Staff Software Engineer

For more than 25 years, Asurion has been a leader in innovation, not only in the tech solutions industry, but in creating a culture where employees feel valued.The Asurion ID team owns the centralized Customer Identity and Access Management (CIAM) platform that secures every interaction our 350+ million customers have with Asurion globally. We run OAuth 2.1 / OIDC at scale on Ory Hydra, operate our own login and account-recovery UI, and manage fine-grained authorization (scopes, entitlements, plan access) for every downstream product and partner. As CIAM becomes the control plane for both human users and the rapidly growing population of AI agents acting on their behalf, our work is moving to the center of Asurion's product strategy.As a Staff Engineer on Asurion ID, you will set the technical direction for our CIAM platform and the small, high-leverage team (3-5 engineers) that builds it. You will partner with security, privacy, product, and partner-facing engineering teams across Asurion to design identity and authorization primitives that are secure by default, developer-friendly, and ready for an AI-native 2026. You won't just write code — you'll define the architecture, raise the engineering bar, and measure impact in customer trust, login conversion, fraud prevented, and developer adoption across the company.ESSENTIAL JOB SKILLS/DUTIES:Own the multi-year technical strategy and roadmap for Asurion's CIAM platform — authentication, authorization, session management, and account lifecycleLead the design and evolution of our Ory Hydra–based OAuth/OIDC stack, custom login experience, and scope/entitlement service that gates customer access to plans and actionsDrive the move toward passwordless and phishing-resistant authentication (passkeys / WebAuthn, device-bound credentials) and modern fraud-resistant flowsDefine how AI agents authenticate and act on behalf of customers — delegated authorization, short-lived scoped agent tokens, consent UX, and end-to-end audit — and partner with platform teams adopting MCP and other agentic patternsApply AI/ML to the identity surface itself: anomaly and account-takeover detection, risk-based step-up authentication, and AI-assisted account recovery and support flows that stay strictly within consent and privacy boundariesSet engineering standards (testing, observability, SLOs, secure SDLC, threat modeling) and raise the bar for code quality, performance, and resilience across the teamMentor senior and mid-level engineers; multiply the team's impact through reviews, design docs, and technical coachingInfluence beyond the team — write the RFCs, give the talks, and build the relationships that get the rest of Asurion engineering to adopt our identity primitives instead of rolling their ownPartner with product, design, security, legal/privacy, and compliance to ship value continuously and safely (PCI, SOC 2, GDPR/CCPA, regional data residency)SKILLS:Technical skills:Deep expertise in identity standards: OAuth 2.0/2.1, OIDC, SAML, SCIM, FIDO2 / WebAuthn / passkeys, JWT/JWS/JWE, DPoPHands-on experience operating an OAuth/OIDC authorization server in production — Ory Hydra, Keycloak, Auth0, Okta, or similarStrong background in authorization models and policy engines: RBAC, ABAC, ReBAC; experience with OPA, Cedar, or SpiceDB / Zanzibar-style systems is a plusFamiliarity with our stack: TypeScript, JavaScript, Java, Node.js, Angular, React, React Native, AWS, Docker, ServerlessProven track record building and operating high-scale, low-latency, customer-facing services (multi-region, millions of requests per day)Practical experience integrating AI capabilities into production systems — LLMs, agentic workflows, MCP, evals, guardrails — and a clear point of view on where AI belongs in the identity stack and where it doesn'tStrong security instincts: threat modeling, secure SDLC, secrets and key management, incident response; comfortable owning the security posture of a customer-facing platformModern delivery: CI/CD, infrastructure as code, observability (metrics/logs/traces), progressive delivery, and SLO-driven operationsSoft/Leadership skills:Sets and communicates technical vision; influences peers and senior leaders without relying on authorityEffective problem solver; navigates ambiguity, frames trade-offs clearly, and drives decisions to closureMultiplies the team — mentors engineers, raises the bar on design and code reviews, and grows future tech leadsBuilds trust-based relationships across product, design, security, partner, and platform organizationsStrong business acumen; connects identity investments to customer trust, conversion, fraud loss, and partner enablementLeads change thoughtfully; champions continuous improvement and a customer-first mindsetAnticipates risk — security, privacy, regulatory, operational — and gets ahead of itAccountable for the team's technical outcomes and for the broader CIAM platform's reliability and securityEDUCATION AND EXPERIENCE:Required Education And Experience9+ years of full-stack or backend engineering experience building high-scale, customer-facing products, with at least 4+ years focused on identity, access management, or platform securityDemonstrated experience leading the technical direction of a platform team or critical shared serviceBachelor's Degree in Computer Science, Software Engineering, Computer Engineering, Electrical Engineering, Electronics Engineering, or related field (or equivalent practical experience)PreferredExperience with the Ory ecosystem (Hydra, Kratos, Keto, Oathkeeper)Experience designing identity and authorization patterns for AI agents acting on behalf of usersContributions to identity standards (IETF / OpenID Foundation working groups) or open-source identity projectsBackground in regulated industries (telecom, fintech, insurance)