
Senior CIAM Software Engineer
Affirm · San Francisco, CA
- Hybrid
- Full-time
- $224,000 / year
- San Francisco, CA
✓ Hiring manager found for this role
Email the hiring manager to get a response.
Get their verified email + an intro that's ready to send.
Senior CIAM Software Engineer
Affirm · San Francisco, CA
Riley Chen
Hiring Manager · h•••••@job-boards.greenhouse.io
✍️ Your intro emailReady to send
Subject: Interested in the Senior CIAM Software Engineer role at Affirm
Hi Riley — I came across the Senior CIAM Software Engineer opening and wanted to reach out directly. I've spent the last few years doing exactly this kind of work, and Affirm stood out because…
🔒 Unlock to read & send
✎ Personalized to your résumé after sign-up.
$1 once
Just this hiring manager
Best value
$9/mo
Unlimited — any job, anywhere
- ✓ Verified email of the hiring manager
- ✓ Intro email personalized to your résumé
- ✓ $9/mo = unlimited — any job link
Secure checkout · cancel anytime
View the original posting ↗
Not recommended alone — most applicants never hear back.
Job highlights
- Design and build core CIAM backend services.
- Implement identity standards like OAuth 2.0.
- Develop APIs in Python and Kotlin.
- Automate infrastructure with IaC and CI/CD.
- Own secure authentication and account flows.
About the role
About Affirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm is building the next generation of customer identity and authentication. This role is a hands-on engineering position inside Information Security, focused on designing and shipping core CIAM capabilities that protect customers and support growth. You will build and operate backend services that power registration, login, authorization, and account lifecycle flows across B2C and B2B experiences. You will work closely with partner engineering teams and ensure identity features are delivered with strong security fundamentals, reliability, and operational rigor.What you’ll do
- Design, build, and operate core CIAM backend services that support customer registration, authentication, authorization, account lifecycle, and profile management for B2C and B2B platforms.
- Implement and extend identity standards such as OAuth 2.0, OIDC, SAML, and SCIM in code, ensuring correctness, scalability, and clean integration patterns.
- Develop backend APIs and services in Python and Kotlin that expose identity capabilities to web, mobile, and partner applications.
- Integrate CIAM platforms with internal systems, including user data stores, messaging, fraud signals, and downstream customer platforms.
- Own secure authentication and account flows end to end, including MFA, step-up authentication, device binding, consent, and adaptive authentication logic.
- Automate CIAM infrastructure and deployments using Infrastructure as Code and CI/CD pipelines, treating identity as a core platform service.
- Monitor, debug, and optimize CIAM services for performance, resilience, and abuse detection in high-scale environments.
What we look for
- Strong experience designing and implementing CIAM systems, with deep, hands-on knowledge of OAuth 2.0, OIDC, SAML, and SCIM beyond basic configuration.
- 5+ years of professional backend software engineering experience
- Strong production experience in Python or a similar backend language
- Experience designing APIs, automation frameworks, and distributed systems
- Hands-on experience building and maintaining CI/CD pipelines
- Experience with GitHub-based development workflows and Buildkite or similar build systems
- Experience with cloud-native development, preferably AWS
- Hands-on experience extending and integrating CIAM platforms such as Okta, Auth0, Ping Identity, ForgeRock, or Azure AD B2C using custom code, hooks, and APIs.
- Solid understanding of backend and distributed systems fundamentals, including API design, data modeling, latency, error handling, and observability.
- Experience with Infrastructure as Code and automation tools such as Terraform, plus CI/CD pipelines for deploying backend services.
- Strong security fundamentals applied through engineering, including access control models, token handling, encryption, MFA, and privacy by design.
- Clear communication skills and the ability to work closely with product, frontend, mobile, and security teams while owning backend identity services.
- Familiarity with tools such as Cursor and other AI-augmented development environments
Compensation and Benefits
The USA base pay range for this role is $195,000 - $255,000 per year for CA, WA, NY, NJ, CT, and $173,000 - $233,000 per year for all other U.S. states. Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills. Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)Key Benefits Highlights
- Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
- Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
- Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
- ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount
Inclusivity
We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.By clicking "Submit Application," you acknowledge that you have read Affirm's Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.Key skills/competency
Senior CIAM Software Engineer, CIAM, Identity and Access Management, OAuth 2.0, OIDC, SAML, SCIM, Python, Kotlin, Backend Services, API Design, Security Fundamentals, Cloud-Native Development, AWS, Terraform, CI/CD, GitHub, Buildkite, Okta, Auth0, Ping Identity, ForgeRock, Azure AD B2C.Skills & topics
- Senior CIAM Software Engineer
- CIAM
- Identity and Access Management
- OAuth
- OIDC
- SAML
- SCIM
- Python
- Kotlin
- Backend Engineering
- API Design
- Distributed Systems
- Cloud Computing
- AWS
- Terraform
- CI/CD
- Security
- Okta
- Auth0
- Remote
How to get hired
- Tailor your resume: Highlight your 5+ years of backend experience, CIAM system design, and specific knowledge of OAuth 2.0, OIDC, SAML, SCIM, Python, and Kotlin.
- Showcase your CIAM expertise: Emphasize hands-on experience with platforms like Okta, Auth0, or similar, and your ability to extend them with custom code.
- Demonstrate security fundamentals: Detail your understanding of access control, token handling, encryption, MFA, and privacy by design in your application.
- Highlight automation skills: Feature your experience with Infrastructure as Code (Terraform) and CI/CD pipelines, especially with GitHub and Buildkite.
- Prepare for technical interviews: Be ready to discuss distributed systems, API design, and how you'd troubleshoot and optimize CIAM services.
Technical preparation
Master OAuth 2.0, OIDC, SAML, SCIM protocols.,Build and deploy services in Python or Kotlin.,Implement Infrastructure as Code with Terraform.,Practice CI/CD pipeline automation and AWS.
Behavioral questions
Describe a complex authentication flow you designed.,How do you ensure security in distributed systems?,Share an experience collaborating with cross-functional teams.,How do you handle production issues in high-scale environments?
Prefer to apply the usual way?
Not recommended alone — most applicants never hear back. Email the hiring manager first.
Frequently asked questions
- What is the base pay range for a Senior CIAM Software Engineer at Affirm?
- For Senior CIAM Software Engineer roles in CA, WA, NY, NJ, CT, the base pay range is $195,000 - $255,000 per year. For all other U.S. states, the range is $173,000 - $233,000 per year. New employees typically start at the lower end of the range.
- Is the Senior CIAM Software Engineer position at Affirm remote?
- Yes, Affirm is a remote-first company, and the majority of roles, including the Senior CIAM Software Engineer position, are remote. You can work almost anywhere within the country of employment.
- What are the key technical skills required for the Senior CIAM Software Engineer role at Affirm?
- Key technical skills include strong experience with CIAM systems, deep knowledge of OAuth 2.0, OIDC, SAML, SCIM, 5+ years of backend engineering, proficiency in Python or Kotlin, API design, distributed systems, CI/CD pipelines, AWS, and Infrastructure as Code (e.g., Terraform).
- What kind of CIAM platforms has Affirm experience with for this role?
- Affirm looks for hands-on experience extending and integrating CIAM platforms such as Okta, Auth0, Ping Identity, ForgeRock, or Azure AD B2C using custom code, hooks, and APIs.
- What benefits does Affirm offer to its employees?
- Affirm offers comprehensive benefits including 100% subsidized health, dental, and vision coverage for employees and dependents, generous stipends for technology, food, lifestyle, and family forming expenses, competitive time off, and an employee stock purchase plan (ESPP).
- How does Affirm approach diversity and inclusion in its hiring process?
- Affirm is committed to providing an inclusive interview experience for all candidates, including those with disabilities, and offers reasonable accommodations. For U.S. positions in Los Angeles or San Francisco, they consider qualified applicants with arrest and conviction records.
- What is the expected experience level for the Senior CIAM Software Engineer role?
- The role requires 5+ years of professional backend software engineering experience, with a strong emphasis on designing and implementing CIAM systems.
- What programming languages are primarily used for this Senior CIAM Software Engineer position?
- You will develop backend APIs and services primarily in Python and Kotlin for this role.
Similar roles
Open positions we recommend based on this role.
