×
Register Here to Apply for Jobs or Post Jobs. X
More jobs:

Principal Identity and API Architect

Job in New York, New York County, New York, 10261, USA
Listing for: TripleLift
Full Time position
Listed on 2026-07-08
Job specializations:
  • Security
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 175000 - 250000 USD Yearly USD 175000.00 250000.00 YEAR
Job Description & How to Apply Below
Location: New York

About Triple Lift

We're Triple Lift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance.

Overview

The Senior/Principal Identity and API Architect plays a critical role in driving Triple Lift’s identity infrastructure and API security strategy within the Exchange team, directly influencing how we authenticate and authorize publishers, buyers, and platform partners across our programmatic marketplace. In this position, you will partner closely with Engineering, Product, and Services teams to design and own the end-to-end identity architecture that underpins our Exchange’s security, scalability, and interoperability.

This is an exciting opportunity for someone who wants to build a best-in-class identity platform from the ground up, shaping how Triple Lift authenticates billions of programmatic transactions while serving as a strategic thought partner to Exchange leadership on API governance and access control.

Responsibilities
  • Architect and own Triple Lift’s end-to-end identity platform, including tenant models, SSO integrations, machine-to-machine authentication, and delegated administration for publishers and demand partners.
  • Design and implement Auth0 tenant architecture, including custom domains, enterprise connections, Actions/Rules, and token lifecycle management (refresh rotation, session policies, JWKS).
  • Define and enforce OAuth 2.0 and OIDC flows across the Exchange — including PKCE, M2M client credentials, and device authorization — ensuring secure and consistent authentication for all platform participants.
  • Build and operate multi-tenant authorization models using OpenFGA or comparable ReBAC systems (e.g., SpiceDB, Ory Keto), enabling fine‑grained access control across publisher hierarchies (networks, properties, seats, users).
  • Own the API gateway layer, designing rate limiting, scoped token validation, mTLS enforcement, and consistent error semantics across Traefik, Kong, AWS API Gateway, or equivalent infrastructure.
  • Lead publisher-side identity integrations, including federated SSO (SAML 2.0, OIDC) for enterprise onboarding, delegated self-service administration, and integration of first‑party data and authenticated traffic signals into programmatic decisioning.
  • Lead demand-side identity integrations, including DSP and agency API authentication (OAuth 2.0 M2M, API key management), partner onboarding flows, and identity traceability across bid request/response flows for audit, fraud detection, and deal enforcement.
  • Manage AWS identity and API infrastructure, including IAM roles and cross‑account trust, Cognito integration patterns, Secrets Manager and KMS for credential lifecycle, and STS‑based service‑to‑service auth in multi‑account environments.
  • Establish and maintain identity and API security standards, conducting threat modeling, reviewing integrations for compliance with RBAC/ABAC/ReBAC policies, and responding to security incidents.
  • Serve as the internal subject‑matter expert on identity and API architecture, partnering with Engineering, Legal, and Partnerships to advise on protocol selection, vendor evaluation, and regulatory considerations (e.g., GDPR, CCPA as they relate to identity signals).
  • Mentor engineers across the Exchange team on identity best practices, OAuth/OIDC protocol nuances, and secure API design patterns.
Education & Requirements
  • 8+ years of software engineering or platform architecture experience, with at least 4 years focused on identity, IAM, or API security
  • 2+ years of hands‑on production experience with Okta's Auth0, including:
    • Tenant architecture, custom domains, and enterprise connections
    • Actions/Rules/Hooks and the Auth0 Management API
    • OIDC/OAuth 2.0 flows including PKCE,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary