We're looking for a Senior Identity Platform Engineer to take full ownership of a large-scale enterprise OIDC platform supporting thousands of users, hundreds of applications, and mission-critical authentication services.
This is not a typical application development role. You'll combine identity architecture, platform engineering, and modernisation leadership, becoming the technical authority for a custom-built authorization platform while driving the roadmap toward a modern, standards-based identity solution. Deep fluency in OAuth2, OpenID Connect, token lifecycle, federation, and authorization systems is essential.
This role operates with core collaboration hours of 6:00 PM – 11:30 PM IST to provide overlap with global teams. Outside of core hours, work is flexible and outcome-focused.
What you'll do
Platform operations
- Own the operational health, reliability, and availability of the OIDC platform
- Lead incident investigation and root cause analysis
- Diagnose authentication, authorization, MFA, federation, and token-related failures
- Develop operational runbooks and platform documentation
Identity engineering
- Design and implement enhancements to authentication and authorization workflows
- Maintain OAuth2 and OIDC integrations
- Support MFA technologies including TOTP, SMS, Email, WebAuthn, and passwordless authentication
- Support federation with Active Directory and Azure Active Directory
- Maintain token issuance, claims mapping, scopes, audiences, and client registrations
Application development
- Develop and maintain Node.js and TypeScript services
- Troubleshoot production issues through code analysis and debugging
- Perform dependency upgrades and security remediation
- Build automation and operational tooling
Platform modernisation
- Assess migration paths toward modern identity platforms
- Lead technical evaluations of platforms such as Zitadel, Keycloak, Authentik, or similar
- Define migration strategies for applications, clients, claims, and identity data
- Drive platform simplification and reduction of technical debt
Data and infrastructure
- Support Elasticsearch-backed identity data stores
- Troubleshoot token, session, account, permission, and client data issues
- Work with Kubernetes-based deployments and GitOps workflows
- Support Redis, background processing, and synchronisation services
Operational Support & On-Call
- Participate in a shared on-call rotation.
- Assist with incident response, troubleshooting, root cause analysis, and continuous service improvements.
Requirements
Identity and security
- 5+ years working with OAuth2 and OpenID Connect in production environments
- Deep understanding of Authorization Code Flow, Client Credentials Flow, Device Authorization Flow, Token Exchange, JWT, JWK/JWKS, PKCE, Refresh Tokens, Federation, and Claims and Scopes
Development
- 5+ years of Node.js development
- Strong TypeScript experience
- Experience supporting and debugging production systems
Platform and infrastructure
- Kubernetes experience
- Elasticsearch and Redis experience
- CI/CD and GitOps exposure
- Production incident response experience
Nice to have
- Experience with panva/oidc-provider, Zitadel, Keycloak, or Authentik
- LDAP, Active Directory, or Azure AD / Entra ID
- WebAuthn / FIDO2
Benefits
Portainer is a leading tech company offering a broad benefits package including a highly competitive salary and the ability to work anywhere in the world while still being part of a dynamic team taking on some of the most interesting challenges in the technology/infrastructure space.
Originally posted on