Senior IAM Engineer

Express•Columbus, OH

About The Position

P HOENIX Retail, LLC is a retail platform operating the Express and Bonobos brands worldwide. Express is a multichannel apparel brand dedicated to a design philosophy rooted in modern, confident and effortless style whether dressing for work, everyday or special occasions. Bonobos is a menswear brand known for being pioneers of exceptional fit and a personalized, innovative retail model. Customers can experience our brands in over 400 Express retail and Express Factory Outlet stores, 50 Bonobos Guideshops, and online at www.express.com and www.bonobos.com . About Express Express is a multichannel apparel brand dedicated to creating confidence and inspiring self-expression. Since its launch in 1980, the brand has embraced a design philosophy rooted in modern, confident and effortless style. Whether dressing for work, everyday or special occasions, Express ensures you look and feel your best, wherever life takes you. The Company operates over 400 retail and outlet stores in the United States and Puerto Rico, the express.com online store and the Express mobile app. The Senior Identity & Access Management Engineer will architect, implement, and optimize enterprise-wide identity governance solutions with primary focus on Okta platform across corporate, multi-tenant, and disaster recovery environments. This role serves as a strategic technical leader working cross-functionally with security, compliance, and application teams to design and execute the IAM roadmap. The position requires deep expertise in identity lifecycle management, access governance, authentication protocols, and enterprise SSO/MFA implementations supporting complex, large-scale production environments.

Requirements

Bachelor's Degree in Computer Science, Information Security, or equivalent professional experience
7-10+ years in identity and access management with enterprise-scale implementations
Minimum 3-5 years hands-on experience administering Okta platform including Universal Directory, SSO, MFA, Lifecycle Management, and API Gateway
Strong expertise in SAML, OAuth 2.0, OIDC, LDAP, SCIM, and Kerberos authentication protocols
5+ years enterprise AD administration including forest design, group policy, domain trust relationships, and certificate services
Advanced PowerShell scripting for identity automation; experience with Python, REST APIs, and CI/CD pipelines preferred
Experience with Azure AD/Entra ID, Microsoft 365 identity management, and hybrid identity architectures
Okta Certified Professional or Okta Certified Administrator strongly preferred; additional certifications (CISSP, CISM, Azure certifications) a plus
Strategic thinking with ability to translate business requirements into scalable IAM architecture solutions
Proven track record leading complex identity integration projects from conception through production deployment
Strong understanding of zero-trust security principles and identity-centric security frameworks
Exceptional problem-solving skills for complex authentication and authorization scenarios
Experience with ITIL/ITSM frameworks and incident/change management processes
Excellent documentation skills with ability to create technical architecture diagrams and process workflows
Strong communication skills to collaborate with diverse technical and non-technical stakeholders
Ability to mentor junior team members and provide technical leadership
Flexibility to support off-hours implementations and participate in on-call rotation for critical IAM services

Nice To Haves

Experience with identity governance and administration (IGA) platforms a plus

Responsibilities

Lead enterprise Okta administration and governance across several integrated applications and services, including Universal Directory, lifecycle management, and advanced authentication policies
Architect and implement identity federation solutions using SAML 2.0, OAuth 2.0, OIDC, and WS-Federation protocols for SaaS, PaaS, and on-premises applications
Lead enterprise Okta administration and governance across several integrated applications and services, including Universal Directory, lifecycle management, and advanced authentication policies
Architect and implement identity federation solutions using SAML 2.0, OAuth 2.0, OIDC, and WS-Federation protocols for SaaS, PaaS, and on-premises applications
Design and manage Active Directory integration strategies, including Okta AD Agent deployment, directory synchronization, and delegated authentication architectures
Oversee identity provisioning and deprovisioning workflows using Okta Lifecycle Management, SCIM protocols, and API-driven automation for seamless user lifecycle governance
Lead SSO implementation projects for new application onboarding, including technical discovery, integration design, testing, and production deployment
Develop and enforce adaptive MFA policies using Okta Verify, contextual access controls, and risk-based authentication frameworks
Manage Okta tenant architecture across multiple environments (production, DR, development) ensuring high availability and disaster recovery capabilities
Collaborate with Security and Compliance teams on identity governance initiatives including access reviews, separation of duties, and privileged access management
Design and implement API-driven automation using PowerShell, Python, and Okta APIs for identity operations, reporting, and integration workflows
Lead technical troubleshooting of complex SSO, authentication, and authorization issues across heterogeneous enterprise environments
Partner with application development teams to integrate modern authentication patterns and zero-trust architecture principles
Maintain and optimize Azure AD/Entra ID integration with Okta for hybrid identity scenarios
Develop comprehensive IAM documentation including architecture diagrams, integration guides, runbooks, and knowledge transfer materials
Provide strategic guidance on identity security best practices, threat mitigation, and compliance requirements (SOX, GDPR, SOC2)