Backend Java Developers (IAM)

Position: Backend Java Developers (IAM)

Location: onsite 2 weeks per month in Merrimack, NH or Westlake, TX

Duration: 7 months

Visa: USC/ EAD

Onsite two weeks per month in Merrimack, NH or Westlake, TX.

10 years of experience

Must Have Skills: Identity and Access Management (IAM), Backend-Java, Python, modern authentication protocols: OAuth 2.0, AWS, OPA/Rego for attribute-based access control (ABAC).

About the Project:
Join a high-impact squad responsible for building Fidelity s Common Authentication and Authorization platform. This initiative aims to deliver a secure, scalable, and resilient identity and access management solution that supports federated identity, SSO, MFA, and advanced authorization protocols like OPA/Rego.

Key Responsibilities:

• Design and develop scalable backend services to support federated identity and single sign-on (SSO) capabilities.
• Implement robust authentication mechanisms (OAuth, OpenID Connect, SAML, MFA, adaptive and risk-based authentication).
• Develop and integrate authorization policies using OPA (Open Policy Agent) and Rego.
• Build secure and compliant APIs to integrate with internal systems.
• Ensure platform resiliency and support disaster recovery planning.
• Create real-time logging, alerting, and monitoring systems to track authentication and authorization events.
• Contribute to platform extensibility for future integrations and enhancements.
• Collaborate with Information Security Programmers and UX Designers to deliver secure and user-friendly features.

Required Skills and Experience:
10 years of hands-on software development experience with a strong focus on backend systems.

• Deep experience with Identity and Access Management (IAM) technologies.
• Proficient in Java, Go, Python, or similar backend languages.
• Expertise in modern authentication protocols: OAuth 2.0, OpenID Connect, SAML.
• Experience with OPA/Rego for attribute-based access control (ABAC).
• Familiarity with federated identity solutions and SSO implementation.
• Proven experience in integrating authentication/authorization with APIs and microservices.
• Strong knowledge of SOC 1 compliance requirements.
• Experience with cloud platforms (AWS/Azure), CI/CD pipelines, and containerization (Docker, Kubernetes).
• Strong understanding of secure coding practices and threat modeling.
• Familiar with logging/monitoring tools such as Splunk, ELK Stack, or similar.

Nice to Have:

• Experience in the financial services or banking industry.
• Familiarity with risk-based authentication and behavioral analytics.

Previous work with global, enterprise-scale identity platforms.