Design, build, and operate core CIAM backend services that support customer registration, authentication, authorization, account lifecycle, and profile management for B2C and B2B platforms.
Implement and extend identity standards such as OAuth 2.0, OIDC, SAML, and SCIM in code, ensuring correctness, scalability, and clean integration patterns.
Develop backend APIs and services in Python and Kotlin that expose identity capabilities to web, mobile, and partner applications.
Integrate CIAM platforms with internal systems, including user data stores, messaging, fraud signals, and downstream customer platforms.
Own secure authentication and account flows end to end, including MFA, step-up authentication, device binding, consent, and adaptive authentication logic.
Automate CIAM infrastructure and deployments using Infrastructure as Code and CI/CD pipelines, treating identity as a core platform service.
Monitor, debug, and optimize CIAM services for performance, resilience, and abuse detection in high-scale environments.

Strong experience designing and implementing CIAM systems, with deep, hands-on knowledge of OAuth 2.0, OIDC, SAML, and SCIM beyond basic configuration.
5+ years of professional backend software engineering experience
Strong production experience in Python or a similar backend language
Experience designing APIs, automation frameworks, and distributed systems
Hands-on experience building and maintaining CI/CD pipelines
Experience with GitHub-based development workflows and Buildkite or similar build systems
Experience with cloud-native development, preferably AWS
Hands-on experience extending and integrating CIAM platforms such as Okta, Auth0, Ping Identity, ForgeRock, or Azure AD B2C using custom code, hooks, and APIs.
Solid understanding of backend and distributed systems fundamentals, including API design, data modeling, latency, error handling, and observability.
Experience with Infrastructure as Code and automation tools such as Terraform, plus CI/CD pipelines for deploying backend services.
Strong security fundamentals applied through engineering, including access control models, token handling, encryption, MFA, and privacy by design.
Clear communication skills and the ability to work closely with product, frontend, mobile, and security teams while owning backend identity services.
Familiarity with tools such as Cursor and other AI-augmented development environments

Health care coverage
Affirm covers all premiums for all levels of coverage for you and your dependents
Flexible Spending Wallets
generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
Time off
competitive vacation and holiday schedules allowing you to take time off to rest and recharge
ESPP
An employee stock purchase plan enabling you to buy shares of Affirm at a discount

Senior CIAM Software Engineer

Key skills