Identity & Access Management (IAM) Engineer - B2B

With 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we’re a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.

At StoneX, we offer you the opportunity to be part of an institutional-grade financial services network that connects companies, organizations, and investors to the global markets ecosystem. As a team member, you'll benefit from our unique blend of digital platforms, comprehensive clearing and execution services, personalized high-touch support, and deep industry expertise. Elevate your career with us and make a significant impact in the world of global finance.

Business Segment Overview: Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.

Responsibilities

Position Purpose: StoneX requires the expertise of an Okta Contractor to support internal software development and platform engineering teams in implementing advanced Okta configurations, enhancing security, and automating identity workflows. This engagement will focus on securing and scaling identity solutions across workforce and customer applications while ensuring that operational and development teams are trained in best practices. In this role, you will take an important part in optimizing, securing, and scaling our Okta platform, ensuring it remains a robust foundation for millions of interactions. Our journey is also one of governance, as we contribute to efforts that ensure our platforms meet industry standards and regulatory requirements.

Primary duties will include:

• Develop and configure Okta Workflows to streamline the setup of OpenID Connect applications, including the creation of associated groups, assigning administrative roles, and setting up custom authorization servers with scoped security.
• Create workflows to automate the integration of third-party identity providers and provide troubleshooting assistance for federation-related issues.
• Support development teams in implementing OpenID Connect auth flows using Okta SDKs.
• Offer guidance to ensure client-facing apps are both efficient and secure, utilizing CIAM (Customer Identity and Access Management) best practices.
• Assist with maturing StoneX’s Okta workforce tenants, including transitioning from static to risk-based authentication policies and roll out of passwordless authentication flows.
• Assist internal software development teams in implementing customer-friendly UX for the upcoming flagship app, covering features such as MFA enrollment, registration flows, lockout handling, step-up authentication, and session management.
• Collaborate with development teams to design a scalable, secure model for Okta auth server configurations. Educate teams on necessary auth server changes and guide them through the migration process, ensuring alignment with secure downstream API consumption.
• Develop training materials on new Okta functionalities to operational, identity-focused teams.
• Educate operational teams on best practices for application health monitoring and SCIM integrations, especially for applications currently lacking provisioning capabilities.
• Work with the Platform Engineering team to build an IaC repository to automate Okta application lifecycle management, including app creation, group management, and policy configuration.
• Support the migration of StoneX’s internal M2M (machine-to-machine) authorization platform to use Okta client credentials flow for OIDC applications.
• Assist with the migration of applications currently using Entra for Single Sign-On (SSO) to Okta, ensuring minimal disruption and secure integration.

Qualifications

To land this role you will need:

You need to have a history of being self-motivated and capable of solving problems with minimal oversight. The ability to learn quickly and retain information is key to being successful in this role. You have strong experience working in a competitive, fast-paced, highly technical environment, ideally in the Financial Services industry. You must have a proven ability to establish structure, process and frameworks to operate at scale.

• 3+ years of experience engineering and deploying custom app integrations and new functionalities in Okta (SAML/OpenID Connect).
• 5+ years of experience in the identity management space.
• Possess a high level of attention to detail and accuracy.
• Experience with automation and/or scripting using Okta APIs.
• Experience with Okta Workflows Engine.
• Experience with implementing Okta with customer identity (CIAM) use cases.
• Strong experience with OIDC auth flows and custom authorization server configuration.
• Desired experience with object-oriented programming languages with emphasis on C# / .NET.
• Must possess a strong ability to document standards and processes.
• Ability to manage multiple competing priorities, and work effectively under the pressure of time constraints in a fast-paced, collaborative environment.
• Ability to work independently and manage workload with minimal supervision.

Education / Certification requirements: in at least one of or working towards the following:

• Bachelor's degree in computer science, Information Security, or related field.
• Okta Certified Developer – Workforce Identity Cloud certification (required).
• Okta Certified Administrator (optional, highly desired).
• Okta Certified Professional certification (optional, highly desired).
• Relevant industry certifications such as CIAM, CISA, CAMS (desired).
• Other appropriate field certifications may be considered.

Working environment:

• Hybrid (2 days from home, 3 days from the office) at ul. Mogilska 35, Cracow.
• Length of contract - 6 to 12 months