IAM Engineer

The Senior Identity & Access Management Engineer will architect, implement, and optimize enterprise-wide identity governance solutions with primary focus on Okta platform across corporate, multi-tenant, and disaster recovery environments. This role serves as a strategic technical leader working cross-functionally with security, compliance, and application teams to design and execute the IAM roadmap. The position requires deep expertise in identity lifecycle management, access governance, authentication protocols, and enterprise SSO/MFA implementations supporting complex, large-scale production environments., * Lead enterprise Okta administration and governance across several integrated applications and services, including Universal Directory, lifecycle management, and advanced authentication policies

• Architect and implement identity federation solutions using SAML 2.0, OAuth 2.0, OIDC, and WS-Federation protocols for SaaS, PaaS, and on-premises applications
• Lead enterprise Okta administration and governance across several integrated applications and services, including Universal Directory, lifecycle management, and advanced authentication policies
• Architect and implement identity federation solutions using SAML 2.0, OAuth 2.0, OIDC, and WS-Federation protocols for SaaS, PaaS, and on-premises applications
• Design and manage Active Directory integration strategies, including Okta AD Agent deployment, directory synchronization, and delegated authentication architectures
• Oversee identity provisioning and deprovisioning workflows using Okta Lifecycle Management, SCIM protocols, and API-driven automation for seamless user lifecycle governance
• Lead SSO implementation projects for new application onboarding, including technical discovery, integration design, testing, and production deployment
• Develop and enforce adaptive MFA policies using Okta Verify, contextual access controls, and risk-based authentication frameworks
• Manage Okta tenant architecture across multiple environments (production, DR, development) ensuring high availability and disaster recovery capabilities
• Collaborate with Security and Compliance teams on identity governance initiatives including access reviews, separation of duties, and privileged access management
• Design and implement API-driven automation using PowerShell, Python, and Okta APIs for identity operations, reporting, and integration workflows
• Lead technical troubleshooting of complex SSO, authentication, and authorization issues across heterogeneous enterprise environments
• Partner with application development teams to integrate modern authentication patterns and zero-trust architecture principles
• Maintain and optimize Azure AD/Entra ID integration with Okta for hybrid identity scenarios
• Develop comprehensive IAM documentation including architecture diagrams, integration guides, runbooks, and knowledge transfer materials
• Provide strategic guidance on identity security best practices, threat mitigation, and compliance requirements (SOX, GDPR, SOC2)

• Education: Bachelor's Degree in Computer Science, Information Security, or equivalent professional experience
• Years of Experience: 7-10+ years in identity and access management with enterprise-scale implementations
• Okta Expertise: Minimum 3-5 years hands-on experience administering Okta platform including Universal Directory, SSO, MFA, Lifecycle Management, and API Gateway
• Identity Protocols: Strong expertise in SAML, OAuth 2.0, OIDC, LDAP, SCIM, and Kerberos authentication protocols
• Active Directory: 5+ years enterprise AD administration including forest design, group policy, domain trust relationships, and certificate services
• Automation & Scripting: Advanced PowerShell scripting for identity automation; experience with Python, REST APIs, and CI/CD pipelines preferred
• Cloud Identity: Experience with Azure AD/Entra ID, Microsoft 365 identity management, and hybrid identity architectures
• Certifications: Okta Certified Professional or Okta Certified Administrator strongly preferred; additional certifications (CISSP, CISM, Azure certifications) a plus, * Strategic thinking with ability to translate business requirements into scalable IAM architecture solutions
• Proven track record leading complex identity integration projects from conception through production deployment
• Strong understanding of zero-trust security principles and identity-centric security frameworks
• Exceptional problem-solving skills for complex authentication and authorization scenarios
• Experience with ITIL/ITSM frameworks and incident/change management processes
• Excellent documentation skills with ability to create technical architecture diagrams and process workflows
• Strong communication skills to collaborate with diverse technical and non-technical stakeholders
• Ability to mentor junior team members and provide technical leadership
• Flexibility to support off-hours implementations and participate in on-call rotation for critical IAM services
• Experience with identity governance and administration (IGA) platforms a plus

PHOENIX Retail, LLC is a retail platform operating the Express and Bonobos brands worldwide. About Express Express is a multichannel apparel brand dedicated to a design philosophy rooted in modern, confident and effortless style whether dressing for work, everyday or special occasions. Since its launch in 1980, the brand has embraced a design philosophy rooted in modern, confident and effortless style. Express ensures you look and feel your best, wherever life takes you. The Company operates over 400 retail and outlet stores in the United States and Puerto Rico, the express.com online store and the Express mobile app. About Bonobos Our Bonobos menswear brand is known for being a style instigator and offering perfect-fit risks through our innovative retail model and personalized experience. Launched online in 2007 with its signature line of chinos, Bonobos now offers a variety of styles available to order online and to try on at any one of our 50 Guideshop locations and at www.bonobos.com. Our Guideshops are in-real-life stores that deliver one-on-one service and expert fit advice. Don't think traditional retail, Bonobos is something you haven't seen before.