Senior Identity & Access Architect

OEC provides software solutions to those who work in the automotive parts and repair industry. Our solutions make it easier for automotive industry professionals to buy and sell parts, conduct repair research & planning, optimize estimates, improve the parts supply chain, and more. OEC partners with many of the world’s largest manufacturers, dealers and suppliers, shops and repairers, and service providers, giving our customers access to a comprehensive network and a streamlined workflow.What You’ll Do You’ll design, implement, and evolve enterprise-scale identity platforms that are secure, resilient, and intuitive to use. This role plays a critical part in enabling secure access across on-premises, hybrid, and cloud environments, ensuring the right identities have the right access to the right resources, at the right time.

You’ll collaborate closely with security engineering, infrastructure, cloud, application teams, HR, and compliance to deliver identity solutions that balance strong security controls with usability and operational efficiency.How You’ll Make an ImpactDesign, implement, and support hybrid identity architectures using Active Directory, Microsoft Entra ID, and Okta.Architect secure authentication, authorization, and federation patterns for workforce, partner, and service identities.Apply least-privilege access models using RBAC, ABAC, and role lifecycle management aligned to business functions.Design and implement MFA, passwordless authentication, conditional access, and adaptive authentication policies that balance security and usability.Enable and automate joiner/mover/leaver (JML) processes and identity lifecycle workflows.Integrate IAM platforms with HR systems, directories, and SaaS applications.Support identity-related incident response, including investigation and remediation of access misuse, authentication failures, and identity compromise.Monitor identity signals, logs, and alerts to strengthen detection and response capabilities.Create clear architecture diagrams, standards, runbooks, and implementation documentation.Provide architectural guidance, design reviews, and best-practice recommendations to application and infrastructure teams.What You Bring7+ years of experience in security or identity architecture with deep, hands-on expertise in enterprise IAM platforms.• Advanced experience with:◦ Active Directory (domains, forests, trusts, GPOs, authentication protocols) ◦ Microsoft Entra ID (Conditional Access, MFA, Identity Protection, PIM) ◦ Okta (Workforce Identity, SSO, MFA, Lifecycle Management, Workflows)Proven experience designing and operating hybrid AD / Entra ID architectures, including directory synchronization.• Strong background in:◦ Identity lifecycle automation and role modeling ◦ Okta application integrations, federation, and lifecycle rules ◦ Risk-based access design and Zero Trust identity strategies ◦ Privileged identity and access management (PIM, PAM, break-glass accounts) ◦ Identity governance, access reviews, and certification at enterprise scale ◦ Large-scale directory transformations and cloud migrations ◦ Cloud-first and hybrid identity architecture designSkills That Set You ApartDeep understanding of identity and access protocols, including Kerberos, LDAP, SAML, OAuth 2.0, and OpenID Connect.Strong knowledge of Zero Trust principles and identity-centric security models.Ability to communicate complex technical concepts clearly to both technical and non-technical stakeholders.Highly organized with strong prioritization and time-management skills.Flexible, adaptable, and comfortable navigating shifting priorities.Effective in a remote or hybrid environment with limited in-person interaction.Education & ExperienceBachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field required.Equivalent, directly relevant professional experience may be considered in lieu of a degree.What to ExpectParticipation in virtual meetings with camera enabled.Occasional travel to collaborate in person on key initiatives.What We Offer:Full benefits starting Day 1: Medical, Dental, and Vision401(k) with company matchUnlimited Flex Time Off plus 10 company-paid holidaysRemote-first role with monthly communication stipendProfessional development programs, tuition assistance, and quarterly book programFree wellness coaching and pet insuranceHome office equipment stipendEmployee resource groups and exclusive employee discountsWhat makes working at OEC awesome? It varies from employee to employee. For some, it's the flexibility - whether it's remote work or a hybrid or in-person role, OEC takes our teams across multiple time zones and international communities. For others, it's the strong sense of camaraderie and community that celebrates both individuals and team-driven contributions.

Or it could be the empowerment and how the team is encouraged to take risks, learn, and grow within a dynamic and supportive environment. But no matter what gets us out of bed in the morning, our whole global community is inspired to be forward thinking and drive innovative solutions for the automotive parts and repair industry.OEConnection is subject to certain governmental recordkeeping and reporting requirements for the administration of civil rights laws and regulations. In order to comply with these laws, we invite applicants and employees to voluntarily self-identify their gender, race and ethnicity. Submission of this information is strictly voluntary and refusal to provide it will not subject you to any adverse treatment.

The information obtained will be kept confidential and may only be used in accordance with the provision of applicable laws, executive orders, and regulations, including those that require the information to be summarized and reported to the federal government for civil rights enforcement. When reported, data will not identify any specific individual. This information will be maintained separately from your application for employment. If you do not wish to self-identify at this time, you may do so in the future by submitting this form.

Failure to provide the following information will not subject you to any adverse action or treatment. OEConnection is an Equal Opportunity/ Affirmative Action employer. We provide equal employment opportunities to all qualified employees and applicants for employment without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, veteran status, disability or any other legally protected status. We prohibit discrimination in decisions concerning recruitment, hiring, compensation, benefits, training, termination, promotions, or any other condition of employment or career development.Originally posted on Himalayas