Lead Full-Stack Engineer - IAM

About The Position

Requirements

• Bachelor’s in computer engineering (or equivalent)
• 12+ years in enterprise software
• 5+ years leading teams/serving as tech lead
• Proven ability to design scalable, secure, highly available systems
• clear documentation
• lead design reviews and decision-making
• Java/J2EE, Spring (Boot/Core), Spring Security
• Angular/TypeScript for front end with migration from legacy JSP to modern Angular
• strong REST API design, versioning, testing, and governance
• integration with enterprise identity providers
• LDAP, SiteMinder, Active Directory
• authentication/authorization models
• MFA design and implementation
• SSO and federation fundamentals
• Web app security, API security, OAuth2/OpenID Connect, token flows, secure session management, threat modeling, and secure coding practices
• Oracle (or similar DBMS)
• schema design, SQL optimization, transaction integrity, and performance tuning
• Git-based CI/CD pipelines, automated testing, environment promotion, release readiness, secrets/config management
• Troubleshooting, incident/problem management, root-cause analysis
• application debugging
• performance profiling and optimization
• observability (logging, metrics, tracing) and auditability
• Hands-on ownership, stakeholder management, clear communication of architecture/trade-offs to senior leadership
• ability to mentor and coach engineers
• strong interpersonal skills

Nice To Haves

• Experience with enterprise web app security reviews and threat modeling.
• Familiarity with authorization frameworks (RBAC/ABAC) and policy-as-code.
• Exposure to SSO, identity federation, and integrating with enterprise IdPs.

Responsibilities

• Architect, code, and lead delivery of enterprise-scale IAM platforms and services.
• Own end-to-end solutions across authentication, authorization, identity lifecycle, and security posture.
• Partner with senior stakeholders to align technology strategy with business outcomes while mentoring engineers and driving best-in-class engineering practices.
• Lead full-stack delivery of secure, resilient IAM capabilities (authentication, authorization, identity lifecycle) across enterprise applications.
• Set technical direction for Java/Spring-based services and web apps; enforce standards for reliability, performance, and security.
• Raise the bar on security (MFA, OAuth2/OIDC, LDAP/AD integrations, API security, authorization models) and operational excellence.
• Reduce incidents via robust observability, disciplined incident/problem management, and root-cause remediation.
• Accelerate delivery through Git-based CI/CD, automated testing, and repeatable release processes.
• Mentor and grow engineering talent, foster ownership, clarity, and continuous improvement.
• Communicate architecture and trade-offs to senior leadership; align investments to measurable outcomes.

Benefits

• BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy.
• We provide access to flexible global resources and tools for your life’s journey.
• Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.