Full Stack Engineer, Consultant

Job Description

Your Role

The Digital Platform team creates and maintains the foundation and features upon which Stellarus technical products are built. The Full Stack Engineer will report to the Senior Manager, Digital Applications. You will be deeply involved in the design, development, and deployment of secure, high-quality software solutions, with a focus on end-to-end ownership of identity flows (registration, authentication, authorization, account recovery, and lifecycle management), integration with our Identity and Access Management (IAM) System and related IAM services to implement modern standards (OAuth 2.0, OIDC, SAML, SCIM), enforce least privilege, and deliver robust, scalable, auditable solutions. Your role will focus on integrating security and automation throughout the software development lifecycle (SDLC), with an emphasis on writing clean, maintainable code and building infrastructure that supports CI/CD pipelines, automated testing, and cloud-native delivery. You'll implement and enforce DevSecOps best practices tailored for Azure, contribute to infrastructure as code, and work closely with developers, testers, and cloud engineers to ensure code is secure, scalable, and production-ready from day one. This role requires a hands-on engineer who thrives in a collaborative environment and is passionate about Security by design, IAM integrations, code quality, automation, and secure cloud development. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Responsibilities

Your Work

In this role, you will:

• Build full stack features for web and mobile (frontend + backend) with production-grade quality.
• Own IAM integrations: implement and maintain OAuth2/OIDC flows (Auth Code + PKCE, Client Credentials), MFA, adaptive policies, session management, and SSO across apps.
• Provisioning & lifecycle: implement SCIM/Just-in-Time (JIT) user provisioning, automated deprovisioning, and role management.
• Authorization: design and enforce RBAC/ABAC; implement fine-grained policy checks in APIs and UIs.
• Security by design: follow OWASP ASVS/Top 10; threat model identity flows; secure tokens, secrets, and cookies.
• Observability & auditability: structured logging for auth events, SIEM integration, audit trails, and anomaly detection hooks.
• DevOps & IaC: CI/CD pipelines, automated tests (unit/integration/e2e), IaC for IAM system and cloud resources.
• Performance & reliability: caching strategies for JWKS/metadata, rate limiting, graceful degradation when IdP is degraded.
• Compliance-aware development: align with SOC 2, HIPAA/HITRUST (if applicable), GDPR/CCPA for identity data.
• Cross-functional collaboration: partner with Security, Infrastructure, and Product to evolve IAM standards and developer experience.
• Design and develop user interfaces and application programs using technical specifications and design documents, with a focus on cloud-native solutions and modern frameworks
• Develop the most efficient and cost-effective implementation, leveraging reusable features where possible
• Drive operational excellence, including but not limited to Incident Management, process automation leveraging AI, and ensuring smooth deployments for your technology products/platform features
• Recommend and implement improvements to departmental processes to enhance agility and efficiency
• Enhance the reliability, scalability, and utilization of systems and applications through continuous integration and continuous deployment (CI/CD) practices
• Monitor and manage software configuration changes to anticipate and address data reliability and customer satisfaction issues, leveraging cloud monitoring tools and practices
• Coordinate sustaining support for multiple application platforms or business processes, ensuring seamless integration and operation in a cloud environment
• Be self-directed, work with limited management direction and exercise considerable latitude in determining the technical objectives of the assignment
• Apply significant knowledge of IT and healthcare industry trends

Qualifications

Your Knowledge and Experience

• Bachelor's degree in computer science, Information Technology, Management Information Systems, or a related field (or equivalent experience), with a minimum of 7 years of relevant experience in enterprise application support and cloud-based solution delivery.
• Identity & Access Management
  • Core:
    • OIDC apps, authorization servers, claims & scopes, custom authorization policies.
    • MFA (TOTP, push, WebAuthn/FIDO2), adaptive policies, device assurance.
    • SCIM connectors, group rules, inline hooks/event hooks, Okta Workflows for low-code automations.
    • User schema extensions, profile mastering, group-based access control, API tokens/service accounts.
  • Standards & Protocols: OAuth2, OIDC, SAML 2.0, SCIM 2.0, JWK/JWKS, JWT/JWE, WebAuthn/FIDO2, PKCE.
  • Federation & SSO: enterprise federation, IdP-initiated vs SP-initiated flows, inbound/outbound SAML, B2B org-to-org.
  • Skilled in modern front-end frameworks such as React and/or Vue, with proven experience in component-based architecture and state management.
  • Auth UX: best practices for sign-up/sign-in, MFA enrollment, passwordless, account recovery, device remembrance, and session timeout UX.
  • SDKs: Okta Auth JS, OIDC client libs, integrating with redirect flows and token storage (memory vs. httpOnly cookies).
  • Backend / API Languages: Angular Javascript, Java/Kotlin, Python
  • API security: OAuth2 scopes, resource servers, token introspection, JWKS validation, rotating signing keys.
  • Session & token management: access vs. ID vs. refresh tokens, TTLs, revocation, replay protections.
  • Policy enforcement: middleware for authorization, feature flags, contextual access (device, IP, risk signals).
• Cloud & Platform
  • Cloud: Azure: API Gateway, App Services, Functions, Secrets Manager/KMS/Key Vault.
  • Datastores: Postgres, Azure SQL, event streams (Kafka) for identity events.
  • CI/CD: Bitbucket or GitHub Actions/Jenkins; gated releases, secret scanning, SAST/DAST.
• Soft Skills
  • Product mindset; can balance frictionless UX with strong security.
  • Excellent system design communication with clear tradeoffs.
  • Empathy for developers and end users; strong documentation habits.
  • Excellent ability to influence and collaborate with stakeholders, vendors, and cross-functional teams, with excellent verbal and written communication skills to translate and execute technical deliverable
• Preferred experience in the healthcare industry and working knowledge of Facets software.

#LI-EB1

About the Team

About Stellarus and the Ascendiun Family of Companies

Stellarus, launched in January 2025, is designed to scale innovative healthcare solutions that support customers in creating a health care experience deserving of their family, friends, and neighbors.

Stellarus is part of a family of organizations that is overseen by a nonprofit corporate entity named Ascendiun. The Ascendiun Family of Companies also includes Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan and Altais, a clinical services company.

Stellarus' vision is to empower its customers to create a healthcare experience that is worthy of their family, friends, and neighbors. Stellarus' objective is to offer innovative, modern, scalable solutions that challenge the health care status quo. This very closely aligns with Blue Shield of California's vision by using innovation to improve quality, affordability, and experience for members.

To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals.

Our Values:

At Stellarus, our core values of agility, trust, drive, courage and service shape our approach to developing innovative product offerings.

Our Workplace Model:

At Stellarus and the Ascendiun Family of Companies, we believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility. As we continue to evolve our workplace model, our focus remains on creating spaces where our people can connect with purpose - whether working in the office or through a hybrid approach - by providing clear expectations while respecting the diverse needs of our workforce.

Two Ways of Working:

• Hybrid (Default): Work from a business unit-approved office at least two (2) times per month (for roles below Director-level) or once per week (for Director-level roles and above).Exceptions:

o Member-facing and approved out-of-state roles remain remote.

o Employees living more than 50 miles from their assigned offices are expected to work with their managers on a plan for periodic office visits.

o For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being.

• On-Site: Work from a business unit-approved office an average of four (4) or more days a week.

Physical Requirements:

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.

Please click here for further physical requirement detail.

Equal Employment Opportunity:

External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.