Domain Architect- IAM/M365

About The Position

Requirements

• Experience with enterprise scale identity migrations
• Familiarity with Okta, Active Directory, and open LDAP
• Deep knowledge of modern authentication protocols including but not limited to OIDC/OAuth2, SAML, WSFED, etc.
• Familiarity with modern authorization, session, and token handling patterns including but not limited to claims-based authorization, back-channel logout, token introspection, token refinement, etc.
• Expert-level knowledge of Entra ID specifically including but not limited to the features listed below:
• Core Identity and Directory Services
• Core Services (user/group/device)
• Federated Identities
• Custom attributes and schema extensions
• Dynamic Groups
• Directory role strategies for enterprise delegation
• Authentication and Access Control
• SSO
• Conditional Access
• Passwordless Authentication
• B2B
• Identity Protection and Risk
• User Risk Detection
• Sign-in Risk Detection
• Using Risk with Conditional Access
• Risk Remediation Policies
• Supporting SIEM/SOAR integration
• Logs and Forensics
• Identity Governance and Administration
• Access Reviews
• Access Request Workflows
• Time-Bound Access
• Identity and Access Lifecycle (Mover/Joiner/Leaver)
• Augmentation with Logic Apps and other automation technologies.
• Application Access and SSO
• OIDC, OAuth2, SAML
• Enterprise Applications
• Application Registrations
• API permissions and consent
• Application Proxy
• Token Configuration and Claims Refinement
• Provisioning and Lifecycle
• Guest Users
• Cross Tenant access
• External IDs
• Substantial work experience with comprehensive job-related experience to a fully competent level in applicable area of expertise. (6 to 10 years)
• Experience supervising and directing team members and utilizing resources to achieve specific end results within limited timeframes (1 to 3 years)

Nice To Haves

• Retail Industry Experience with a strong understanding of store operations, merchandising, and omnichannel commerce.
• Auto Parts Industry Knowledge, including familiarity with aftermarket supply chains, inventory management, and distribution networks.
• Familiarity with Master Data Management (MDM) principles, architectures, and implementations.
• Experience with international, multi-lingual product catalog solutions and localization strategies.
• Experience with retail POS solutions and Commerce CMS platforms.
• Experience with Warehouse Automation & Material Handling Solutions

Responsibilities

• Define and own IAM architecture for the enterprise ecosystem, emphasizing Microsoft identity solutions and vendor-neutral standards-based approaches.
• Design, guide, and assist implementation of Microsoft cloud services emphasizing M365 and Entra ID features.
• Partner with consultants and internal teams as the technical leader on the migration of identities, authorization data, and authentication mechanisms from various legacy and cloud solutions to Entra ID.
• Design and implement hybrid and multi-cloud identity solutions specifically Entra Mutli-tenant Organization and other B2B solutions ensuring compatibility and integration across regionally specific Entra tenants.
• Define and map data integration strategies for employee and authorization data.
• Integrate regulatory controls into enterprise identity and access solutions and processes.
• Define overall enterprise identity protection strategies.
• Map identity protection strategies into effective plans and technical implementations using both Microsoft and vendor-neutral approaches.
• Design and enable identity-driven provisioning and deprovisioning across downstream systems using SCIM, JIT, event-based triggers, etc.
• Define and design customized identity workflows like mover/joiner/leaver, access request, certifications, etc. primarily utilizing native Entra and Azure features.
• Design and support the adoption of service principal and managed identity use patterns for non-human workloads.
• Drive the standardization of OIDC, OAuth2 flows and the use of common shared authn and authz packages within the overall software product development practices within the organization.
• Create accessible detail-oriented architectural artifacts including but not limited to roadmaps, conceptual diagrams, sequence diagrams, requirement and decision logs, etc.
• Participate in the organization's larger architecture practice as a compatibility and integration point for identity, access, and authorization.
• Provide hands-on technical mentorship and implementation guidance for a team of identity engineers and developers.

Benefits

• Competitive Wages & Paid Time Off
• Stock Purchase Plan & 401k with Employer Contributions Starting Day One
• Medical, Dental, & Vision Insurance with Optional Flexible Spending Account (FSA)
• Team Member Health/Wellbeing Programs
• Tuition Educational Assistance Programs
• Opportunities for Career Growth