Job Description

For more than 25 years, Asurion has been a leader in innovation, not only in the tech solutions industry, but in creating a culture where employees feel valued.

The Asurion ID team owns the centralized Customer Identity and Access Management (CIAM) platform that secures every interaction our 350+ million customers have with Asurion globally. We run OAuth 2.1 / OIDC at scale on Ory Hydra, operate our own login and account-recovery UI, and manage fine-grained authorization (scopes, entitlements, plan access) for every downstream product and partner. As CIAM becomes the control plane for both human users and the rapidly growing population of AI agents acting on their behalf, our work is moving to the center of Asurion's product strategy.

As a Staff Engineer on Asurion ID, you will set the technical direction for our CIAM platform and the small, high-leverage team (3-5 engineers) that builds it. You will partner with security, privacy, product, and partner-facing engineering teams across Asurion to design identity and authorization primitives that are secure by default, developer-friendly, and ready for an AI-native 2026. You won't just write code — you'll define the architecture, raise the engineering bar, and measure impact in customer trust, login conversion, fraud prevented, and developer adoption across the company.

ESSENTIAL JOB SKILLS/DUTIES:

• Own the multi-year technical strategy and roadmap for Asurion's CIAM platform — authentication, authorization, session management, and account lifecycle
• Lead the design and evolution of our Ory Hydra–based OAuth/OIDC stack, custom login experience, and scope/entitlement service that gates customer access to plans and actions
• Drive the move toward passwordless and phishing-resistant authentication (passkeys / WebAuthn, device-bound credentials) and modern fraud-resistant flows
• Define how AI agents authenticate and act on behalf of customers — delegated authorization, short-lived scoped agent tokens, consent UX, and end-to-end audit — and partner with platform teams adopting MCP and other agentic patterns
• Apply AI/ML to the identity surface itself: anomaly and account-takeover detection, risk-based step-up authentication, and AI-assisted account recovery and support flows that stay strictly within consent and privacy boundaries
• Set engineering standards (testing, observability, SLOs, secure SDLC, threat modeling) and raise the bar for code quality, performance, and resilience across the team
• Mentor senior and mid-level engineers; multiply the team's impact through reviews, design docs, and technical coaching
• Influence beyond the team — write the RFCs, give the talks, and build the relationships that get the rest of Asurion engineering to adopt our identity primitives instead of rolling their own
• Partner with product, design, security, legal/privacy, and compliance to ship value continuously and safely (PCI, SOC 2, GDPR/CCPA, regional data residency)

SKILLS:

Technical skills:

• Deep expertise in identity standards: OAuth 2.0/2.1, OIDC, SAML, SCIM, FIDO2 / WebAuthn / passkeys, JWT/JWS/JWE, DPoP
• Hands-on experience operating an OAuth/OIDC authorization server in production — Ory Hydra, Keycloak, Auth0, Okta, or similar
• Strong background in authorization models and policy engines: RBAC, ABAC, ReBAC; experience with OPA, Cedar, or SpiceDB / Zanzibar-style systems is a plus
• Familiarity with our stack: TypeScript, JavaScript, Java, Node.js, Angular, React, React Native, AWS, Docker, Serverless
• Proven track record building and operating high-scale, low-latency, customer-facing services (multi-region, millions of requests per day)
• Practical experience integrating AI capabilities into production systems — LLMs, agentic workflows, MCP, evals, guardrails — and a clear point of view on where AI belongs in the identity stack and where it doesn't
• Strong security instincts: threat modeling, secure SDLC, secrets and key management, incident response; comfortable owning the security posture of a customer-facing platform
• Modern delivery: CI/CD, infrastructure as code, observability (metrics/logs/traces), progressive delivery, and SLO-driven operations

Soft/Leadership skills:

• Sets and communicates technical vision; influences peers and senior leaders without relying on authority
• Effective problem solver; navigates ambiguity, frames trade-offs clearly, and drives decisions to closure
• Multiplies the team — mentors engineers, raises the bar on design and code reviews, and grows future tech leads
• Builds trust-based relationships across product, design, security, partner, and platform organizations
• Strong business acumen; connects identity investments to customer trust, conversion, fraud loss, and partner enablement
• Leads change thoughtfully; champions continuous improvement and a customer-first mindset
• Anticipates risk — security, privacy, regulatory, operational — and gets ahead of it
• Accountable for the team's technical outcomes and for the broader CIAM platform's reliability and security

EDUCATION AND EXPERIENCE:

Required Education and Experience

• 9+ years of full-stack or backend engineering experience building high-scale, customer-facing products, with at least 4+ years focused on identity, access management, or platform security
• Demonstrated experience leading the technical direction of a platform team or critical shared service
• Bachelor's Degree in Computer Science, Software Engineering, Computer Engineering, Electrical Engineering, Electronics Engineering, or related field (or equivalent practical experience)

Preferred

• Experience with the Ory ecosystem (Hydra, Kratos, Keto, Oathkeeper)
• Experience designing identity and authorization patterns for AI agents acting on behalf of users
• Contributions to identity standards (IETF / OpenID Foundation working groups) or open-source identity projects
• Background in regulated industries (telecom, fintech, insurance)