Principal Identity And API Architect (IAM)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Principal Identity And API Architect (IAM): Designing and owning the end-to-end identity platform and API security strategy for a programmatic advertising marketplace with an accent on multi-tenant authorization and secure authentication. Focus on implementing ReBAC systems, optimizing Auth0 tenant architecture, and governing API gateways to handle billions of transactions.
Location: London, United Kingdom
Salary: €90,000 - €130,000
Company
is an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting.
What you will do
- Architect and own the end-to-end identity platform, including tenant models, SSO integrations, and machine-to-machine authentication.
- Design and implement Auth0 tenant architecture, including custom domains, enterprise connections, and token lifecycle management.
- Build and operate multi-tenant authorization models using OpenFGA or comparable ReBAC systems (e.g., SpiceDB, Ory Keto).
- Own the API gateway layer, designing rate limiting, scoped token validation, and mTLS enforcement across Traefik, Kong, or AWS API Gateway.
- Lead identity integrations for both publisher-side (SAML 2.0, OIDC) and demand-side (DSP and agency API authentication).
- Manage AWS identity and API infrastructure, including IAM roles, Cognito integration, and Secrets Manager.
Requirements
- 8+ years of software engineering or platform architecture experience.
- 4+ years focused on identity, IAM, or API security.
- 2+ years of hands-on production experience with Okta's Auth0.
- Deep fluency in OAuth 2.0, OpenID Connect, SAML 2.0, JWT, and JWKS.
- Experience designing and operating API gateway layers at scale.
- Proficiency in at least one backend language (Go, Java, or Python preferred).
Culture & Benefits
- Medical, Dental & Vision Plans.
- Flexible PTO.
- 401k with employer match.
- Positive, collaborative, and compassionate work environment focused on continuous innovation.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →