Job
Description
Position summary: We are seeking a skilled and security-focused Software Engineer to design, develop, and enhance Identity and Access Management (IAM) components for our modern SaaS platform. The ideal candidate will have deep expertise in implementing Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) mechanisms using Java Spring Boot microservices architecture. Key Responsibilities: Design and implement scalable and secure IAM systems supporting RBAC and ABAC models. Develop microservices and APIs for authentication, authorization, user provisioning, and policy evaluation using Spring Boot. Define and manage access policies, roles, groups, permissions, and attributes. Collaborate with security architects to ensure compliance with industry standards (e.g., OAuth2, OIDC, SAML, SCIM). Integrate IAM systems with internal microservices and external identity providers (e.g., Okta, Keycloak, Azure AD). Implement fine-grained access controls and dynamic authorization logic. Contribute to architecture decisions, code reviews, and technical documentation. Ensure high performance, reliability, and security of access management services. Participate in DevSecOps practices including secure coding, testing, and monitoring. Basic Qualifications Bachelor's or Master’s degree in Computer Science or a related field. 3+ years of hands-on experience with Java and Spring Boot. Strong experience with IAM concepts including RBAC, ABAC, authentication/authorization protocols, and directory services. Solid understanding of microservices architecture, API security, and distributed systems. Familiarity with OAuth2, OIDC, SAML, and JWT-based security models. Experience with policy engines like OPA (Open Policy Agent), Keycloak Authorization Services, or XACML is a plus. Proficiency in RESTful API development, security best practices, and secure coding standards. Preferred Qualifications Experience working with cloud platforms (AWS, GCP, or Azure). Knowledge of DevOps tools (Docker, Kubernetes, CI/CD pipelines). Exposure to multi-tenant SaaS access control challenges. Familiarity with SCIM protocol for user/group provisioning. Knowledge of auditing, logging, and monitoring for access-related events.
