Senior Identity Platform Engineer (OIDC / OAuth)

Job Description

We're looking for a Senior Identity Platform Engineer to take full ownership of a large-scale enterprise OIDC platform supporting thousands of users, hundreds of applications, and mission-critical authentication services.

This is not a typical application development role. You'll combine identity architecture, platform engineering, and modernisation leadership, becoming the technical authority for a custom-built authorization platform while driving the roadmap toward a modern, standards-based identity solution. Deep fluency in OAuth2, OpenID Connect, token lifecycle, federation, and authorization systems is essential.

This role operates with core collaboration hours of 6:00 PM – 11:30 PM IST to provide overlap with global teams. Outside of core hours, work is flexible and outcome-focused.

What you'll do

Platform operations

• Own the operational health, reliability, and availability of the OIDC platform
• Lead incident investigation and root cause analysis
• Diagnose authentication, authorization, MFA, federation, and token-related failures
• Develop operational runbooks and platform documentation

Identity engineering

• Design and implement enhancements to authentication and authorization workflows
• Maintain OAuth2 and OIDC integrations
• Support MFA technologies including TOTP, SMS, Email, WebAuthn, and passwordless authentication
• Support federation with Active Directory and Azure Active Directory
• Maintain token issuance, claims mapping, scopes, audiences, and client registrations

Application development

• Develop and maintain Node.js and TypeScript services
• Troubleshoot production issues through code analysis and debugging
• Perform dependency upgrades and security remediation
• Build automation and operational tooling

Platform modernisation

• Assess migration paths toward modern identity platforms
• Lead technical evaluations of platforms such as Zitadel, Keycloak, Authentik, or similar
• Define migration strategies for applications, clients, claims, and identity data
• Drive platform simplification and reduction of technical debt

Data and infrastructure

• Support Elasticsearch-backed identity data stores
• Troubleshoot token, session, account, permission, and client data issues
• Work with Kubernetes-based deployments and GitOps workflows
• Support Redis, background processing, and synchronisation services

Operational Support & On-Call

• Participate in a shared on-call rotation.
• Assist with incident response, troubleshooting, root cause analysis, and continuous service improvements.

Requirements

Identity and security

• 5+ years working with OAuth2 and OpenID Connect in production environments
• Deep understanding of Authorization Code Flow, Client Credentials Flow, Device Authorization Flow, Token Exchange, JWT, JWK/JWKS, PKCE, Refresh Tokens, Federation, and Claims and Scopes

Development

• 5+ years of Node.js development
• Strong TypeScript experience
• Experience supporting and debugging production systems

Platform and infrastructure

• Kubernetes experience
• Elasticsearch and Redis experience
• CI/CD and GitOps exposure
• Production incident response experience

Nice to have

• Experience with panva/oidc-provider, Zitadel, Keycloak, or Authentik
• LDAP, Active Directory, or Azure AD / Entra ID
• WebAuthn / FIDO2

Benefits

Portainer is a leading tech company offering a broad benefits package including a highly competitive salary and the ability to work anywhere in the world while still being part of a dynamic team taking on some of the most interesting challenges in the technology/infrastructure space.