MFA Implementation Software Developer – Contract Position

Swyfft•Morristown, NJ

57d•Remote

About The Position

Swyfft, an insurance technology company, needs to implement multi-factor authentication (MFA) for ~6-7K users (insurance agents and admins) to meet NYDFS cybersecurity compliance requirements by April 2026. This position is a 100% remote U.S. based opportunity that can be based in one of the following states only: AL, AZ, FL, GA, KY, LA, MA, MO, NC, NJ, NY, OH, OR, PA, SC, TX, UT, VA, WA, WI. This is a temporary, direct-hire position lasting 3-6 months, with the potential for extension (no 3rd party firms). Hourly rate based on experience. Unfortunately, we are unable to provide sponsorship at this time.

Requirements

Strong C#/.NET and ASP.NET Core experience
Experience implementing authentication systems (MFA specifically is a plus)
Understanding of security best practices and token management
Experience integrating third-party APIs (SMS providers)
Ability to write clean, maintainable code that fits existing patterns
Experience with TypeScript frontend work
Good communication skills for explaining implementation decisions
Backend: C#/.NET (ASP.NET Core)
Frontend: TypeScript
Database: SQL Server
Current Auth: Custom JWT/cookie-based authentication with 30-day sessions
We’re a MS Office environment (Outlook, Word, Excel, PowerPoint).
Experience using video and chat technology (MSTeams & Slack).
Reliable high-speed internet connectivity required.
Designated quiet work from home space.
A Bachelor’s degree in Computer Science, Computer Engineering, or equivalent work experience is required.

Responsibilities

Implement MFA with multiple authentication methods:
Core MFA functionality:
TOTP authenticator app support (Google Authenticator, Authy, etc.) - required for admins
Email or SMS-based codes - option for agents
QR code enrollment flow for TOTP
SMS delivery integration (e.g., Twilio, AWS SNS)
Backup/recovery code generation and validation
MFA challenge at login with method selection
Trusted device system:
90-day device token implementation (users shouldn't MFA on every login)
Database schema for tracking trusted devices
User-facing "Trusted Devices" management page
Device revocation functionality
User experience considerations:
Guided enrollment flow with clear instructions for non-technical users
User choice between SMS and TOTP (with admin enforcement of TOTP where required)
Admin tools for managing user MFA status and method requirements
Graceful handling of lost devices/recovery scenarios
Phone number management for SMS users
Integration:
Modify existing authentication middleware/controllers
Maintain compatibility with current session management
SMS provider integration
Minimal disruption to existing codebase
Working MFA implementation with both SMS and TOTP support
SMS provider integration
Database migrations and schema changes
Documentation for deployment and future maintenance
Support during initial rollout/testing phase