IAM Engineer

Reposted 5 Days Ago
Be an Early Applicant
Bangalore, Bengaluru Urban, Karnataka, IND
In-Office
Senior level
eCommerce
The Role
The IAM Engineer will design, implement, and support client identity and authentication capabilities, focusing on security and compliance. Responsibilities include building federated authentication, managing identity flows, and ensuring secure integration patterns for client-facing applications.
Summary Generated by Built In

Company Description
 

Tradeweb Markets is a world leader in the evolution of electronic trading. A fintech company serving approximately 2,500 clients – including the world’s largest banks, asset managers, hedge funds, insurance companies, wealth managers and retail clients -- in more than 65 countries across the globe. Since our first trade in 1998, we have helped transform and electronify the fixed income markets. Tradeweb is a culture built on innovation, creativity and collaboration. Through a combination of very talented and driven people, innovative products and solutions, cutting-edge technology, market data, and a vast network of clients, we continue to work together to improve the way financial markets trade.

Mission: Move first and never stop. Collaborate with clients to create and build solutions that drive efficiency, connectivity, and transparency in electronic trading.

Tradeweb Markets LLC ("Tradeweb") is proud to be an EEO Minorities/Females/Protected Veterans/Disabled/Affirmative Action Employer.
https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf

Group Details: 


To support our continued growth, we are seeking a results-driven Senior IAM Engineer to join our Identity & Access Management team. This role will engineer and support client identity and authentication capabilities for the products our clients use, delivering secure, scalable, and auditable access.

The ideal candidate will design, implement, and troubleshoot client authentication and federation integrations using SAML 2.0, OIDC, and OAuth 2.0, including hands-on details such as claims/token design, JWKS and key rotation, session management, and secure integration patterns.

You will partner closely with product and engineering teams to standardize authentication and authorization approaches, implement conditional access and MFA/step-up authentication, and support JIT/SCIM provisioning where applicable. You will drive reliability improvements, resolve complex federation issues, and ensure solutions meet security and compliance requirements. Financial services experience and familiarity with SOX/GLBA/FFIEC are strongly preferred.


Job Responsibilities: 

  • Design, implement, and operate CIAM capabilities for client-facing applications, balancing security, scalability, and user experience.
  • Build and support federated authentication and authorization using OIDC and OAuth 2.0 (and SAML where required), including client configuration, scopes, consent, redirect URI strategy, and token/claims design.
  • Own client identity flows such as registration, login, account linking, progressive profiling, and self-service account recovery, including secure handling of email/phone verification.
  • Implement strong authentication patterns for clients, including MFA, step-up authentication, risk-based/conditional access, and session management controls.
  • Integrate applications using modern provisioning and identity lifecycle patterns such as JIT provisioning and SCIM where applicable to client/partner ecosystems.
  • Define and enforce CIAM security standards: secure token lifetimes/refresh strategies, PKCE, key rotation/JWKS, secrets management, and protection against common auth attacks (replay, token theft, redirect abuse).
  • Partner with product and engineering teams to standardize CIAM integration patterns and embed identity into application architecture (roles/permissions, fine-grained authorization, and least privilege).
  • Troubleshoot complex production issues across the auth stack (tokens, redirects, cookies/sessions, upstream IdPs), drive root-cause analysis, and implement durable fixes.
  • Instrument and monitor CIAM services and client auth journeys (logging, metrics, alerting), improving reliability, latency, and conversion while maintaining security.
  • Produce and maintain technical documentation and runbooks for CIAM integrations and operational processes, supporting audits and incident response.
  • Support compliance and risk requirements by enabling evidence collection and reporting around authentication events, policy enforcement, and access anomalies.

Required Qualifications 

  • Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field (or equivalent practical experience).
  • 5+ years of experience in Identity and Access Management, with strong expertise in SSO and modern authentication for client-facing applications.
  • Strong, hands-on experience with OIDC and OAuth 2.0 (and SAML where required), including token/claims design, scopes, PKCE, redirect URI strategy, and key management (JWKS, rotation).
  • Experience designing and implementing end-to-end CIAM journeys: registration, login, account recovery, progressive profiling, and account linking.
  • Experience implementing modern authentication controls such as MFA, step-up authentication, conditional/risk-based access, and secure session management.
  • Working knowledge of user lifecycle automation patterns for client/partner ecosystems, including JIT provisioning and SCIM where applicable.
  • Ability to troubleshoot complex identity issues across distributed systems (cookies/sessions, redirects, tokens, upstream IdPs), perform root-cause analysis, and drive durable remediation.
  • Familiarity with security and compliance expectations in regulated environments (e.g., SOX, ISO 27001, NIST, GLBA) and how they influence authentication, logging, and access controls.
  • Strong written and verbal communication skills, with the ability to translate between product, engineering, security, and compliance stakeholders.
  • Experience producing clear technical documentation and diagrams (e.g., Confluence, Lucidchart/Visio), including integration runbooks, sequence flows, and configuration standards.
  • Highly organized and detail-oriented, with the ability to manage multiple concurrent integrations and production support priorities.

Preferred Qualifications 

  • Proven experience leading or significantly contributing to enterprise-scale SSO/authentication initiatives, including rollout planning, migration/cutover strategies, and production hardening.
  • Deep hands-on experience implementing and operating complex federation patterns, including custom OIDC/OAuth configurations (scopes, policies, claims), SAML metadata/certificate management, and advanced sign-in policies (conditional access, step-up/MFA).
  • Experience designing and implementing authorization frameworks, including RBAC/ABAC, policy-based access control, permission modeling, and standards such as OAuth scopes, OIDC claims, and (where applicable) UMA or OPA-style policy engines.
  • Strong proficiency in scripting or programming for IAM/SSO automation and troubleshooting, using languages such as Python or Go, as well as tools like SQL or PowerShell (e.g., log analysis, token/claim validation, configuration automation).

Skills Required

  • Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or related field
  • 5+ years of experience in Identity and Access Management
  • Strong expertise in SSO and modern authentication for client-facing applications
  • Experience with OIDC, OAuth 2.0, and SAML
  • Experience implementing modern authentication controls such as MFA and conditional access

Tradeweb Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Tradeweb and has not been reviewed or approved by Tradeweb.

  • Fair & Transparent Compensation Feedback suggests pay is generally considered above average for role and market, particularly in specialized finance/tech positions. Employer-posted US salary bands for certain roles indicate healthy total compensation potential.
  • Leave & Time Off Breadth Generous vacation/PTO is frequently highlighted as a standout element. Flexibility in some roles and regions further supports time-off usability.
  • Parental & Family Support Paid parental leave and financial assistance for fertility, adoption and surrogacy are emphasized in company materials. These family-building supports are described as robust for the sector.

Tradeweb Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: New York, NY
1,061 Employees
Year Founded: 1996

What We Do

Tradeweb Markets Inc. (Nasdaq: TW) is a leading, global operator of electronic marketplaces for rates, credit, equities and money markets. Founded in 1996, Tradeweb provides access to markets, data and analytics, electronic trading, straight-through-processing and reporting for more than 40 products to clients in the institutional, wholesale and retail markets. Advanced technologies developed by Tradeweb enhance price discovery, order execution and trade workflows while allowing for greater scale and helping to reduce risks in client trading operations. Tradeweb serves approximately 2,500 clients in more than 65 countries. On average, Tradeweb facilitated more than $1 trillion in notional value traded per day over the past four quarters.

Similar Jobs

Mondelēz International Logo Mondelēz International

IAM CyberArk Engineer

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Remote or Hybrid
India
90000 Employees
In-Office
Bangalore, Bengaluru Urban, Karnataka, IND
100000 Employees
In-Office
Bangalore, Bengaluru Urban, Karnataka, IND
52655 Employees
Hybrid
Bengaluru, Bengaluru Urban, Karnataka, IND

Similar Companies Hiring

PRIMA Thumbnail
Travel • Software • Marketing Tech • Hospitality • eCommerce
US
15 Employees
Scotch Thumbnail
Artificial Intelligence • eCommerce • Fintech • Payments • Retail • Software • Analytics
US
35 Employees
Golden Pet Brands Thumbnail
Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo, California
178 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account