Bed Bath & Beyond is looking for an Identity Solutions Architect to play a vital role in administering, designing, and delivering solutions to make our associates more agile and productive. You will be responsible for driving enterprise identity and access management architecture, enabling automation and self-service capabilities that streamline the identity lifecycle.
- Architect, design, implement, integrate, and maintain services that enable robust Identity and Access Management capabilities across the enterprise while reducing user friction.
- Deploy and manage secret and privileged access management technologies to enable secure access, application of least privilege principle and accountability for change/configuration management.
- Partner with HR, IT, and Security to build a central identity repository with current and accurate entity attribute data throughout the user lifecycle process.
- Partner with Security and IT to ensure centralized visibility of all identity-based audit logs, and the development of reporting and metrics to enable operational and compliance-based objectives. Improve upon basic SSO integrations to enable broader role- or attribute-based access controls, self-service and JIT provisioning, and overall user lifecycle management.
- Plan and support all phases of moderately complex projects. Create a culture of transparency, information sharing, and collaboration through the development of excellent documentation.
- You should have 10+ years of identity management, IDAAS, provisioning, user lifecycle automation, and federation in a fast-paced cloud-first global environment.
- 5+ years’ experience with LDAP-based directory services, such as, Active Directory, FreeIPA, or OpenLDAP, Web-based SSO technology, such as, Auth0, Okta, OneLogin, or KeyCloak, Privileged Access Management technology, and Enterprise Password Management.
- Deep understanding of identity-related protocols, such as, Kerberos, JWT, OAuth, OpenID Connect, SAML, SCIM, WebAuthn.
- Experience on various Identity Manager Drivers like JDBC, Scripting, Delimited Text, LDAP, Loop Back, Active Directory eDir-eDir.
- Strong direct experience with major IaaS and PaaS cloud platforms (e.g., Azure, GCP).
- Strong understanding of PKI, digital certificates, digital signatures, certificate and session management.
- Strong protocol level troubleshooting skills (e.g., LDAP, SAML).
- Experience with Linux, Mac, and Windows operating systems at the client and server level.
- Experience with customer identity management is a plus. Excellence in problem-solving, strategic thinking, and collaboration with cross-functional teams.
- Experience with DevOps and SaaS environments.