Ally Financial Careers

At Ally, you get a startup feel, but experience the benefits of a company that has worked out the kinks and is fulfilling its purpose. We are always evolving and see that as a good thing. From owning our work to seeing its impact in the real world, our team is relentless in finding new ways technology can help make experiences better and help people. We are problem solvers, we value diverse thinking, we support one another, and we challenge ourselves to think bigger in the journey to deliver customer-obsessed tech solutions. To read more about what our tech team does, be sure to visit our tech blog at ally.tech

Join Ally's Identity Shield and Consumer Fraud team to build authentication and identity infrastructure that protects our digital banking customers and enables intelligent fraud prevention. You'll develop systems that implement fine-grained access control, manage authentication and authorization flows across Ally's digital banking ecosystem, and generate the behavioral and contextual signals that power adaptive fraud detection.

At this time, Ally will not sponsor a new applicant for employment authorization for this position.

As a backend engineer on this team, you'll tackle fascinating challenges implementing identity protocols at scale—building OAuth 2.0 and OpenID Connect flows, developing authorization engines that evaluate complex policies with millisecond latency, and serving authentication decisions that directly impact our ability to keep customers safe and prevent fraud. You'll work with modern cloud technologies to build resilient, scalable platforms where performance and reliability are non-negotiable. This is your opportunity to shape Ally's next-generation identity and authentication infrastructure, mastering security-first design principles, distributed systems, serverless architectures, and AI-assisted development workflows.

This role offers the rare combination of high-impact work, cutting-edge technology, and meaningful outcomes. You'll collaborate across engineering, product, security, and data science teams to solve complex problems that matter. Whether you're developing authentication services that adapt to risk signals, implementing passwordless flows using passkeys and biometrics, building integrations with enterprise identity providers, or designing event streams that carry authentication signals to fraud detection systems, your work will be visible and valued.

On this team, we believe in relentless progress balanced with sustainable pace. We support each other, celebrate wins, learn from setbacks, and foster an environment where everyone can do their best work. Our #1 goal is team success, and our people are above all else.

Key Responsibilities:

• Design and develop authentication and authorization services implementing modern identity protocols (OAuth 2.0, OpenID Connect, SAML, JWT)
• Build scalable APIs for identity management, user registration, verification, and account recovery
• Implement session management and token lifecycle systems across web and mobile platforms
• Develop fine-grained authorization engines and policy evaluation services for access control
• Build integrations with distributed identity providers, enterprise SSO platforms, and social login services
• Implement passwordless authentication flows using passkeys, biometrics, and device attestation
• Develop adaptive authentication logic that adjusts requirements based on risk signals and context
• Instrument authentication events with rich contextual metadata that power fraud detection and analytics
• Implement comprehensive observability using OpenTelemetry across identity services
• Write clean, tested code in Node.js, TypeScript, and Python following engineering best practices and team standards
• Collaborate with frontend engineers, security teams, and data scientists to deliver solutions that drive real outcomes
• Participate in architectural decisions, technical design reviews, and code reviews
• Build and maintain infrastructure-as-code for identity platform components using Terraform
• Monitor, troubleshoot, and optimize platform performance, reliability, and security posture
• Contribute to documentation, runbooks, and knowledge sharing across the team
• Experiment with emerging technologies and propose innovations that enhance platform capabilities
• Mentor team members and contribute to a culture of continuous learning and improvement
• Work in an agile environment with sprint planning, story elaboration, and iterative delivery

Minimum Qualifications:

• 7+ years of relevant experience or equivalent combination of education and experience
• High School Diploma or GED equivalent

Preferred Qualifications:

• 7+ years of professional software development experience with strong fundamentals in data structures and algorithms
• Strong experience with RESTful API design, GraphQL, and microservices architectures
• Hands-on experience with AWS serverless technologies (Lambda, API Gateway, AppSync, ECS/Fargate)
• Solid understanding of authentication and authorization concepts, patterns, and best practices
• Experience working with both relational databases (PostgreSQL) and NoSQL databases (DynamoDB) in production environments 
• Strong grasp of security principles including encryption, token management, secret handling, and threat modeling
• Passion for writing maintainable code, automated tests, and clear documentation
• Collaborative mindset with excellent communication skills across technical and non-technical audiences
• Self-motivated learner who stays curious about new technologies and approaches
• BSc/BA in Computer Science, Engineering or a related field, or equivalent practical experience
• Deep knowledge of identity protocols and standards (OAuth 2.0, OpenID Connect, SAML, JWT, PKCE, WebAuthn)
• Experience building authentication or authorization systems from scratch or at scale
• Familiarity with identity providers and platforms (Auth0, Okta, Cognito etc.)
• Understanding of passwordless authentication patterns (passkeys, FIDO2, WebAuthn)
• Experience with mobile authentication patterns (biometric authentication, device binding, push notifications)
• Knowledge of zero-trust architecture principles and continuous verification patterns
• Experience designing adaptive or risk-based authentication systems
• Familiarity with session management patterns and token rotation strategies
• Understanding of cryptographic concepts (signing, encryption, key management, certificate handling)
• Experience with Infrastructure as Code tools like Terraform
• Knowledge of observability tools and distributed tracing (Dynatrace, OpenTelemetry, CloudWatch, X-Ray)
• Experience designing and deploying systems across multi-region architectures
• Familiarity with caching strategies for authentication state (ElastiCache, Redis)
• Understanding of compliance requirements (SOC2, PCI-DSS, GDPR, CCPA)
• Experience with CI/CD pipelines and automated security testing (SAST, DAST, dependency scanning)
• Background or interest in cybersecurity, fraud detection, or identity and access management domains
• Knowledge of event-driven architectures and how authentication signals power fraud detection systems
• Exposure to AI-assisted development tools and workflows