Senior Software Engineer

Canada based Salary: $100,000 - $125,000 DOE

Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com.

Job Summary

The Senior Software Engineer (Auth0) designs, implements, and maintains secure, scalable identity and access management (IAM) solutions across Bonterra's product portfolio. This role applies deep expertise in Auth0, OAuth 2.0/OpenID Connect, SAML, and modern web application security to deliver compliant, resilient authentication and authorization services. Working in an AI-first engineering environment, the Senior Software Engineer leverages AI-assisted development tools and AI-driven security capabilities to accelerate secure coding practices, automate threat detection, and improve system reliability and performance.

The role collaborates with engineering leadership, architects, security, DevOps, and product teams to integrate enterprise identity providers, modernize legacy authentication systems, and ensure secure user experiences across web, API, and microservices architectures. This position provides technical guidance and informal leadership to peers through code reviews, design feedback, and knowledge sharing but does not have formal people management responsibilities.

Essential Functions

• Design and implement secure authentication and authorization services, spending approximately 60-70% of time coding and reviewing production-quality code to support scalable IAM capabilities across multiple applications.
• Develop and maintain Auth0 integrations, including custom actions, rules, hooks, and tenant configurations, to enable secure SSO, MFA, adaptive authentication, passwordless login, and session management.
• Implement OAuth 2.0 and OpenID Connect flows (authorization code with PKCE, client credentials, device flow, refresh token rotation) and SAML 2.0 integrations to support enterprise and third-party federation requirements.
• Build and secure Next.js authentication patterns, including API route protection, middleware authentication, server components, server actions, and session management for App Router and Pages Router implementations.
• Integrate enterprise identity providers (e.g., Active Directory, Azure AD, AWS Cognito, LDAP) and develop adapters for legacy or third-party systems to ensure seamless federation and user lifecycle management.
• Leverage AI coding assistants and AI-powered security tools in daily development workflows to automate code reviews, improve test coverage, detect vulnerabilities, and enhance adaptive authentication mechanisms.
• Collaborate with engineering managers and architects to design large-scale identity solutions, document architecture decisions, and ensure alignment with zero-trust and compliance requirements.
• Partner with QA engineers to define, automate, and maintain unit, integration, penetration, and authentication flow tests within CI/CD pipelines to enforce secure deployment standards.
• Work with DevOps and SaaS teams to implement secure CI/CD pipelines, infrastructure as code, automated security scanning, and secrets management practices across cloud environments.
• Troubleshoot complex production authentication and authorization issues, conduct root cause analyses, and implement performance optimizations for high-volume systems.
• Contribute to security and compliance initiatives by supporting audits, documenting controls, and implementing safeguards aligned with frameworks such as SOC 2, GDPR, and CCPA.
• Provide technical guidance to peers through design reviews, pair programming, and documentation to promote secure development standards and consistent implementation practices.

Knowledge, Skills & Abilities

LEADERSHIP & NAVIGATION EXPECTATIONS

• This position does not have people management responsibilities. Provides technical guidance, reviews peer work, and supports decision-making within the identity domain.
• KEY BEHAVIORS - THE "HOW"
• Applies structured problem-solving, documents architectural decisions, and uses AI-enhanced workflows to improve productivity, code quality, and security posture.
• OUTCOME EXPECTATIONS - THE "IMPACT"
• Delivers secure, compliant, and scalable authentication solutions that reduce risk, improve user experience, and enable reliable product access across Bonterra's platforms.

Required Minimum Qualifications

• Demonstrated experience designing and implementing authentication and authorization systems in production environments.
• Strong hands-on expertise with Auth0 or comparable IDaaS platforms, including configuration, customization, and enterprise integrations.
• Proficiency in secure software development using Node.js, TypeScript, and modern web frameworks.
• Practical experience implementing OAuth 2.0, OpenID Connect, SAML 2.0, JWT validation, RBAC/ABAC models, and zero-trust principles.
• Experience securing RESTful APIs and web applications against common vulnerabilities, including OWASP Top 10 risks.
• Experience implementing and managing multi-factor authentication solutions and distributed session management.
• Familiarity with AWS cloud services, infrastructure as code, CI/CD pipelines, and DevOps practices.
• Experience using AI coding assistants and automated security scanning tools to enhance development efficiency and code quality.
• Ability to document technical designs, support audits, and align implementations with security and compliance requirements.
• Bachelor's degree in Computer Science, Cybersecurity, or related field, or equivalent practical experience.

Preferred Qualifications

• 5-8 years of progressive software development experience, including at least 3-4 years focused on identity and access management.
• Experience deploying and securing Next.js applications in cloud or edge environments.
• Experience migrating legacy authentication systems to modern IDaaS platforms.
• Familiarity with Terraform, CloudFormation, containerization (Docker, Kubernetes, ECS), and secrets management tools.
• Exposure to advanced identity protocols, passwordless authentication, WebAuthn, and OAuth extensions.
• Experience integrating AI-driven threat detection, anomaly detection, or behavioral analysis into authentication systems.
• Experience supporting security incident response, logging, monitoring, and SIEM integrations.
• Auth0 certifications or equivalent advanced tenant administration experience.

Physical Requirements & Work Environment

Office Environment - There are no specific or unusual physical or environmental demands.

This job description is intended to convey information essential to understanding the scope of the position and is not intended to be an exhaustive list of skills, efforts, duties, responsibilities, or working conditions associated with the position. This job description does not constitute an employment agreement between Bonterra and employees and is subject to change as the company needs and/or the requirements of the job change.

Bonterra celebrates our differences in an inclusive workplace designed to support the things that make us individuals. We are an Equal Opportunity Employer and evaluate qualified applicants without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, marital or parental status, veteran status, and other legally protected characteristics. We are committed to providing reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law. Employment with Bonterra is at-will, which means either the employee, or the company may terminate the employment relationship at any time, for any reason not prohibited by law.

At Bonterra, we're building AI-powered tools to solve real human challenges-and we want teammates who share that enthusiasm.We value people who will champion AI and bring diverse perspectives from different industries, backgrounds, and cultures. Together, we create AI that breaks down barriers, empowers communities, and delivers better outcomes

At this time, we are unable to consider candidates who require current or future sponsorship for employment authorization.

____________________________________________________________________________________

At Bonterra, we're innovating with a higher purpose: to increase giving to 3% of US GDP by 2033, creating $573 billion more in global impact every year. At Bonterra, we foster an inclusive, equitable culture where every team member belongs and contributes to meaningful impact. Read more about our values and culture here.

We offer a comprehensive benefits package that supports your health, well-being and growth - explore full details here.

Compensation and benefits for this role apply to full-time employees in the United States and may vary based on local standards, laws and norms. Pay is determined by location, skills, experience, and education, and is one part of Bonterra's total rewards package, which may also include bonuses, incentives, equity, and a comprehensive benefits program.

____________________________________________________________________________________

At Bonterra, we are proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We provide equal employment opportunities without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, veteran status, or any other characteristic protected by law.

If you require a reasonable accommodation during the application process, please submit a request.