Microsoft Entra B2C CIAM Engineer

We are at the forefront of transforming the future of technology in the financial industry, and we seek curious, practical individuals to help us pave the way. Our team is not intimidated by taking calculated risks, as they relish a good challenge and are eager to engage in problem-solving. As a member of our team, you will work alongside like-minded experts in a culture that is deeply rooted in innovation and progression. Join us to be part of a transformative journey that can shape the industry's future. 

We are seeking a highly skilled Microsoft Entra B2C (Customer Identity and Access Management – CIAM) Engineer to design, build, and operate secure, scalable identity solutions for external users. This role focuses on delivering modern authentication, registration, and user management capabilities for customer-facing applications using Microsoft Entra External ID.  

The ideal candidate will have a deep understanding of identity and access management principles, technologies, and best practices. This role involves implementing and managing IAM solutions to ensure the security and efficiency of our IT infrastructure. 

Key Responsibilities - CIAM Architecture & Engineering  

Design and implement CIAM solutions using Microsoft Entra B2C. Build and maintain custom policies (IEF). Define identity architecture for onboarding, authentication, and federation.  

Authentication & Identity Federation  

Configure OpenID Connect, OAuth 2.0, and SAML. Integrate social and enterprise identity providers. Design secure token issuance and validation strategies.  

User Journeys & Experience  

Develop self-service registration, invite onboarding, password reset, and MFA flows. Customize UI/UX, branding, and localization. Implement progressive profiling.  

Application & API Integration  

Integrate B2C with web, mobile, and APIs. Implement claims transformation and token customization. Collaborate with dev teams on token usage.  

Identity Lifecycle Management  

Manage external identities, custom attributes, and schema. Implement provisioning, synchronization, and lifecycle processes.  

Security & Risk Management  

Implement MFA, session controls, and Zero Trust patterns. Protect against account takeover and fraud scenarios.  

Operations & Support  

Monitor platform performance, troubleshoot issues, provide Tier 3 support, and maintain documentation.  

Required Qualifications  

Experience with CIAM and Microsoft Entra B2C. Strong knowledge of OIDC, OAuth, and SAML. Experience with custom policies (IEF), APIs, and token-based authentication.  

Preferred Qualifications  

Experience with identity sync, API-driven architectures, and Zero Trust. Certifications such as SC-300 preferred.  

Core Competencies  

Strong troubleshooting skills, ability to translate business requirements, and excellent collaboration capabilities.  

Role Impact  

Delivers secure customer identity experiences, protects external applications, and enables scalable digital identity platforms. 

 In addition, you will: 

Collaborate with stakeholders to understand business requirements and translate them into IAM solution designs using SailPoint Identity Security Cloud (formerly IdentityNow). 

• Manage and maintain IAM platforms, ensuring their stability, security, and performance. 
• Enforce IAM policies, procedures, and standards. 
• Develop and maintain detailed documentation for IAM processes and systems. 
• Conduct thorough testing of the IAM solution to ensure its reliability, functionality, and performance. 
• Stay updated on the latest IAM technologies, trends, and best practices to continuously improve the organization's IAM capabilities. 

 What you will need to have: 

•  Bachelor's degree in computer science, Information Systems, or a related field (or equivalent experience). 
•  Over 7 years of direct IAM related experiences 
•  Proven experience as an IAM Engineer, specifically implementing the Microsoft B2C in medium to large Organizations 
•  Strong knowledge of identity and access management concepts, principles, and technologies. 
•  Hands-on experience with IAM solution design, implementation, and integration. 
•  Familiarity with authentication protocols (e.g., SAML, OAuth, OpenID Connect) and directory services (e.g., LDAP, Active Directory). 
• Strong analytical and problem-solving skills, with the ability to assess complex environments and identify areas for improvement. 
•  Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and stakeholders. 

Good to have: 

• Proficient in programming/scripting languages (e.g., Java, PowerShell, Python) for customization and automation. 
• Relevant certifications such as Certified Identity Management Professional (CIMP) are highly desirable. 
   

About Us

What we give you in return:

Not many teams can say that they support people’s dreams coming to life… We happen to do that every day. And as important as we know your career is, we recognize that there’s a whole lot more to life. To ensure that our Employees can make the most of their time outside of working hours, we offer a competitive salary and for full-time roles, a benefits package including:

• Inclusive health, dental, vision and life insurance plans built to support diverse lifestyles, offer preventative care, and protect against hardship.
• Easy access to mental health benefits to meet our team members and their families where they are.
• 20 plus days of paid time off (PTO), paid holidays, and 2 paid wellness days to give our employees the time they need to stay close with their loved ones, recharge, and give back to their communities.
• 401(k) Savings plan with a generous company contribution (up to 5%), and access to a financial professional to offer our employees the opportunity to plan-ahead for a strong financial future well beyond their working years.
• Paid parental leave to support all team members with birth, adoption, and foster.
• Health Savings and Flexible Spending Account options to help you save money on healthcare, daycare, commuting, and more.
• Employee Assistance Program (EAP), LifeLock, Pet Insurance and more.

About Cetera Financial Group:

Cetera Financial Group® ("Cetera") is a leading network of independent retail broker-dealers empowering the delivery of objective financial advice to individuals, families and company retirement plans across the country through trusted financial advisors and financial institutions. Cetera is one of the largest independent financial advisor networks in the nation by number of advisors, as well as a leading provider of retail services to the investment programs of banks and credit unions.

Through its multiple distinct firms, Cetera offers independent and institutions-based advisors the benefits of a large, established broker-dealer and registered investment adviser, while serving advisors and institutions in a way that is customized to their needs and aspirations. Advisor support resources offered through Cetera include award-winning wealth management and advisory platforms, comprehensive broker-dealer and registered investment adviser services, practice management support, and innovative technology.

"Cetera Financial Group" refers to the network of independent retail firms encompassing, among others, Cetera Advisors LLC, Cetera Wealth Services LLC (f/k/a Cetera Advisor Networks), Cetera Investment Services LLC (marketed as Cetera Financial Institutions, or Cetera Investors. All firms are members FINRA/SIPC.

Cetera Financial Group is committed to providing an equal employment opportunity for all applicants and employees. For us, this is the only acceptable way to do business. Accordingly, all employment decisions at Cetera Financial Group, including those relating to hiring, promotion, transfers, benefits, compensation, and placement, will be made without regard to race, color, ancestry, national origin, citizenship, age, physical and/or mental disability, medical condition, pregnancy, genetic characteristics, religion, religious dress and/or grooming, gender, gender identity, gender expression, sexual orientation, marital status, U.S. military status, political affiliation, or any other class protected by state and/or federal law.

Agencies please note: this recruitment assignment is being managed directly by Cetera’s Talent Acquisition team. We will reach out to our preferred agency partners in the rare instance we require additional talent options. Your respect for this process is appreciated.

Please review our Workforce Privacy Policy for further details on what information we collect and the purposes for collection.