Security Engineer II (Identity and Access Management)

Welcome to Ross Stores, Inc., where our differences make us stronger… At Ross and dd’s, inclusion is a way of life. We care about our Associates and the communities we serve and we value their differences. We are committed to building diverse teams and an inclusive culture. We respect and celebrate the diversity of backgrounds, identities, and ideas of those who work and shop with us. Come join us as we continue our diversity, equality and inclusion journey!

The Identity and Access Management (IAM) Engineer II is responsible for envisioning and taking steps to implement security improvements to protect Ross' information and assets. The IAM Engineer leads initiatives that harden Ross's Identity and Access Management security posture and capabilities from concept through delivery, defining and following discreet procedures and protocols to ensure integrity and compliance. The IAM Engineer leads the product area strategy, roadmap, application design and vendor/product due-diligence functions.
The IAM Engineer serves as a liaison to the other Information Security and IT functional groups, influencing outcomes as appropriate. The IAM Engineer operates as the Identity and Access Management Subject Matter Expert (SME), and provides 3rd level production support for application.


• Research, evaluate, and develop Identity Governance and standards following industry best practices.

• Ensure that business strategy, IT enterprise security and implementation are aligned. Provide input to technical designs in enterprise security solutions, specifically around tools and systems that would best support the design.

• Work with the other IT organizations to design, develop, and implement Enterprise Security solutions to support new initiatives.

• Provide technical expertise to solve production issues related to security applications, recommend solutions or process enhancements and root cause Analysis.

• Recommend improvements to company's security posture through technological, administrative, or physical controls. Work with project teams regarding security architecture and technical implementation.

• Ensure that security solutions are acquired, configured and implemented correctly.


• Planning

• Listening

• Communication

• Problem Solving

• Customer Focus

• Drive for Results

• Self-Development

• Time Management


• Strong knowledge of IAM domain like user life cycle, Privilege user management, single-sign-on, federation, MFA etc.

• Good understanding of a variety of user repositories, including databases, LDAP servers, Microsoft Active Directory and Exchange, UNIX, and enterprise services such as HR systems, Application Servers, CRM, etc.

• Deep Knowledge of various Security Access Management tools (Saviynt, CyberArk, OKTA.)

• Expertise in designing and implementing solutions leveraging OAuth, OpenID Connect, SAML, WS Fed, and MFA.

• Experience in implementation/Configuration and deployment -Saviynt, Okta and Management

• Experience in configuration and maintenance of Oracle Identity solutions(OIM, OAM, OAAM, OVD, OUD.

• Experience with the following web technologies: XML, SPML/SOA, REST APIs, SCIM, Web and Application Servers, HTML

• Experience with Directories (LDAP, AD, OVD).

• Cyber Ark configuration and management.

• Application onboarding planning and integration

• Experience with the following programming languages: Java, Bean Shell/JavaScript, JSP/Servlets, SQL

• Strong knowledge of current security space with general understanding of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information on the security landscape.

• At least 7 years of Information Security experience and at least 5 years with a large organization.

• 5 year of experience in Identity and Access Management process, Authentication, Authorization, Web Service Security, Security & Risk, User's Account Provisioning, Web Single Sign-On, MFA and Audit etc

• Bachelor degree preferred or Senior level certification with equivalent demonstrated relevant experience.

• Working experience with security tools

• Able to work independently and creatively problem solve complex technical problems.

• Able to provide leadership, guidance and training to others.

• Able to provide accurate estimates of timeframes and cost estimates necessary to complete potential projects and develop milestones and project implementation plans.

• Excellent organizational and time management skills.

• Ability to work in a group setting and independently.

Job requires ability to work in an office environment, primarily on a computer.
Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.
Consistent timeliness and regular attendance.
Vision requirements: Ability to see information in print and/or electronically.
This role requires regular in-office presence, including to engage in in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work.


This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management's discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company's overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws