Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm values information security as a critical part of the company’s continued success. Our mission is to make information security programmatic and cultural in Affirm, enabling the company to succeed in building honest financial products. The Security team posture increases security and reduces risk while securely enabling access to information for those who need it!
The Senior Product Security Engineer candidate will have experience building and architecting software as part of a larger team. The ideal candidate will work effectively with product and engineering teams to evaluate and influence product requirements, design, and implementation to improve the security of Affirm’s products.
What you’ll do
Architect and implement scalable CIAM solutions for both B2C and B2B platforms, integrating identity services such as registration, authentication, authorisation, and profile management.
Design and maintain identity federation and SSO integrations using standards like OAuth 2.0, OIDC, SAML, and SCIM to support customer and partner ecosystems.
Enhance customer experience by optimising secure login flows, progressive profiling, MFA/biometric adoption, and adaptive authentication mechanisms.
Develop and maintain APIs enabling seamless integration of CIAM capabilities across web, mobile, and partner applications.
Collaborate with security and compliance teams to ensure adherence to privacy regulations (GDPR, CCPA) and implement identity governance and consent management frameworks.
Automate CIAM infrastructure and workflows, leveraging DevOps practices, IaC (e.g., Terraform), and CI/CD pipelines to ensure reliability and repeatability.
Monitor and optimise performance and security posture, including threat detection, anomaly response, and continuous improvement of authentication systems.
What we look for
Hands-on experience with leading CIAM platforms such as Okta, Auth0, Ping Identity, ForgeRock, or Azure AD B2C — including customization, integration, and lifecycle management.
Strong software engineering and automation background, with proficiency in APIs, RESTful services, scripting (Python, JavaScript, etc.), and Infrastructure as Code (Terraform, CloudFormation).
Security-first mindset with knowledge of best practices in identity governance, access controls, encryption, MFA, risk-based authentication, and compliance (GDPR, SOC 2, PCI). Excellent written and verbal communication skills, with the ability to clearly explain complex identity concepts to both technical and non-technical audiences and collaborate effectively across teams. Compensation & Benefits
Pay Grade - N
Equity grade - 5
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.
Base pay is part of a total compensation package that may include monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidised medical coverage, dental and vision for you and your dependents). In addition, the employees may be eligible for equity rewards offered by Affirm Holdings, Inc. (parent company).
Base pay range per year: £117,000 - £157,000
Location: Remote UK
Additional benefits include:
• Type of employment: Contract of Employment
• Flexible Spending Wallets for tech, food and lifestyle
• Away Days - wellness days to take off work and recharge
• Learning & Development programs
• Parental benefits
• Employee Resource & Community Groups
• This role is eligible for creative tax benefits, subject to applicable law and company policy
#LI-Remote