Job Description

We're looking for a Senior Software Engineer with deep Identity and Access Management (IAM) domain expertise to take ownership of a large-scale enterprise OIDC platform supporting thousands of users, hundreds of applications, and mission-critical authentication services.

This is not a Kubernetes, DevOps, SRE, or infrastructure engineering role. It is a senior application engineering and identity architecture position focused on the design, operation, troubleshooting, and evolution of a custom-built authorization platform. You'll become the technical authority for the platform, leading complex investigations, guiding architectural decisions, mentoring other engineers, and driving the roadmap toward a modern, standards-based identity solution.

The ideal candidate has hands-on experience building, operating, or extending identity platforms and authorization servers, with deep fluency in OAuth2, OpenID Connect, JWTs, claims, scopes, federation, MFA, token lifecycle management, and authentication architecture. You should be comfortable working in Node.js and TypeScript codebases, diagnosing production issues across application and data layers, and translating identity and security requirements into robust engineering solutions.

This role operates with core collaboration hours of 6:00 PM – 12:00 AM IST to provide overlap with global teams. Outside of core hours, work is flexible and outcome-focused.

What you'll do

Platform operations

• Own the operational health, reliability, and availability of the OIDC platform
• Lead incident investigation and root cause analysis
• Diagnose authentication, authorization, MFA, federation, and token-related failures
• Develop operational runbooks and platform documentation

Identity engineering

• Design and implement enhancements to authentication and authorization workflows
• Maintain OAuth2 and OIDC integrations
• Support MFA technologies including TOTP, SMS, Email, WebAuthn, and passwordless authentication
• Support federation with Active Directory and Azure Active Directory
• Maintain token issuance, claims mapping, scopes, audiences, and client registrations

Application development

• Develop and maintain Node.js and TypeScript services
• Troubleshoot production issues through code analysis and debugging
• Perform dependency upgrades and security remediation
• Build automation and operational tooling

Platform modernisation

• Assess migration paths toward modern identity platforms
• Lead technical evaluations of platforms such as Zitadel, Keycloak, Authentik, or similar
• Define migration strategies for applications, clients, claims, and identity data
• Drive platform simplification and reduction of technical debt

Data and infrastructure

• Support Elasticsearch-backed identity data stores
• Troubleshoot token, session, account, permission, and client data issues
• Work with Kubernetes-based deployments and GitOps workflows
• Support Redis, background processing, and synchronisation services

Operational Support & On-Call

• Participate in a shared on-call rotation.
• Assist with incident response, troubleshooting, root cause analysis, and continuous service improvements.

Requirements

Identity and security

• 5+ years working with OAuth2 and OpenID Connect in production environments
• Deep understanding of Authorization Code Flow, Client Credentials Flow, Device Authorization Flow, Token Exchange, JWT, JWK/JWKS, PKCE, Refresh Tokens, Federation, and Claims and Scopes

Development

• 5+ years of Node.js development
• Strong TypeScript experience
• Experience supporting and debugging production systems

Platform and infrastructure

• Kubernetes experience
• Elasticsearch and Redis experience
• CI/CD and GitOps exposure
• Production incident response experience

Nice to have

• Experience with panva/oidc-provider, Zitadel, Keycloak, or Authentik
• LDAP, Active Directory, or Azure AD / Entra ID
• WebAuthn / FIDO2

Benefits

Portainer is a leading tech company offering a broad benefits package including a highly competitive salary and the ability to work anywhere in the world while still being part of a dynamic team taking on some of the most interesting challenges in the technology/infrastructure space.