About Our Company
Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 20 years. We are part of Ameriprise Financial Inc., a US financial planning company headquartered in Minneapolis with a global presence and diversified financial services leader with more than $1.5 trillion in assets under management, administration and advisement as of year-end 2024. The firm’s focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection.
Be part of an inclusive, collaborative culture that rewards you for your contributions, and work with other talented individuals who share your passion for doing great work. You’ll also have plenty of opportunities to make your mark at the office and a difference in your community. So, if you're talented, driven and want to work for a strong, ethical company that cares, take the next step and create a career at Ameriprise India LLP.
Job Description
The CIAM Developer will be responsible for developing, securing, and remediating vulnerabilities in custom-built applications across backend (Java/Spring) and frontend (React). The role focuses on strengthening application security posture, ensuring compliance with secure coding standards, and supporting Customer Identity and Access Management (CIAM) initiatives.
Key Accountabilities
1. Backend Security Remediation (Java / Spring)
-
Perform remediation of security vulnerabilities identified through SAST/DAST tools
-
Fix OWASP Top 10 vulnerabilities such as injection flaws, XSS, CSRF, SSRF, etc.
-
Address third-party dependency vulnerabilities (CVE fixes) and upgrade libraries
-
Enhance application security using Spring Security best practices
-
Refactor legacy code to align with secure coding standards
2. Frontend Security (React)
-
Identify and fix UI-level vulnerabilities in React applications
-
Prevent and remediate:
-
Cross-Site Scripting (XSS)
-
Insecure token storage or exposure
-
Improper input handling and validation
-
Ensure secure integration with backend APIs (token-based authentication)
3. CIAM Integration & Development
-
Implement and maintain CIAM solutions using:
-
OAuth 2.0, OpenID Connect, SAML
-
Enable secure authentication flows:
-
SSO, MFA, federated identity
-
Integrate with enterprise identity platforms (e.g., Azure AD B2C, Okta, Ping Identity)
-
Implement RBAC / ABAC access control models
4. Secure Software Development
-
Develop scalable and maintainable applications using:
-
Java, Spring Boot, Microservices architecture
-
Follow:
-
SOLID principles
-
Secure coding standards (OWASP)
-
Conduct peer code reviews with a security-first mindset
-
Implement proper exception handling, logging, and monitoring
5. DevSecOps & Compliance
-
Integrate security checks into CI/CD pipelines
-
Support shift-left security practices
-
Collaborate in vulnerability management lifecycle (identify, triage, fix, verify)
-
Maintain documentation and support compliance (ISO, GDPR, internal audits)
6. Stakeholder Collaboration
-
Work closely with:
-
Security teams
-
CIAM architects
-
Frontend and backend development teams
-
Participate in design reviews, threat modeling sessions, and security assessments
Required Skills & Experience
Technical Skills
-
Strong hands-on experience in:
-
Java (8+) and Spring Boot / Spring Security
-
Proven experience in application vulnerability remediation
-
Experience with security tools:
-
Snyk, Checkmarx, Fortify, Veracode, SonarQube
-
Frontend expertise:
-
React.js with focus on secure coding practices
-
Good understanding of:
-
REST APIs, Microservices architecture
Security Knowledge
-
In-depth knowledge of:
-
OWASP Top 10 vulnerabilities
-
Secure coding and secure design principles
-
Experience managing CVE fixes and dependency upgrades
-
Strong understanding of:
-
Authentication & Authorization mechanisms
CIAM Expertise
-
Hands-on experience with:
-
OAuth 2.0, OpenID Connect, SAML
-
Familiarity with CIAM platforms is preferred:
-
Azure AD B2C / Okta / Ping Identity
Preferred Qualifications
-
Experience with containerization (Docker, Kubernetes)
-
Exposure to API security and API gateways
-
Knowledge of Zero Trust security principles
-
Certifications (Good to Have):
-
CEH / CSSLP / OAuth certifications / Cloud Security
Behavioral Competencies
-
Strong problem-solving and analytical skills
-
High attention to detail with a security-first mindset
-
Ability to work independently and collaboratively
-
Effective communication with cross-functional teams
Success Metrics
-
Timely remediation of vulnerabilities (as per SLA)
-
Reduction in security risk exposure
-
Code quality and adherence to secure coding standards
-
Successful CIAM integrations and secure deployments
Internal Tagging / Skills (for HR systems)
-
CIAM, Java, Spring Boot, Spring Security, React, OWASP, SAST, DAST, OAuth2, OpenID Connect, Vulnerability Remediation, Secure Coding
In-Office Collaboration
-
We are a client-centric, relationship-based business. Working together, in-person, is foundational to how we achieve results. By fostering a culture of face-to-face collaboration, idea sharing, productivity and personal connection, we deliver for our stakeholders — clients, advisors, employees and shareholders. Our employees work in the office at least three (3) days per week, with flexibility to work from home two (2) days per week. Some roles may require additional in-office time or different in-office expectations, and specific requirements will be discussed during the hiring process.
Full time
(4:45p-1:15a)
AWMPO AWMP&S President's Office
Technology
Ameriprise India LLP is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, genetic information, age, sexual orientation, gender identity, disability, military status, veteran status, marital status, pregnancy, family status or any other basis prohibited by law.
We are committed to fostering an inclusive and accessible recruitment process for individuals with disabilities. If you require a reasonable accommodation to participate in the application or interview process, speak to your recruiter to discuss how we can support you.