Software Engineer - Identity Shield
Role details
Job location
Tech stack
Job description
As a backend engineer on this team, you'll tackle fascinating challenges implementing identity protocols at scale-building OAuth 2.0 and OpenID Connect flows, developing authorization engines that evaluate complex policies with millisecond latency, and serving authentication decisions that directly impact our ability to keep customers safe. You'll work with modern cloud technologies to build resilient, scalable platforms where performance and reliability are non-negotiable. This is your opportunity to contribute to Ally's authentication infrastructure, mastering security-first design principles, distributed systems, serverless architectures, and AI-assisted development workflows.
This role offers the rare combination of high-impact work, cutting-edge technology, and meaningful outcomes. You'll collaborate across engineering, product, security, and data science teams to solve complex problems that matter. Whether you're developing authentication services that adapt to risk signals, implementing password-less flows using passkeys and biometrics, building integrations with enterprise identity providers, or designing event streams that carry authentication signals, your work will be visible and valued.
On this team, we believe in relentless progress balanced with sustainable pace. We support each other, celebrate wins, learn from setbacks, and foster an environment where everyone can do their best work. Our #1 goal is team success, and our people are above all else., * Design and develop authentication and authorization services implementing modern identity protocols (OAuth 2.0, OpenID Connect, SAML, JWT)
- Build scalable APIs for identity management, user registration, verification, and account recovery
- Implement session management and token lifecycle systems across web and mobile platforms
- Develop fine-grained authorization engines and policy evaluation services for access control
- Build integrations with distributed identity providers, enterprise SSO platforms, and social login services
- Implement passwordless authentication flows using passkeys, biometrics, and device attestation
- Develop adaptive authentication logic that adjusts requirements based on risk signals and context
- Instrument authentication events with rich contextual metadata that power fraud detection and analytics
- Implement comprehensive observability using OpenTelemetry across identity services
- Write clean, tested code in Node.js, TypeScript, and Python following engineering best practices and team standards
- Collaborate with frontend engineers, security teams, and data scientists to deliver solutions that drive real outcomes
- Participate in architectural decisions, technical design reviews, and code reviews
- Build and maintain infrastructure-as-code for identity platform components using Terraform
- Monitor, troubleshoot, and optimize platform performance, reliability, and security posture
- Contribute to documentation, runbooks, and knowledge sharing across the team
- Experiment with emerging technologies and propose innovations that enhance platform capabilities
- Mentor team members and contribute to a culture of continuous learning and improvement
- Work in an agile environment with sprint planning, story elaboration, and iterative delivery.
Requirements
Do you have experience in Zero Trust security?, Do you have a High school diploma or GED?, * 7+ years of relevant experience or equivalent combination of education and experience
- High School Diploma or GED equivalent, * 7+ years of professional software development experience with strong fundamentals in data structures and algorithms
- Strong experience with RESTful API design, GraphQL, and microservices architectures
- Hands-on experience with AWS serverless technologies (Lambda, API Gateway, AppSync, ECS/Fargate)
- Solid understanding of authentication and authorization concepts, patterns, and best practices
- Experience working with both relational databases (PostgreSQL) and NoSQL databases (DynamoDB) in production environments
- Strong grasp of security principles including encryption, token management, secret handling, and threat modeling
- Passion for writing maintainable code, automated tests, and clear documentation
- Collaborative mindset with excellent communication skills across technical and non-technical audiences
- Self-motivated learner who stays curious about new technologies and approaches
- BSc/BA in Computer Science, Engineering or a related field, or equivalent practical experience
- Deep knowledge of identity protocols and standards (OAuth 2.0, OpenID Connect, SAML, JWT, PKCE, WebAuthn)
- Experience building authentication or authorization systems from scratch or at scale
- Familiarity with identity providers and platforms (Auth0, Okta, Cognito etc.)
- Understanding of passwordless authentication patterns (passkeys, FIDO2, WebAuthn)
- Experience with mobile authentication patterns (biometric authentication, device binding, push notifications)
- Knowledge of zero-trust architecture principles and continuous verification patterns
- Experience designing adaptive or risk-based authentication systems
- Familiarity with session management patterns and token rotation strategies
- Understanding of cryptographic concepts (signing, encryption, key management, certificate handling)
- Experience with Infrastructure as Code tools like Terraform
- Knowledge of observability tools and distributed tracing (Dynatrace, OpenTelemetry, CloudWatch, X-Ray)
- Experience designing and deploying systems across multi-region architectures
- Familiarity with caching strategies for authentication state (ElastiCache, Redis)
- Understanding of compliance requirements (SOC2, PCI-DSS, GDPR, CCPA)
- Experience with CI/CD pipelines and automated security testing (SAST, DAST, dependency scanning)
- Background or interest in cybersecurity, fraud detection, or identity and access management domains
- Knowledge of event-driven architectures and how authentication signals power fraud detection systems
- Exposure to AI-assisted development tools and workflows
Benefits & conditions
Pulled from the full job description
- Childcare
- Tuition reimbursement
- Paid parental leave
- Employee stock purchase plan
- Parental leave
- Health insurance
- 401(k) matching, Ally's compensation program offers market-competitive base pay and pay-for-performance incentives (bonuses) based on achieving personal and company goals. Our Total Rewards program includes industry-leading compensation and benefits plus additional incentives that are designed to meet your needs and those of your family so you can get the most out of your career and your life, including:
- Time Away: Program starts at 20 paid time off days in addition to 11 paid holidays and 8 hours of volunteer time off yearly (time off days are prorated based on start date and program varies based on full or part-time status and management level).
- Planning for the Future: plan for the near and long term with an industry-leading 401K retirement savings plan with matching and company contributions, student loan pay downs and 529 educational save up assistance programs, tuition reimbursement, employee stock purchase plan, and financial learning center and financial coach access.
- Supporting your Health & Well-being: flexible health and insurance options including medical, dental and vision, employee, spouse and child life insurance, short- and long-term disability, pre-tax Health Savings Account with employer contributions, Healthcare FSA, critical illness, accident & hospital indemnity insurance, and a total well-being program that helps you and your family stay on track physically, socially, emotionally, and financially.
- Building a Family: adoption, surrogacy and fertility assistance as well as paid parental and caregiver leave, Dependent Day Care FSA back-up child and adult/elder care days and childcare discounts.
- Work-Life Integration: other benefits including Mentally Fit Employee Assistance Program, subsidized and discounted Weight Watchers® program and other employee discount programs.