-based authentication.
• Build secure APIs and backend microservices supporting identity lifecycle, risk scoring, authorization policies, and fraud prevention controls.
• Ensure CIAM solutions meet strict security, data protection, and regulatory requirements (NIST 800-63, PCI, FFIEC, SOX, internal cybersecurity frameworks).

Platform Optimization and Engineering Excellence

• Conduct deep technical analysis on system performance, authentication telemetry, failure modes, fraud patterns, and user behavior to inform product and security enhancements.
• Own CIAM release engineering, code quality, and CI/CD automation for identity services.
• Troubleshoot and perform root-cause analysis for complex identity and authentication issues affecting customers or integrated applications.
• Recommend new technologies, patterns, or architectural improvements to evolve CIAM capabilities.

Cross-Functional Technical Leadership

• Collaborate with cybersecurity, cloud engineering, DevSecOps, fraud, compliance, and digital product teams to ensure secure and seamless identity experiences.
• Provide engineering guidance during vendor evaluations, third-party integrations, and identity modernization initiatives.
• Mentor engineers, analysts, and technical stakeholders to upskill the organization's identity engineering capabilities.

Required Qualifications

• 7 to 10 years of experience in identity engineering, authentication development, or IAM/CIAM platform engineering.
• Hands-on expertise with CIAM technologies such as ForgeRock, Ping Identity, Okta, Auth0, Azure AD B2C, or similar.
• Strong proficiency in backend development (Java, JavaScript/Node.js, .NET, or similar).
• Deep knowledge of OAuth2, OIDC, SAML, JWT, MFA, identity proofing, risk-based authentication, and federation technologies.
• Experience building cloud-native identity services using AWS, Azure, or GCP.
• Strong understanding of API security, microservices, encryption, tokenization, and zero-trust architectures.
• Experience in highly regulated environments with strict security and compliance requirements.

Preferred Qualifications

• Background in financial services, telecom, healthcare, or other regulated industries.
• Experience with CI/CD automation, secrets management, and infrastructure-as-code.
• Security or identity certifications: CISSP, CCSP, CIAM-specific certs, or similar.
• Experience mentoring engineers or influencing enterprise-scale architecture decisions.