Principal Platform Engineer Authentication

The Platform Engineering team (R&D) builds and operates the foundational infrastructure that powers IFS Cloud. Were organised into platform teams each led by a technical lead who sets direction and leads a squad of engineers.

The Identity & Access Management domain sits at the heart of IFSs platform. Every IFS product IFS Cloud Nexus / Remote depends on secure reliable authentication. Were looking for a Domain Owner for Authentication: a hands-on technical leader who combines deep identity-management expertise with a platform-engineering automation-first mindset.

This is a Principal-level Architect / Team Lead role. Youll own the Authentication subdomain end-to-end: strategy architecture delivery and team health. Youll partner with the Authorization Domain Owner your domains Program Manager and engineering leadership to drive the IFS-wide consolidation of identity providers with Curity positioned as the single identity platform replacing Entra ID Keycloak and others across IFS.

We care about the quality of your experience not just the years. A senior engineer with four years of deep deliberate work on modern identity platforms is more interesting than someone with fifteen years of incidental exposure.

What youll own

Architecture & Delivery

• Architect and evolve IFSs authentication stack: Curity (strategic IDP for Nexus today IFS-wide tomorrow) Keycloak (IFS Cloud) and legacy IFSIM.
• Drive the multi-year Curity consolidation  replacing fragmented identity providers across IFS products and internal systems (Thor time registration internal tooling) with a single coherent platform.
• Resolve known technical debt: Curity performance bottlenecks at scale high-latency integration flows disaster-recovery gaps and the long tail of non-production-ready configuration.
• Define and evangelise authentication patterns across Nexus microservices IFS Cloud and federated customer identity providers.

Platform Engineering Mindset

• Treat identity infrastructure as a product with self-service observability and automation as first-class citizens.
• Replace ticket-driven identity work with declarative GitOps-style configuration and well-documented platform capabilities.
• Partner with DevOps and SRE to improve monitoring alerting and DR posture for auth services deployed across Azure AKS clusters.

Technical Leadership

• Lead and mentor the AuthNCore squad setting technical direction and raising the engineering bar.
• Own the overall quality of code output from the squad  coding standards code review culture test coverage and engineering craftsmanship are yours to set and uphold.
• Work closely with your domain Program Manager to sequence and schedule delivery balance project work against technical-debt reduction and keep commitments realistic.
• Collaborate closely with the Authorization Domain Owner (who also sits in the Identity & Access Management domain) authentication and authorization must work as one coherent offering.
• Work across product engineering security and compliance to ensure authentication needs are embedded in every application and workflow.
• Champion modern standards (OAuth 2.0 / OIDC SAML mTLS PKCE JWT) stay ahead of evolving trends and bring that perspective back into IFSs roadmap.

Strategy & Roadmapping

• Own the Authentication roadmap aligning it with platform priorities security goals and customer requirements.
• Evaluate emerging technologies and vendors where relevant (without being fashion-driven).
• Contribute to broader platform strategy as part of the Identity & Access Management leadership group.

Qualifications :

Must-have

• Deep demonstrable experience with modern identity management OAuth 2.0 OpenID Connect SAML JWT PKCE federated identity.
• Hands-on engineering work with one or more identity platforms at scale: Curity Keycloak Auth0 Okta Ping ForgeRock or similar.
• Production experience on a major cloud  Azure preferred (AKS Key Vault Front Door Entra ID); AWS/GCP transferable.
• Strong software engineering foundations (Java Go or similar server-side languages).
• Experience designing for multi-tenant SaaS: per-tenant isolation key rotation blue/green deployment DR.
• Experience leading and mentoring engineers either as a tech lead principal or hands-on engineering manager.

Nice-to-have

• Experience working in a platform-engineering model (internal developer platform self-service capabilities).
• Exposure to observability tooling (Prometheus Grafana OpenTelemetry Datadog Splunk).
• Background in compliance-heavy environments (SOC 2 ISO 27001 FedRAMP).
• Familiarity with event-driven architectures (Kafka NATS JetStream).
• Contributions to open-source identity projects or published writing / speaking on identity topics.

How you work

• Automation-first. If you find yourself doing the same thing twice youre looking for how to codify it.
• Pragmatic. You balance ideal architecture with whats deliverable and you know technical debt is a choice you make that choice deliberately.
• Collaborative. Identity is a cross-cutting concern; you influence rather than mandate and you build allies across engineering.
• Clear communicator. You can explain a nuanced security trade-off to a non-technical stakeholder and get them to the right decision.
• Team-focused. You grow the engineers around you. The squads output is your output.

Why this role

• Genuine platform ownership. You arent a cog you own the subdomain and set direction.
• Strategic leverage. Curity consolidation is a multi-year high-visibility programme. Your work shapes every IFS product.
• A team to build on. The AuthNCore squad has strong engineers and a clear mandate but has also been through attrition. Youll stabilise it and grow it.
• Modern stack real scale. Azure AKS Curity Kafka/NATS MongoDB Atlas OpenTelemetry serving hundreds of customers across the IFS product suite.

Additional Information :

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles while also valuing inclusive workplace experiences. By fostering a sense of community we drive innovation strengthen connections and nurture belonging. Our commitment ensures you can work in a way that suits you best while also engaging with colleagues to share ideas and build meaningful relationships.

Remote Work :

No

Employment Type :

Full-time