Sr Identity Architect

Overview:At Discount Tire, we celebrate the spirit of our people with extraordinary pride and enthusiasm. Our business has been growing for 63 years and now is the best time in our history to join. We are opening more locations every year and always looking for the most qualified individuals to join us in our growth. We are a Company that promotes from within, both in our retail and corporate operations. Under minimal supervision, the Identity Architect is responsible for defining the overall architecture of the enterprise identity portfolio. With a focus on developing and delivering architectural patterns and practices that build strategic features across the entire enterprise. This person will have a deep knowledge of multiple technology areas, processes, methodologies, standards, products, and frameworks. Advises on high-level, complex solution development, architecture, and management processes from concept ideation through development, launch, and maintenance. Provides technical leadership and support to ensure timely delivery of reliable, flexible, secure, scalable, and cost-efficient architectures. Liaises with the Enterprise Architecture team to ensure consistency with agreed upon process and application taxonomies.Essential Duties and Responsibilities:Deliver Okta Identity Management (or experience with similar identity cloud solution) and designing solution patterns for typical and custom identity frameworks across both infrastructure and development life cyclesLead engineering and solution design with Identity Provider, including base SSO setup via SAML/OpenID Connect, B2B Federation Connection setup, and with standard expression logic and PowerShell scripts used in analytical reporting and custom attribute patternsServe as the department expert for architectural solution design and documentation (Product Roadmaps) including PowerShell scripting to maintain and design analytics reports in Okta; as well as design and implement custom application-level expression language regarding attribute manipulationDesign and deliver appropriate architecture that support identity & access needs in meeting business goals of secure design, lifecycle, and stable operationsServe as the resident expert for IAM disciplines (such as but not limited to - Identity, Sign-On, Federation, Multifactor Authentication, Privileged Access Management, Directory Services, Role-based Governance & Administration, API Security, Key and token Lifecycle, Identity Risk, Identity threat modeling)Establish, document, and publish reference architecture models and promote use and adoption. Apply cross-domain experience and hands-on implementation of architecture across broad scale and multiple platforms. Build threat models for defined design to identify weaknesses in design, with appropriate mitigationsDevelop standards and reference architecture for repeatable use cases. Document new and existing solution designs within standardized SDLC and niche use casesProduce and implement enterprise-level designs for Azure authentication and on prem AD, as wells as Azure B2B/C authentication for global initiativesDrive enforcement of policies, procedures, and associated plans for system security administration, highly privileged and high-risk users, and general user system access based on industry-standard best practicesDefine standards and reference architecture for Identity and access protection within secure hybrid multi-cloud environmentsDesign solutions to on-board third party and cloud applications using various federation protocols. Architect lifecycle controls and processes in design for Identity and access of customers, partners, and B2B/C entitiesDesign full user provisioning and de-provisioning process, in line with regulatory and industry needs for terminationAbility to enable application movement to modern authentication in the hybrid multi-cloud environment through use of SSO and FederationDesign, develop, deploy, integrate, and support Single Sign On (SSO) using DevOps model for all types of devices.Plan and develop security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosureCollaborate with management to identify security best practices; applies a risk-based approach to information security covering the security aspects of Cloud & On-premises IAM services with a focus on Authentication services (SSO and MFA)Provide engineering support for the Identity and Authentication team. Mentor and develop all on the Identity Team when requestedSupport the enterprise SSO platform to enable a secure and enhanced authentication experience for enterprise usersWork on a daily basis with Agile engineering scrum teams and participate in daily standups, grooming and planning to deliver product featuresPartnering with cross-functional teams to build Identity products and constantly innovate on APIs, platform, web (desktop/mobile) and native apps (iOS and Android)Facilitate cost effective solutions for integration of target applications to IAM platforms and servicesRemain informed on trends and issues in the security industry, including current and emerging technologies and policiesProvide effective communications to senior management, peers, team, stakeholders, external parties as requiredQualifications:7+ years of experience in Information Security with 7+ year in Identity Federation spacePassionate about Identity and Access Management with background in OAuth 2.0, OpenID connect, SAML, WS-Fed, SCIM (System for Cross domain Identity Management) and API authorization/access managementPrior experience in areas like password management, encryption, two factor authentication, Biometrics, WebAuthn and FIDO standards, risk-based authentication, and strong customer authenticationKnowledge in areas like REST APIs, GraphQL and React JS/NativeKnowledge and experience with information security, authorization and authentication systems, infrastructure, and implementation techniquesUnderstand the complexities of a large-scale platform with a focus on scalability, reliability and resiliency while maintaining exceptional quality of software and steady state and continuous improvement efforts for authentication technologies for globally diverse solutionsStrong hands-on experience with SSO & MFA leveraging AD ConnectStrong hands-on experience with industry standard SSO technologies and protocols (OAuth, OpenID Connect, SAML)Expertise in Identity and Authentication solutions such as Active Directory, Azure AD, Azure B2B, Azure B2C and OktaKnowledge of LDAP and Active Directory services, MFA, Risk based authentication and privileged access managementHolistic view of IAM (Authentication and Authorization Data, Endpoint Security, Network Security, Policy Engine)Ability to utilize various programming or scripting languages such as PowerShellUnderstanding of API design concepts, RESTful Services, and modern application interaction patternsFamiliarity with deployments and integration of IAM solutions within the cloud (Azure, AWS, GCP)Experience in deploying large-scale, global projects and programsFamiliarity with IT security and risk management practicesHigh sense of ownership, urgency, and drive. Proven track record of getting things done, managing multiple tasks including communication with internal and external teams while consistently delivering on scheduleExcellent oral and written communication skills with the ability to adapt your message to the technical level of the audience (developers, product managers, and senior business leaders)Demonstrated excellent technical writing skills and project/program management experienceUnderstanding of Agile Life Cycle and project planning/execution skills including estimating and scheduling. Knowledge of scrum planning tools (Jira is a plus)IT Certifications including Okta, AD and Azure.Educational Requirements:Bachelor's Degree in Computer Science, Engineering, Network Security, or related fieldMBA preferenceOkta Certifications highly preferred

Work Days:Normal work days are Monday through Friday. Occasional Saturdays and Sundays may be necessary.Work Hours:Normal work hours are 8:00 a.m. to 5:00 p.m. Additional hours may be necessary.Discount Tire provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local law.

#LI-Hybrid#LI-GW1