The IAM/M365 Domain Architect is a hands-on technical leadership role. The IAM architect will be focused on the implementation of Microsoft Entra and M365 services and the migration of existing solutions to the platform. More broadly this role will involve defining enterprise-wide IAM strategies, guiding the organization's adoption of modern best practices across cloud and on-premises technologies, and driving innovation to support the business's strategic objectives. This role is located in Springfield, MO and will require on-site work on a regular basis. Responsibilities and Duties: Define and own IAM architecture for the enterprise ecosystem, emphasizing Microsoft identity solutions and vendor-neutral standards-based approaches. Design, guide, and assist implementation of Microsoft cloud services emphasizing M365 and Entra ID features. Partner with consultants and internal teams as the technical leader on the migration of identities, authorization data, and authentication mechanisms from various legacy and cloud solutions to Entra ID. Design and implement hybrid and multi-cloud identity solutions specifically Entra Mutli-tenant Organization and other B2B solutions ensuring compatibility and integration across regionally specific Entra tenants. Define and map data integration strategies for employee and authorization data. Integrate regulatory controls into enterprise identity and access solutions and processes. Define overall enterprise identity protection strategies. Map identity protection strategies into effective plans and technical implementations using both Microsoft and vendor-neutral approaches. Design and enable identity-driven provisioning and deprovisioning across downstream systems using SCIM, JIT, event-based triggers, etc. Define and design customized identity workflows like mover/joiner/leaver, access request, certifications, etc. primarily utilizing native Entra and Azure features. Design and support the adoption of service principal and managed identity use patterns for non-human workloads. Drive the standardization of OIDC, OAuth2 flows and the use of common shared authn and authz packages within the overall software product development practices within the organization. Create accessible detail-oriented architectural artifacts including but not limited to roadmaps, conceptual diagrams, sequence diagrams, requirement and decision logs, etc. Participate in the organization's larger architecture practice as a compatibility and integration point for identity, access, and authorization. Provide hands-on technical mentorship and implementation guidance for a team of identity engineers and developers. Skills: Required: Experience with enterprise scale identity migrations Familiarity with Okta, Active Directory, and open LDAP Deep knowledge of modern authentication protocols including but not limited to OIDC/OAuth2, SAML, WSFED, etc. Familiarity with modern authorization, session, and token handling patterns including but not limited to claims-based authorization, back-channel logout, token introspection, token refinement, etc. Expert-level knowledge of Entra ID specifically including but not limited to the features listed below: Core Identity and Directory Services Core Services (user/group/device) Federated Identities Custom attributes and schema extensions Dynamic Groups Directory role strategies for enterprise delegation Authentication and Access Control SSO Conditional Access Passwordless Authentication B2B Identity Protection and Risk User Risk Detection Sign-in Risk Detection Using Risk with Conditional Access Risk Remediation Policies Supporting SIEM/SOAR integration Logs and Forensics Identity Governance and Administration Access Reviews Access Request Workflows Time-Bound Access Identity and Access Lifecycle (Mover/Joiner/Leaver) Augmentation with Logic Apps and other automation technologies. Application Access and SSO OIDC, OAuth2, SAML Enterprise Applications Application Registrations API permissions and consent Application Proxy Token Configuration and Claims Refinement Provisioning and Lifecycle Guest Users Cross Tenant access External IDs Preferred: Retail Industry Experience with a strong understanding of store operations, merchandising, and omnichannel commerce. Auto Parts Industry Knowledge, including familiarity with aftermarket supply chains, inventory management, and distribution networks. Familiarity with Master Data Management (MDM) principles, architectures, and implementations. Experience with international, multi-lingual product catalog solutions and localization strategies. Experience with retail POS solutions and Commerce CMS platforms. Experience with Warehouse Automation & Material Handling Solutions Education: Master's Degree or Equivalent Level Experience: Substantial work experience with comprehensive job-related experience to a fully competent level in applicable area of expertise. (6 to 10 years) Managerial Experience: Experience supervising and directing team members and utilizing resources to achieve specific end results within limited timeframes (1 to 3 years) O’Reilly Auto Parts has a proven track record of growth and stability. O’Reilly is full of successful career stories and believes in a strong promote-from-within philosophy, encouraging you to grow your career along with the organization. Total Compensation Package: Competitive Wages & Paid Time Off Stock Purchase Plan & 401k with Employer Contributions Starting Day One Medical, Dental, & Vision Insurance with Optional Flexible Spending Account (FSA) Team Member Health/Wellbeing Programs Tuition Educational Assistance Programs Opportunities for Career Growth O’Reilly Auto Parts is an equal opportunity employer. The Company does not discriminate on the basis of race, religion, color, national origin or ancestry (including immigration status or citizenship), sex, sexual orientation, gender identity, pregnancy (including childbirth, lactation, and related medical conditions,) age (40 and over), veteran status, uniformed service member status, physical or mental disability, genetic information (including testing or characteristics) or another protected status as defined by local, state, or federal law, as applicable. Qualified individuals with a disability may be entitled to reasonable accommodation under the Americans with Disabilities Act. If you require a reasonable accommodation during the application or employment process, please send an email to: rar@oreillyauto.com or call (800) 471-7431 option , and provide your requested accommodation, and position details. Your first job at O’Reilly Auto Parts is just the beginning! From a comprehensive benefits and compensation package to a rewarding and positive work environment, your leaders will support you and foster your development so you can grow with the company. Our promote-from-within philosophy means our top leaders worked their way up – and you can, too. Learn more about our culture, benefits, and history at oreillyauto.com/careers.