Senior Authorization Engineer

At KMS Technology, we are dedicated to delivering cutting-edge solutions and services that empower businesses to achieve their goals. Our team is composed of highly skilled professionals who are passionate about technology and innovation. We provide a dynamic and collaborative work environment where you can grow your career and make a significant impact.

We're looking for a highly skilled Senior Authorization Engineer to join our Operations team. This critical role is centered on maintaining the integrity, availability, and security of our core platform's authentication and authorization systems.

The successful candidate will be the primary administrator for our Identity and Access Management (IAM) infrastructure. You will be responsible for the configuration, monitoring, and troubleshooting of systems that rely on modern protocols like OAuth 2.0, OpenID Connect (OIDC), and JSON Web Tokens (JWT) to ensure secure access for our millions of learners and business customers. This role combines deep operational expertise with a strong security mindset.

Responsibilities:

Identity and Access Management (IAM)

• Design, implement, and maintain the infrastructure supporting the company's identity providers and directories (e.g., Active Directory, LDAP, Okta, Auth0).

• Own the configuration and enforcement of authentication and authorization policies across microservices, leveraging OAuth 2.0, OIDC, and JWT.

• Develop and manage automation scripts (e.g., Python, PowerShell, or Bash) for routine system health checks, user provisioning, and access reviews.

• Manage the lifecycle of certificates, secrets, and encryption keys necessary for secure communications and token signing.

System Operations and Security

• Administer and maintain robust, high-availability Linux and Windows server environments in the cloud (Azure/AWS).

• Proactively monitor system performance, security logs, and error reporting related to access control and authentication failures.

• Troubleshoot complex, multi-system authentication and authorization issues, working closely with engineering teams to resolve security-related incidents quickly.

• Ensure all identity and infrastructure configurations comply with internal security standards and external regulatory requirements.

Collaboration and Documentation

• Create and maintain detailed documentation for IAM architectures, operational procedures, runbooks, and troubleshooting guides.

• Collaborate with Development teams to integrate new applications and services smoothly into the existing centralized authentication framework.

• Minimum of 5+ years of professional experience in Systems Administration, DevOps, or Security Engineering, with a focus on IAM.

• Expert practical knowledge of OAuth 2.0 and OpenID Connect (OIDC), including understanding of various grant types (e.g., Authorization Code Flow, Client Credentials).

• Deep familiarity with the structure, validation, and security implications of JSON Web Tokens (JWT).

• Proven experience administering identity providers (e.g., Okta, Azure AD, or similar IdP solutions).

• Strong hands-on experience managing and securing operating systems (Linux/Windows) in a major cloud environment (Azure or AWS).

• Proficiency in scripting or programming for automation (e.g., Python, Bash, or PowerShell).

• Familiarity with containerization (Docker) and configuration management tools (e.g., Terraform, Ansible).

Preferred Skills

• Experience in a heavily regulated environment (e.g., finance, healthcare).

• Certifications such as Microsoft Azure Security Engineer (AZ-500) or equivalent.

• Experience with API Gateway management and applying token validation at the gateway level.

Perks you enjoy at KMS Mexico

• Mexican law benefits
• 15 days of PTO (in year zero, from the first year onwards it is 3 days per year).
• 5 days' leave for the death of immediate family members, negotiable.
• Major Medical Expenses Insurance with coverage for immediate dependents (spouse and children).
• Annual performance bonus (≈10% of annualized salary).
• Annual salary adjustment.
• Employee Referral Bonus.
• Paid Certifications / Courses
• Coursera License.
• 5% Savings Fund.
• 5% Grocery Vouchers.