# Senior Software Engineer - IAM (OIDC / OAuth) > Portainer.io · India (Remote) · Full-time · Posted 2026-06-18 **Workplace:** remote **Department:** Engineering ## Description We're looking for a Senior Software Engineer with deep Identity and Access Management (IAM) domain expertise to take ownership of a large-scale enterprise OIDC platform supporting thousands of users, hundreds of applications, and mission-critical authentication services. This is not a Kubernetes, DevOps, SRE, or infrastructure engineering role. It is a senior application engineering and identity architecture position focused on the design, operation, troubleshooting, and evolution of a custom-built authorization platform. You'll become the technical authority for the platform, leading complex investigations, guiding architectural decisions, mentoring other engineers, and driving the roadmap toward a modern, standards-based identity solution. The ideal candidate has hands-on experience building, operating, or extending identity platforms and authorization servers, with deep fluency in OAuth2, OpenID Connect, JWTs, claims, scopes, federation, MFA, token lifecycle management, and authentication architecture. You should be comfortable working in Node.js and TypeScript codebases, diagnosing production issues across application and data layers, and translating identity and security requirements into robust engineering solutions. This role operates with core collaboration hours of **6:00 PM – 12:00 AM IST** to provide overlap with global teams. Outside of core hours, work is flexible and outcome-focused. ### **What you'll do** ### **Platform operations** - Own the operational health, reliability, and availability of the OIDC platform - Lead incident investigation and root cause analysis - Diagnose authentication, authorization, MFA, federation, and token-related failures - Develop operational runbooks and platform documentation ### **Identity engineering** - Design and implement enhancements to authentication and authorization workflows - Maintain OAuth2 and OIDC integrations - Support MFA technologies including TOTP, SMS, Email, WebAuthn, and passwordless authentication - Support federation with Active Directory and Azure Active Directory - Maintain token issuance, claims mapping, scopes, audiences, and client registrations ### **Application development** - Develop and maintain Node.js and TypeScript services - Troubleshoot production issues through code analysis and debugging - Perform dependency upgrades and security remediation - Build automation and operational tooling ### **Platform modernisation** - Assess migration paths toward modern identity platforms - Lead technical evaluations of platforms such as Zitadel, Keycloak, Authentik, or similar - Define migration strategies for applications, clients, claims, and identity data - Drive platform simplification and reduction of technical debt ### **Data and infrastructure** - Support Elasticsearch-backed identity data stores - Troubleshoot token, session, account, permission, and client data issues - Work with Kubernetes-based deployments and GitOps workflows - Support Redis, background processing, and synchronisation services ### **Operational Support & On-Call** - Participate in a shared on-call rotation. - Assist with incident response, troubleshooting, root cause analysis, and continuous service improvements. ## Requirements ### **Identity and security** - 5+ years working with OAuth2 and OpenID Connect in production environments - Deep understanding of Authorization Code Flow, Client Credentials Flow, Device Authorization Flow, Token Exchange, JWT, JWK/JWKS, PKCE, Refresh Tokens, Federation, and Claims and Scopes ### **Development** - 5+ years of Node.js development - Strong TypeScript experience - Experience supporting and debugging production systems ### **Platform and infrastructure** - Kubernetes experience - Elasticsearch and Redis experience - CI/CD and GitOps exposure - Production incident response experience ### **Nice to have** - Experience with panva/oidc-provider, Zitadel, Keycloak, or Authentik - LDAP, Active Directory, or Azure AD / Entra ID - WebAuthn / FIDO2 ## Benefits Portainer is a leading tech company offering a broad benefits package including a highly competitive salary and the ability to work anywhere in the world while still being part of a dynamic team taking on some of the most interesting challenges in the technology/infrastructure space. ## Apply [Apply at Portainer.io](https://apply.workable.com/portainer/j/5C735BA41E/apply) --- Powered by [Workable](https://www.workable.com)