Senior Full Stack IAM Engineer

Reporting to the UK Engineering Director you'll be involved in:

• Owning the design, implementation and operation of our core identity and access platform across multiple products - including an OIDC-compliant IDPs (Auth0, Cognito) and the services and web apps that integrate with those services.

• Building and maintaining full-stack features in TypeScript, Node.js and React, with exposure to and ideally, proficiency in C#/.NET that deliver secure authentication, authorization, account management and user experiences.

• Designing and implementing secure authentication and authorization patterns (SSO, MFA, RBAC/ABAC, tenant isolation, session management, token handling) that scale with our customer base.

• Working deeply in AWS - especially Lambda, IAM, CloudFront, API Gateway and CDK - to build well-architected, observable and cost-effective identity and access services.

• Managing configuration and lifecycle of our IDP: applications, connections, user stores, groups/roles, custom claims, hooks/rules, consent and login flows.

• Partnering with Product, Architecture, Security, DevOps and other engineering squads to shape the IAM roadmap and ensure identity concerns are baked into new features from day one.

• Developing features in our Developer Portal, App Market, and associated web applications and APIs that interact with the IDP.

• Driving quality through strong engineering practices - code reviews, automated testing (unit, integration, end-to-end), CI/CD pipelines, and infrastructure-as-code for repeatable, reliable changes.

• Helping resolve production incidents related to authentication and access, leading root cause analysis and driving long-term fixes that improve reliability and customer trust.

• Contributing to standards, documentation and runbooks for IAM, and sharing knowledge through brown-bags, pairing and mentoring to uplift identity expertise across the organisation., As Senior Full Stack IAM Engineer we expect your success and impact over the early stages of your career with us to look something like this:

Within 1 month:

• Get to know our products, customers and property domain, and map out how identity and access flows through our platform today - from the IDP configuration to React front ends and backend services.

• Set up your local and cloud development environments, ship your first improvements to an IAM-related service or UI, and get familiar with our CI/CD pipelines and tooling.

• Shadow incident response and on-call for authentication/authorization issues to understand our operational posture and where we can improve reliability.

• Start contributing to code bringing a security- and quality-focused lens to changes that touch identity and access.

Within 3 months

• Lead the technical design for a feature that spans our IDP, backend APIs (Node/.NET) and React front ends, working closely with Product, Security and other teams to balance usability, security and delivery timelines.

• Improve observability and test coverage around critical auth flows (metrics, structured logging, dashboards, synthetic tests), helping the team catch issues before customers do.

• Become the go-to person in your squad for your core area of expertise - e.g. Cognito/Auth0 configuration, CDK patterns for IAM, or React auth/session management - and start mentoring others in that space.

Within 6 months:

• Be recognised as a subject-matter expert for IAM across multiple squads, helping shape the identity roadmap and architecture for our platform as a whole.

• Lead a cross-team project such as consolidating IDP tenants, rolling out a central authorization service, or improving tenant isolation and least-privilege across our AWS accounts and applications.

• Drive measurable improvements in our security and compliance posture around identity - for example reducing risky permissions, closing high-severity IAM-related CVEs, or hardening auth flows against common attack vectors.

• Help embed best practices for identity and access into our engineering culture - through documentation, design guidelines, reusable libraries/components and regular knowledge-sharing with engineers and non-technical stakeholders.

What's in it for you?

We operate a Flexible Working Policy and there is no expectation around in-person attendance, beyond occasional ad-hoc project meetings in our Solihull or London offices.

We're offering the chance to really make a difference here at Reapit and the opportunity for personal growth is very real.

Do you have experience in TypeScript?, At Reapit, we prioritise hiring individuals who share our values and possess the right attitudes and behaviours for success.

Whilst all the listed qualities are desirable, don't worry if you don't meet all of them, we'd still like to hear from you.

• A hands-on senior engineer with strong full-stack experience (TypeScript/Node.js and React) and a track record of owning complex features end-to-end - from discovery and design through to operation in production.

• Deep, practical experience running an OIDC-compliant identity provider in production (Auth0, Okta, Cognito or similar) - including custom flows, app configuration, client credentials, and integration with first- and third-party apps.

• Strong understanding of modern auth standards and patterns - OAuth2, OIDC, SAML, JWTs, refresh/access tokens, token lifetimes, session vs token-based auth, and how to apply them safely in SPAs and APIs.

• Solid experience in AWS, particularly IAM (roles, policies, permissions boundaries), Lambda, CloudFront, API Gateway and CDK (or equivalent IaC tooling), with a bias towards least-privilege, secure-by-design architectures.

• Proven background building and maintaining RESTful APIs and web applications that interact with an IDP for login, SSO, user management, and fine-grained authorization (RBAC, multi-tenant access, feature flags, etc.).

• Strong security mindset: familiar with secure coding practices, secrets management, threat modelling for auth flows, protecting PII, and working with tools like static analysis, dependency scanning and WAFs.

• Comfortable working independently on complex problems, making pragmatic technical decisions, and contributing to the technical direction of your squad while staying hands-on with code most of the time.

• Experience mentoring and supporting other engineers - through pairing, thoughtful code review and clear documentation - and contributing to a respectful, collaborative engineering culture.

• Bonus points for: experience with C#/.NET, multi-region SaaS, event-driven architectures, property/fintech domains, or working within regulated or high-compliance environments.

You'll feel part of a special team. You can expect a highly competitive salary and some great benefits.

Don't tick all the boxes? Neither do we

We care about our industry and want it to become a more inclusive and diverse place to work. So, we're driven by hiring not only by experience and relevance for the role but by sharing our values and the right attitudes and behaviours for success.

We are committed to Equal Employment Opportunity through attracting and retaining a complementary team of employees and building an inclusive environment for all.

We feel we have an empowering environment where everyone is supported and respected, and we want you to feel this too. We welcome new ideas, thinking and approaches, whilst listening to all our employees.

Reapit is the original end-to-end business technology provider for estate agencies of all sizes. We've been helping sales and lettings agents build relationships and grow their businesses for more than 25 years. Our technology empowers property professionals across Europe, the Middle East, Australia, and New Zealand to work with buyers, sellers, tenants, and landlords to deliver a dream home experience. Worldwide, over 78,000 agents across more than 15,000 branches use Reapit to run their businesses, manage properties, collect rent, engage clients, and provide outstanding customer service every time.