IAM Expert (Auth0 and Kong)

We are seeking a highly skilledIAM Expert with deep hands-on experience inAuth0 andKong API Gateway to design, implement, and manage secure identity, authentication, authorization, and API access strategies across cloud-native platforms. This role is critical in enabling secure, scalable, and compliant access for users, services, and APIs in a microservices-driven ecosystem.

You will work closely with platform engineering, application teams, DevSecOps, and compliance stakeholders to ensure best-in-class identity and API security architecture.

• Design and implement anend-to-end IAM architecture usingAuth0 for customer, workforce, and machine-to-machine identities.
• Configure and manageOAuth 2.0, OpenID Connect (OIDC), SAML , and JWT-based authentication flows.
• ImplementRBAC, ABAC, and fine-grained authorization models across applications and APIs.
• Manageuser lifecycle , federation, social logins, enterprise identity providers, and MFA strategies.
• CustomizeAuth0 Rules, Actions, Hooks, and Custom Domains to meet business and security requirements.

• Design and manageAPI security architecture usingKong Gateway (OSS/Enterprise) .
• Implement JWT, OAuth2, OIDC, mTLS, API keys, and rate limiting using Kong plugins.
• IntegrateAuth0 with Kong to provide centralized API authentication and authorization.
• Securenorth-south and east-west traffic for microservices.
• Implement API policies for throttling, quotas, logging, and abuse prevention.

• Secure microservices running onKubernetes using identity-aware access patterns.
• Implementservice-to-service authentication using OAuth2, mTLS, or SPIFFE-like models.
• Integrate IAM withCI/CD pipelines to secure secrets and tokens and enable automated deployments.
• Work acrossAWS, Azure, or GCP IAM ecosystems and align Auth0/Kong with cloud-native services.

• Ensure IAM and API security designs comply withHIPAA, SOC 2, ISO 27001, GDPR , or similar standards.
• Defineaudit logging, access reviews, token rotation, and zero-trust principles .
• Participate in security reviews, threat modeling, and incident response related to identity or API access.

• Act as anIAM subject-matter expert (SME) across engineering teams.
• Provide guidance, documentation, and best practices for developers and DevOps teams.
• Mentor junior engineers on IAM, API security, and zero-trust architecture.

• 6+ years of experience inIdentity & Access Management
• Strong hands-on expertise withAuth0 (production-scale deployments)
• Strong hands-on expertise withKong API Gateway
• Deep understanding of:
• OAuth 2.0, OIDC, SAML
• JWT, refresh tokens, token introspection
• MFA, passwordless authentication, social & enterprise federation
• Experience designingsecure API authentication and authorization patterns

• Experience withKubernetes , Docker, and microservices architecture
• Familiarity withCI/CD pipelines (GitHub Actions, GitLab CI, Azure DevOps, etc.)
• Experience withSecrets Management (Vault, cloud key vaults, etc.)
• Strong understanding ofTLS, mTLS, certificates , and encryption best practices

• Experience withAWS / Azure / GCP
• Exposure toIAM integration with cloud services
• Logging & monitoring using tools likePrometheus, Grafana, ELK, Datadog , etc.

• Auth0 certifications or Kong Enterprise experience
• Experience withZero Trust Architecture
• Knowledge ofOPA (Open Policy Agent) or policy-as-code
• Experience withB2B, B2C, or SaaS identity platforms
• Prior experience inhealthcare, fintech, or regulated environments

• Strong problem-solving and security mindset
• Excellent communication and documentation skills
• Ability to collaborate across engineering, security, and product teams
• Ownership mentality and attention to detail