Logo
Discount Tire

Sr Identity Architect

Discount Tire, Scottsdale, AZ


Overview

At Discount Tire, we celebrate the spirit of our people with extraordinary pride and enthusiasm. Our business has been growing for 63 years and now is the best time in our history to join. We are opening more locations every year and always looking for the most qualified individuals to join us in our growth. We are a Company that promotes from within, both in our retail and corporate operations. Under minimal supervision, the Identity Architect is responsible for defining the overall architecture of the enterprise identity portfolio. With a focus on developing and delivering architectural patterns and practices that build strategic features across the entire enterprise. This person will have a deep knowledge of multiple technology areas, processes, methodologies, standards, products, and frameworks. Advises on high-level, complex solution development, architecture, and management processes from concept ideation through development, launch, and maintenance. Provides technical leadership and support to ensure timely delivery of reliable, flexible, secure, scalable, and cost-efficient architectures. Liaises with the Enterprise Architecture team to ensure consistency with agreed upon process and application taxonomies.

Essential Duties and Responsibilities:
  • Deliver Okta Identity Management (or experience with similar identity cloud solution) and designing solution patterns for typical and custom identity frameworks across both infrastructure and development life cycles
  • Lead engineering and solution design with Identity Provider, including base SSO setup via SAML/OpenID Connect, B2B Federation Connection setup, and with standard expression logic and PowerShell scripts used in analytical reporting and custom attribute patterns
  • Serve as the department expert for architectural solution design and documentation (Product Roadmaps) including PowerShell scripting to maintain and design analytics reports in Okta; as well as design and implement custom application-level expression language regarding attribute manipulation
  • Design and deliver appropriate architecture that support identity & access needs in meeting business goals of secure design, lifecycle, and stable operations
  • Serve as the resident expert for IAM disciplines (such as but not limited to - Identity, Sign-On, Federation, Multifactor Authentication, Privileged Access Management, Directory Services, Role-based Governance & Administration, API Security, Key and token Lifecycle, Identity Risk, Identity threat modeling)
  • Establish, document, and publish reference architecture models and promote use and adoption. Apply cross-domain experience and hands-on implementation of architecture across broad scale and multiple platforms. Build threat models for defined design to identify weaknesses in design, with appropriate mitigations
  • Develop standards and reference architecture for repeatable use cases. Document new and existing solution designs within standardized SDLC and niche use cases
  • Produce and implement enterprise-level designs for Azure authentication and on prem AD, as wells as Azure B2B/C authentication for global initiatives
  • Drive enforcement of policies, procedures, and associated plans for system security administration, highly privileged and high-risk users, and general user system access based on industry-standard best practices
  • Define standards and reference architecture for Identity and access protection within secure hybrid multi-cloud environments
  • Design solutions to on-board third party and cloud applications using various federation protocols. Architect lifecycle controls and processes in design for Identity and access of customers, partners, and B2B/C entities
  • Design full user provisioning and de-provisioning process, in line with regulatory and industry needs for termination
  • Ability to enable application movement to modern authentication in the hybrid multi-cloud environment through use of SSO and Federation
  • Design, develop, deploy, integrate, and support Single Sign On (SSO) using DevOps model for all types of devices.
  • Plan and develop security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure
  • Collaborate with management to identify security best practices; applies a risk-based approach to information security covering the security aspects of Cloud & On-premises IAM services with a focus on Authentication services (SSO and MFA)
  • Provide engineering support for the Identity and Authentication team. Mentor and develop all on the Identity Team when requested
  • Support the enterprise SSO platform to enable a secure and enhanced authentication experience for enterprise users
  • Work on a daily basis with Agile engineering scrum teams and participate in daily standups, grooming and planning to deliver product features
  • Partnering with cross-functional teams to build Identity products and constantly innovate on APIs, platform, web (desktop/mobile) and native apps (iOS and Android)
  • Facilitate cost effective solutions for integration of target applications to IAM platforms and services
  • Remain informed on trends and issues in the security industry, including current and emerging technologies and policies
  • Provide effective communications to senior management, peers, team, stakeholders, external parties as required


Qualifications:
  • 7+ years of experience in Information Security with 7+ year in Identity Federation space
  • Passionate about Identity and Access Management with background in OAuth 2.0, OpenID connect, SAML, WS-Fed, SCIM (System for Cross domain Identity Management) and API authorization/access management
  • Prior experience in areas like password management, encryption, two factor authentication, Biometrics, WebAuthn and FIDO standards, risk-based authentication, and strong customer authentication
  • Knowledge in areas like REST APIs, GraphQL and React JS/Native
  • Knowledge and experience with information security, authorization and authentication systems, infrastructure, and implementation techniques
  • Understand the complexities of a large-scale platform with a focus on scalability, reliability and resiliency while maintaining exceptional quality of software and steady state and continuous improvement efforts for authentication technologies for globally diverse solutions
  • Strong hands-on experience with SSO & MFA leveraging AD Connect
  • Strong hands-on experience with industry standard SSO technologies and protocols (OAuth, OpenID Connect, SAML)
  • Expertise in Identity and Authentication solutions such as Active Directory, Azure AD, Azure B2B, Azure B2C and Okta
  • Knowledge of LDAP and Active Directory services, MFA, Risk based authentication and privileged access management
  • Holistic view of IAM (Authentication and Authorization Data, Endpoint Security, Network Security, Policy Engine)
  • Ability to utilize various programming or scripting languages such as PowerShell
  • Understanding of API design concepts, RESTful Services, and modern application interaction patterns
  • Familiarity with deployments and integration of IAM solutions within the cloud (Azure, AWS, GCP)
  • Experience in deploying large-scale, global projects and programs
  • Familiarity with IT security and risk management practices
  • High sense of ownership, urgency, and drive. Proven track record of getting things done, managing multiple tasks including communication with internal and external teams while consistently delivering on schedule
  • Excellent oral and written communication skills with the ability to adapt your message to the technical level of the audience (developers, product managers, and senior business leaders)
  • Demonstrated excellent technical writing skills and project/program management experience
  • Understanding of Agile Life Cycle and project planning/execution skills including estimating and scheduling. Knowledge of scrum planning tools (Jira is a plus)
  • IT Certifications including Okta, AD and Azure.


Educational Requirements:
  • Bachelor's Degree in Computer Science, Engineering, Network Security, or related field
  • MBA preference
  • Okta Certifications highly preferred


Work Days:

Normal work days are Monday through Friday. Occasional Saturdays and Sundays may be necessary.

Work Hours:

Normal work hours are 8:00 a.m. to 5:00 p.m. Additional hours may be necessary.

Discount Tire provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local law.

#LI-Hybrid

#LI-GW1