Staff Software Engineer

About The Position

Requirements

• Deep expertise in identity standards: OAuth 2.0/2.1, OIDC, SAML, SCIM, FIDO2 / WebAuthn / passkeys, JWT/JWS/JWE, DPoP
• Hands-on experience operating an OAuth/OIDC authorization server in production — Ory Hydra , Keycloak, Auth0, Okta, or similar
• Strong background in authorization models and policy engines: RBAC, ABAC, ReBAC; experience with OPA, Cedar, or SpiceDB / Zanzibar-style systems is a plus
• Familiarity with our stack: TypeScript, JavaScript, Java, Node.js, Angular, React, React Native, AWS, Docker, Serverless
• Proven track record building and operating high-scale, low-latency, customer-facing services (multi-region, millions of requests per day)
• Practical experience integrating AI capabilities into production systems — LLMs, agentic workflows, MCP, evals, guardrails — and a clear point of view on where AI belongs in the identity stack and where it doesn't
• Strong security instincts: threat modeling, secure SDLC, secrets and key management, incident response; comfortable owning the security posture of a customer-facing platform
• Modern delivery: CI/CD, infrastructure as code, observability (metrics/logs/traces), progressive delivery, and SLO-driven operations
• Sets and communicates technical vision; influences peers and senior leaders without relying on authority
• Effective problem solver; navigates ambiguity, frames trade-offs clearly, and drives decisions to closure
• Multiplies the team — mentors engineers, raises the bar on design and code reviews, and grows future tech leads
• Builds trust-based relationships across product, design, security, partner, and platform organizations
• Strong business acumen; connects identity investments to customer trust, conversion, fraud loss, and partner enablement
• Leads change thoughtfully; champions continuous improvement and a customer-first mindset
• Anticipates risk — security, privacy, regulatory, operational — and gets ahead of it
• Accountable for the team's technical outcomes and for the broader CIAM platform's reliability and security
• 9+ years of full-stack or backend engineering experience building high-scale, customer-facing products, with at least 4+ years focused on identity, access management, or platform security
• Demonstrated experience leading the technical direction of a platform team or critical shared service
• Bachelor's Degree in Computer Science, Software Engineering, Computer Engineering, Electrical Engineering, Electronics Engineering, or related field (or equivalent practical experience)

Nice To Haves

• Experience with the Ory ecosystem (Hydra, Kratos, Keto, Oathkeeper)
• Experience designing identity and authorization patterns for AI agents acting on behalf of users
• Contributions to identity standards (IETF / OpenID Foundation working groups) or open-source identity projects
• Background in regulated industries (telecom, fintech, insurance)

Responsibilities

• Own the multi-year technical strategy and roadmap for Asurion's CIAM platform — authentication, authorization, session management, and account lifecycle
• Lead the design and evolution of our Ory Hydra–based OAuth/OIDC stack, custom login experience, and scope/entitlement service that gates customer access to plans and actions
• Drive the move toward passwordless and phishing-resistant authentication (passkeys / WebAuthn, device-bound credentials) and modern fraud-resistant flows
• Define how AI agents authenticate and act on behalf of customers — delegated authorization, short-lived scoped agent tokens, consent UX, and end-to-end audit — and partner with platform teams adopting MCP and other agentic patterns
• Apply AI/ML to the identity surface itself: anomaly and account-takeover detection, risk-based step-up authentication, and AI-assisted account recovery and support flows that stay strictly within consent and privacy boundaries
• Set engineering standards (testing, observability, SLOs, secure SDLC, threat modeling) and raise the bar for code quality, performance, and resilience across the team
• Mentor senior and mid-level engineers; multiply the team's impact through reviews, design docs, and technical coaching
• Influence beyond the team — write the RFCs, give the talks, and build the relationships that get the rest of Asurion engineering to adopt our identity primitives instead of rolling their own
• Partner with product, design, security, legal/privacy, and compliance to ship value continuously and safely (PCI, SOC 2, GDPR/CCPA, regional data residency)