Key skills
TypeScriptAINext.jsNode.jsAWSAzureTerraformKubernetesDockerECSCloudFormationIAMAzure ADOAuthAuth0JWTSAMLLDAPActive DirectorySSOCognitoRESTfulSaaSCI/CDOWASP
About this role
Bonterra exists to propel every doer of good to their peak impact, and they are seeking a Senior Software Engineer to design, implement, and maintain secure identity and access management solutions. This role will leverage expertise in modern web application security and collaborate with various teams to ensure secure user experiences across their product portfolio.
Responsibilities:
- Design and implement secure authentication and authorization services, spending approximately 60–70% of time coding and reviewing production-quality code to support scalable IAM capabilities across multiple applications
- Develop and maintain Auth0 integrations, including custom actions, rules, hooks, and tenant configurations, to enable secure SSO, MFA, adaptive authentication, passwordless login, and session management
- Implement OAuth 2.0 and OpenID Connect flows (authorization code with PKCE, client credentials, device flow, refresh token rotation) and SAML 2.0 integrations to support enterprise and third-party federation requirements
- Build and secure Next.js authentication patterns, including API route protection, middleware authentication, server components, server actions, and session management for App Router and Pages Router implementations
- Integrate enterprise identity providers (e.g., Active Directory, Azure AD, AWS Cognito, LDAP) and develop adapters for legacy or third-party systems to ensure seamless federation and user lifecycle management
- Leverage AI coding assistants and AI-powered security tools in daily development workflows to automate code reviews, improve test coverage, detect vulnerabilities, and enhance adaptive authentication mechanisms
- Collaborate with engineering managers and architects to design large-scale identity solutions, document architecture decisions, and ensure alignment with zero-trust and compliance requirements
- Partner with QA engineers to define, automate, and maintain unit, integration, penetration, and authentication flow tests within CI/CD pipelines to enforce secure deployment standards
- Work with DevOps and SaaS teams to implement secure CI/CD pipelines, infrastructure as code, automated security scanning, and secrets management practices across cloud environments
- Troubleshoot complex production authentication and authorization issues, conduct root cause analyses, and implement performance optimizations for high-volume systems
- Contribute to security and compliance initiatives by supporting audits, documenting controls, and implementing safeguards aligned with frameworks such as SOC 2, GDPR, and CCPA
- Provide technical guidance to peers through design reviews, pair programming, and documentation to promote secure development standards and consistent implementation practices
Requirements:
- Demonstrated experience designing and implementing authentication and authorization systems in production environments
- Strong hands-on expertise with Auth0 or comparable IDaaS platforms, including configuration, customization, and enterprise integrations
- Proficiency in secure software development using Node.js, TypeScript, and modern web frameworks
- Practical experience implementing OAuth 2.0, OpenID Connect, SAML 2.0, JWT validation, RBAC/ABAC models, and zero-trust principles
- Experience securing RESTful APIs and web applications against common vulnerabilities, including OWASP Top 10 risks
- Experience implementing and managing multi-factor authentication solutions and distributed session management
- Familiarity with AWS cloud services, infrastructure as code, CI/CD pipelines, and DevOps practices
- Experience using AI coding assistants and automated security scanning tools to enhance development efficiency and code quality
- Ability to document technical designs, support audits, and align implementations with security and compliance requirements
- Bachelor's degree in Computer Science, Cybersecurity, or related field, or equivalent practical experience
- 3–7 years of progressive software development experience, including at least 2 years focused on identity and access management
- Experience deploying and securing Next.js applications in cloud or edge environments
- Experience migrating legacy authentication systems to modern IDaaS platforms
- Familiarity with Terraform, CloudFormation, containerization (Docker, Kubernetes, ECS), and secrets management tools
- Exposure to advanced identity protocols, passwordless authentication, WebAuthn, and OAuth extensions
- Experience integrating AI-driven threat detection, anomaly detection, or behavioral analysis into authentication systems
- Experience supporting security incident response, logging, monitoring, and SIEM integrations
- Auth0 certifications or equivalent advanced tenant administration experience