The IAM/M365 Domain Architect is a hands-on technical leadership role. The IAM architect will be focused on the implementation of Microsoft Entra and M365 services and the migration of existing solutions to the platform.  More broadly this role will involve defining enterprise-wide IAM strategies, guiding the organization's adoption of modern best practices across cloud and on-premises technologies, and driving innovation to support the business's strategic objectives.

This role is located in Springfield, MO and will require on-site work on a regular basis.

Responsibilities and Duties:

Define and own IAM architecture for the enterprise ecosystem, emphasizing Microsoft identity solutions and vendor-neutral standards-based approaches.Design, guide, and assist implementation of Microsoft cloud services emphasizing M365 and Entra ID features.Partner with consultants and internal teams as the technical leader on the migration of identities, authorization data, and authentication mechanisms from various legacy and cloud solutions to Entra ID.Design and implement hybrid and multi-cloud identity solutions specifically Entra Mutli-tenant Organization and other B2B solutions ensuring compatibility and integration across regionally specific Entra tenants.Define and map data integration strategies for employee and authorization data.Integrate regulatory controls into enterprise identity and access solutions and processes.Define overall enterprise identity protection strategies.Map identity protection strategies into effective plans and technical implementations using both Microsoft and vendor-neutral approaches.Design and enable identity-driven provisioning and deprovisioning across downstream systems using SCIM, JIT, event-based triggers, etc.Define and design customized identity workflows like mover/joiner/leaver, access request, certifications, etc. primarily utilizing native Entra and Azure features.Design and support the adoption of service principal and managed identity use patterns for non-human workloads.Drive the standardization of OIDC, OAuth2 flows and the use of common shared authn and authz packages within the overall software product development practices within the organization.Create accessible detail-oriented architectural artifacts including but not limited to roadmaps, conceptual diagrams, sequence diagrams, requirement and decision logs, etc.Participate in the organization's larger architecture practice as a compatibility and integration point for identity, access, and authorization.Provide hands-on technical mentorship and implementation guidance for a team of identity engineers and developers.

Skills:
Required:

Experience with enterprise scale identity migrationsFamiliarity with Okta, Active Directory, and open LDAPDeep knowledge of modern authentication protocols including but not limited to OIDC/OAuth2, SAML, WSFED, etc.Familiarity with modern authorization, session, and token handling patterns including but not limited to claims-based authorization, back-channel logout, token introspection, token refinement, etc.Expert-level knowledge of Entra ID specifically including but not limited to the features listed below:Core Identity and Directory ServicesCore Services (user/group/device)Federated IdentitiesCustom attributes and schema extensionsDynamic GroupsDirectory role strategies for enterprise delegationAuthentication and Access ControlSSOConditional AccessPasswordless AuthenticationB2BIdentity Protection and RiskUser Risk DetectionSign-in Risk DetectionUsing Risk with Conditional AccessRisk Remediation PoliciesSupporting SIEM/SOAR integrationLogs and ForensicsIdentity Governance and AdministrationAccess ReviewsAccess Request WorkflowsTime-Bound AccessIdentity and Access Lifecycle (Mover/Joiner/Leaver)Augmentation with Logic Apps and other automation technologies.Application Access and SSOOIDC, OAuth2, SAMLEnterprise ApplicationsApplication RegistrationsAPI permissions and consentApplication ProxyToken Configuration and Claims RefinementProvisioning and LifecycleGuest UsersCross Tenant accessExternal IDs

Preferred:

Retail Industry Experience with a strong understanding of store operations, merchandising, and omnichannel commerce.Auto Parts Industry Knowledge, including familiarity with aftermarket supply chains, inventory management, and distribution networks.Familiarity with Master Data Management (MDM) principles, architectures, and implementations.Experience with international, multi-lingual product catalog solutions and localization strategies.Experience with retail POS solutions and Commerce CMS platforms.Experience with Warehouse Automation & Material Handling Solutions

Education: Master's Degree or Equivalent Level
Experience: Substantial work experience with comprehensive job-related experience to a fully competent level in applicable area of expertise. (6 to 10 years)
Managerial Experience: Experience supervising and directing team members and utilizing resources to achieve specific end results within limited timeframes (1 to 3 years)

O’Reilly Auto Parts has a proven track record of growth and stability. O’Reilly is full of successful career stories and believes in a strong promote-from-within philosophy, encouraging you to grow your career along with the organization. 

Total Compensation Package:

Competitive Wages & Paid Time Off

Stock Purchase Plan & 401k with Employer Contributions Starting Day One

Medical, Dental, & Vision Insurance with Optional Flexible Spending Account (FSA)

Team Member Health/Wellbeing Programs

Tuition Educational Assistance Programs

Opportunities for Career Growth

O’Reilly Auto Parts is an equal opportunity employer. The Company does not discriminate on the basis of race, religion, color, national origin or ancestry (including immigration status or citizenship), sex, sexual orientation, gender identity, pregnancy (including childbirth, lactation, and related medical conditions,) age (40 and over), veteran status, uniformed service member status, physical or mental disability, genetic information (including testing or characteristics) or another protected status as defined by local, state, or federal law, as applicable.

Qualified individuals with a disability may be entitled to reasonable accommodation under the Americans with Disabilities Act. If you require a reasonable accommodation during the application or employment process, please send an email to: rar@oreillyauto.com or call (800) 471-7431 option , and provide your requested accommodation, and position details.