Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural in Affirm, enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it! As the Senior Staff Security Engineer for the Consumer Identity & Access Management Program, you will be responsible for leading the design and implementation of robust, secure, and scalable identity management solutions across multiple product lines at Affirm. You will play a key role in ensuring that our applications and services are protected by implementing best practices in authentication, authorization, and user management. Your expertise will help shape our security posture, influence Affirm’s identity strategy, and guide development teams in building a modern CIAM platform.

What you’ll do Own and drive the Consumer Identity & Access Management (CIAM) roadmap for all external identities which includes, consumers, merchant, partners.

Performing threat modeling and security architecture reviews for identity product features.

Provide technical leadership and mentorship to team members on identity standards and security best practices

Participating in the strategic development of methods, techniques, and evaluation criteria for identity related projects and programs

Partner with Affirm product teams to design authentication and authorization solutions across multiple product lines.

Collaborate with engineering teams across the organization to build, support, and enhance authentication and authorization platforms, driving engineering excellence and operational efficiency.

Partner with product teams in the development of security focused test cases to enforce security requirements.

Perform code reviews and provide constructive feedback to peers.

What we look for 10+ years of experience architecting CIAM solutions authentication or authorisation protocols (OAuth, OAuth2, OIDC, SAML, LDAP)

Experience designing and building distributed systems and applications, real-time, scalable web services, REST APIs, developer portals.

Track record of successfully launching CIAM Programs with complex use cases across multiple identity types.

Experience integrating Identity COTS Products, such as Auth0, AWS Cognitos, Okta, etc. into existing web and mobile applications.

Experience with security architecture and design of mobile apps (IOS & Google)

Hands-on development experience with Python, Swift, and Kotlin.

Base Pay Grade  - R Equity Grade  - 8 Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills. Base pay is part of a total compensation package that may include monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents). In addition, the employees may be eligible for equity rewards offered by Affirm Holdings, Inc. (parent company). CAN base pay range per year: $206,000 - $256,000 CAD Location: Remote - Canada