IAM Security Engineer (Remote)

Marlborough, MA, United States

Discovery is at the heart of everything we do. Wherever you find us around the world, if you can think of a product, you can probably find it in our stores, which include TJ Maxx, Marshalls, HomeGoods, Sierra, Winners, Homesense, and TK Maxx. With variety comes plenty of happy surprises—our environment is ever-changing, and that’s just how we like it. Every day is an opportunity to discover something new about our business, our partnerships and even something exciting about yourself. Ready to Discover Different? Posting Notes: Marlborough || MA What you’ll discover Inclusive culture and career growth opportunities Global IT Organization which collaborates across U.S., Canada, Europe and Australia, click here to learn more Challenging, collaborative, and team-based environment What you’ll do The IAM Organization enables TJX associates to work flexibly in an evolving IT landscape, driving productivity through modern Authentication & Authorization capabilities and reducing organizational risk through implementation of best-of-breed, world class technologies and configuration best practice. Our nationwide team applies expertise and deep business understanding to ensure confidence for all company associates, investors, and customers. As a member of IAM you’ll directly support teams across the organization to adopt Single Sign-On capabilities and support the need to securely work from anywhere. In partnership with the Cloud Enablement and Engineering team you’ll ensure our cloud identity solutions support TJX’s hybrid cloud target architecture. As an IAM Security Engineer you demonstrate knowledge & significant experience in designing and implementing business functionality in your assigned Platform(s)/Product(s) area. You will implement technology solutions in your assigned area, enforce IT Security Standards and providing guidance to best practices, and reporting on progress to the team’s Scrum Master and Product Manager. Engineers at this level can lead & deliver on assigned Features in their area of support. They understand and champion DevSecOps best practices to ship high-quality code; and continue to expand their knowledge. You will provide critical thinking to enhance cloud directory services, IAM systems and authentication and authorization technologies, and leverage your experience to challenge the status quo of how solutions are delivered at TJX to better align to industry best practices. Your deliverables will improve TJX’s security posture and improve the user experience for over 250,000 global enterprise users. What you’ll need We seek creative, security-minded professionals to provide hands-on talent and social expertise to protect TJX and its assets. You'll work with engineers, business programs, and other security professionals to adapt and improve our security posture in applications, infrastructure, and cloud modernization efforts through well-designed and broadly-applied IAM Controls. Minimum Qualifications 3-5 years of engineering experience in relevant technical domain within a large organization, over 10,000 users; Demonstrated deep expertise with federation protocols, standards, best practices and tools, including but not limited to SAML, OAuth and OpenID Connect, WebAuthn, FIDO; reverse-proxy solutions (Azure App Proxy, Citrix, ZScaler, etc.), and IDaaS platforms such as Azure AD or Okta; Experience implementing Azure Security Policy through Conditional Access, and Multi-Factor Authentication, certifications preferred; Extensive experience working with PowerShell, including Azure Graph, and Python scripts Experience with fully owning feature and providing guidance to product / platform teams and other teams as needed; Responsibility supporting the technical application/service roadmaps including the recommendation and initiation of IT driven projects, design, code, and COTS configuration to meet required business capabilities required. Preferred Qualifications Preferred experience Implementing and Supporting Intune MAM & MDM Policy, Compliance Policy, and Azure PIM Preferred experience enabling Business to Business (B2B) and Business to Consumer (B2C) use cases through a commercial Identity Provider Preferred experience implementing security controls with IDaaS solutions such as Azure AD and Oracle Identity Cloud, Google Cloud Platform (GCP) and experience securing workloads in the Azure cloud through subscription least-privilege design Experience with Azure AD Connect configuration and maintenance in a multi-Forest environment Join us and Discover Different at TJX, click here to learn more. Come Discover Different at TJX. From opportunity and teamwork to growth, we think you’ll find that it’s so much more than a job. When you’re a part of our global TJX family, you have the full support of a diverse, close-knit group of people dedicated to finding great deals and fantastic style. Best of all? They have a lot of fun doing it. We care about our culture, but we also prioritize the tangible stuff (Competitive salaries: check. Solid benefits: check. Plenty of room for advancement: of course). It’s our way of empowering you to make your career here. We consider all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status. We also provide reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law. Posting Notes: Marlborough || MA