View All Jobs 129348

Principal Platform Engineer - Authentication

Own the Authentication subdomain end-to-end and drive Curity consolidation across IFS products
Colombo, Western Province, Sri Lanka
18 hours agoBe an early applicant
IFS

IFS

Delivers enterprise software for asset management, field service, and ERP, helping organizations manage complex operations and service-centric business models.

Principal Platform Engineer - Authentication

The Platform Engineering team (R&D) builds and operates the foundational infrastructure that powers IFS Cloud. We're organised into platform teams – each led by a technical lead who sets direction and leads a squad of engineers. The Identity & Access Management domain sits at the heart of IFS's platform. Every IFS product — IFS Cloud, Nexus / IFS.ai, Remote — depends on secure, reliable authentication. We're looking for a Domain Owner for Authentication: a hands-on technical leader who combines deep identity-management expertise with a platform-engineering, automation-first mindset.

This is a Principal-level Architect / Team Lead role. You'll own the Authentication subdomain end-to-end: strategy, architecture, delivery, and team health. You'll partner with the Authorization Domain Owner, your domain's Program Manager, and engineering leadership to drive the IFS-wide consolidation of identity providers — with Curity positioned as the single identity platform replacing Entra ID, Keycloak, and others across IFS.

We care about the quality of your experience, not just the years. A senior engineer with four years of deep, deliberate work on modern identity platforms is more interesting than someone with fifteen years of incidental exposure.

What you'll own:

Architecture & Delivery

  • Architect and evolve IFS's authentication stack: Curity (strategic IDP for Nexus today, IFS-wide tomorrow), Keycloak (IFS Cloud), and legacy IFSIM.
  • Drive the multi-year Curity consolidation — replacing fragmented identity providers across IFS products and internal systems (Thor, time registration, internal tooling) with a single, coherent platform.
  • Resolve known technical debt: Curity performance bottlenecks at scale, high-latency integration flows, disaster-recovery gaps, and the long tail of non-production-ready configuration.
  • Define and evangelise authentication patterns across Nexus microservices, IFS Cloud, and federated customer identity providers.

Platform Engineering Mindset

  • Treat identity infrastructure as a product with self-service, observability, and automation as first-class citizens.
  • Replace ticket-driven identity work with declarative, GitOps-style configuration and well-documented platform capabilities.
  • Partner with DevOps and SRE to improve monitoring, alerting, and DR posture for auth services deployed across Azure AKS clusters.

Technical Leadership

  • Lead and mentor the AuthNCore squad, setting technical direction and raising the engineering bar.
  • Own the overall quality of code output from the squad — coding standards, code review culture, test coverage, and engineering craftsmanship are yours to set and uphold.
  • Work closely with your domain Program Manager to sequence and schedule delivery, balance project work against technical-debt reduction, and keep commitments realistic.
  • Collaborate closely with the Authorization Domain Owner (who also sits in the Identity & Access Management domain) — authentication and authorization must work as one coherent offering.
  • Work across product, engineering, security, and compliance to ensure authentication needs are embedded in every application and workflow.
  • Champion modern standards (OAuth 2.0 / OIDC, SAML, mTLS, PKCE, JWT), stay ahead of evolving trends, and bring that perspective back into IFS's roadmap.

Strategy & Roadmapping

  • Own the Authentication roadmap — aligning it with platform priorities, security goals, and customer requirements.
  • Evaluate emerging technologies and vendors where relevant (without being fashion-driven).
  • Contribute to broader platform strategy as part of the Identity & Access Management leadership group.

Must-have:

  • Deep, demonstrable experience with modern identity management — OAuth 2.0, OpenID Connect, SAML, JWT, PKCE, federated identity.
  • Hands-on engineering work with one or more identity platforms at scale: Curity, Keycloak, Auth0, Okta, Ping, ForgeRock, or similar.
  • Production experience on a major cloud — Azure preferred (AKS, Key Vault, Front Door, Entra ID); AWS/GCP transferable.
  • Strong software engineering foundations (Java, Go, or similar server-side languages).
  • Experience designing for multi-tenant SaaS: per-tenant isolation, key rotation, blue/green deployment, DR.
  • Experience leading and mentoring engineers — either as a tech lead, principal, or hands-on engineering manager.

Nice-to-have:

  • Experience working in a platform-engineering model (internal developer platform, self-service capabilities).
  • Exposure to observability tooling (Prometheus, Grafana, OpenTelemetry, Datadog, Splunk).
  • Background in compliance-heavy environments (SOC 2, ISO 27001, FedRAMP).
  • Familiarity with event-driven architectures (Kafka, NATS JetStream).
  • Contributions to open-source identity projects or published writing / speaking on identity topics.

How you work:

  • Automation-first. If you find yourself doing the same thing twice, you're looking for how to codify it.
  • Pragmatic. You balance ideal architecture with what's deliverable, and you know technical debt is a choice — you make that choice deliberately.
  • Collaborative. Identity is a cross-cutting concern; you influence rather than mandate, and you build allies across engineering.
  • Clear communicator. You can explain a nuanced security trade-off to a non-technical stakeholder and get them to the right decision.
  • Team-focused. You grow the engineers around you. The squad's output is your output.

Why this role:

  • Genuine platform ownership. You aren't a cog — you own the subdomain and set direction.
  • Strategic leverage. Curity consolidation is a multi-year, high-visibility programme. Your work shapes every IFS product.
  • A team to build on. The AuthNCore squad has strong engineers and a clear mandate — but has also been through attrition. You'll stabilise it and grow it.
  • Modern stack, real scale. Azure AKS, Curity, Kafka/NATS, MongoDB Atlas, OpenTelemetry — serving hundreds of customers across the IFS product suite.

Additional Information

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles, while also valuing inclusive workplace experiences. By fostering a sense of community, we drive innovation, strengthen connections, and nurture belonging. Our commitment ensures you can work in a way that suits you best, while also engaging with colleagues to share ideas and build meaningful relationships.

+ Show Original Job Post
Suggest a correction
























Principal Platform Engineer - Authentication
Colombo, Western Province, Sri Lanka
Engineering
Apply to job
About IFS
Delivers enterprise software for asset management, field service, and ERP, helping organizations manage complex operations and service-centric business models.