Sr API & ID (Senior Software Engineer, Identity & APIs)
Role details
Job location
Tech stack
Job description
Subway is on a mission to build a world-class digital platform that serves millions of guests and thousands of franchise locations globally. The Senior Software Engineer, Identity & APIs is a key technical contributor on the team responsible for how guests authenticate and interact with Subway's digital ecosystem.
You'll own and evolve Subway's Customer Identity platform - built on AWS Cognito - delivering secure, seamless login experiences including passwordless authentication and social sign-on across Mobile App, Web, and Kiosk. You'll bring deep expertise in security engineering and data privacy compliance, ensuring Subway's identity infrastructure meets CCPA, GDPR, and global regulatory standards. AI-assisted development is a core part of how our team works.
Responsibilities include but not limited to:
- Own the design, development, and operation of Subway's Customer Identity platform - built on AWS Cognito - supporting passwordless authentication, social sign-on (Google, Apple), and traditional credential flows across Mobile App, Web, and Kiosk channels.
- Enforce security best practices and data privacy compliance (CCPA, GDPR, and evolving global regulations) across all identity and API surfaces. Conduct security design reviews, threat modeling, and privacy-by-design assessments.
- Design, develop, and document APIs and middleware integrations that connect identity services with Subway's front-end applications and back-end systems.
- Leverage AI-assisted development tools (GitHub Copilot, Claude, and similar) as a core part of daily engineering work. Champion AI tooling adoption across the team.
- Collaborate with product, legal, and security stakeholders to translate regulatory requirements and business needs into scalable, compliant identity architecture.
- Conduct code reviews with a security and privacy lens; provide mentorship to peers on identity patterns and secure coding standards.
Requirements
- 5 or more years of hands-on production software development experience.
- Demonstrated experience designing and operating Customer Identity platforms - AWS Cognito strongly preferred.
- Hands-on experience implementing passwordless authentication (magic links, passkeys/WebAuthn, OTP) and social sign-on (OAuth 2.0 / OIDC with Google, Apple).
- Deep knowledge of identity and authentication standards: OAuth 2.0, OpenID Connect, SAML, JWT, and session management best practices.
- Proven expertise in security engineering: threat modeling, secure SDLC, OWASP Top 10, and identity attack mitigations.
- Hands-on experience with data privacy compliance - CCPA and GDPR at minimum.
- Strong proficiency in one or more of: JavaScript/TypeScript (Node.js), Java, or C#.
- Proficiency with AI-assisted development tools (GitHub Copilot, Claude, or equivalent).
- Bachelor's degree or higher in Computer Science, Software Engineering, or a related field (or equivalent practical experience).
- People Management: No | Department: Guest Technology | Location: Shelton, CT (USA) | Scope: Global | Travel: Less than 10%.
Benefits & conditions
What do we offer?
- Insurance Plans (Medical, Life)
- Pension/401K/RSP (country specific)
- Competitive Bonus
- Mobility Allowance
- Tuition Reimbursement
- Company Holidays
- Volunteering time
- And More...
Compensation: The base pay range for this role is $119,200 - $149,000 annually
Pay within this range will be determined in good faith based on job-related factors, which may include skills, experience, education/training, location, and internal equity.
