Be the reason

Staples is business to business. You’re what binds us together.

Our Staples Digital Solutions team is redefining what it means to be an IT organization. We are passionate, collaborative, and agile professionals who thrive on innovation and creativity. Our team anticipates the needs of customers and business partners, delivering reliable and customer-centric technology services. If you are intellectually curious, excited by advancements in technology, and eager to help drive Staples forward, you’ll find a supportive, inventive environment here.

The Sr. Cyber Security Engineer II – Identity Governance is a pivotal role responsible for designing, implementing, and operating secure identity and access management solutions. With a focus on Active Directory, access governance, and modern authentication controls, you will support enterprise identity services including hybrid AD, SSO, user lifecycle provisioning, RBAC, and conditional access. This role offers the opportunity to integrate internal applications with modern IGA platforms, ensuring secure, automated, and auditable access processes.

What you’ll be doing:

Active Directory & Identity Infrastructure:

• Engineer, maintain, and secure Active Directory components including domains, OUs, group structures, service accounts, and delegated administration models.

• Support hybrid identity patterns integrating on‑premises Active Directory with cloud identity platforms.

• Partner with infrastructure and cloud teams to ensure directory services are resilient, monitored, and aligned to security best practices.

Zero Trust Security & Privileged Identity Awareness:

• Apply Zero Trust security concepts to identity systems, recognizing Active Directory and identity connectors as high‑risk control plane assets.

• Support privileged access separation, administrative role scoping, and least‑privilege enforcement across identity platforms.

• Participate in hardening initiatives to reduce privilege escalation paths and credential exposure within identity services.

Authentication, SSO, and Conditional Access:

• Implement and support SSO and federation integrations using industry‑standard protocols (SAML, OIDC, OAuth).

• Assist in designing and maintaining conditional access policies based on user risk, role, device posture, and authentication context.

• Troubleshoot authentication and authorization issues across directories, identity providers, and integrated applications.

User Lifecycle Provisioning & Entitlement Management:

• Support joiner / mover / leaver lifecycle processes across Active Directory and downstream applications.

• Implement group‑ and role‑based provisioning models aligned to RBAC principles.

• Ensure timely provisioning and deprovisioning of user and service accounts to reduce access risk.

Identity Governance & IGA Platform Integrations:

• Build, configure, and support connectors between internal applications and modern IGA platforms, including: 

  • Active Directory connectors

  • Attribute and group‑based entitlement mappings

  • Application‑specific provisioning integrations

• Collaborate with IAM and application teams to define provisioning requirements and entitlement models.

• Assist with connector testing, monitoring, and operational stability to support access request and certification processes.

Monitoring, Incident Support & Continuous Improvement:

• Participate in identity‑related incident response, troubleshooting access issues, privilege misuse, or provisioning failures.

• Support audits, access reviews, and compliance activities by ensuring identity data is accurate and traceable.

• Contribute to documentation, SOPs, and runbooks for identity services and integrations.

What you bring to the table:

• Strong leadership and team-building abilities, mentoring junior cybersecurity professionals and leading by example.

• Effective communication and negotiation skills; able to articulate complex concepts to non-technical stakeholders.

• Poise under pressure; capable of making high-stakes decisions regarding threat mitigation and incident response

What’s needed- Basic Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field or equivalent work experience.

• 10 or more years of progressively complex experience in cybersecurity.

• Proven experience with cybersecurity frameworks (e.g., NIST, ISO 27001).

• Hands-on experience with security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, and content filtering.

• Knowledge of network protocols and data encryption methods.

What’s needed- Preferred Qualifications:

• Hands-on experience supporting Active Directory in an enterprise environment.

• Practical experience with identity and access management concepts including: user lifecycle provisioning, entitlement management, role-based access control (RBAC).

• Experience building or supporting application integrations with an IGA platform.

• Experience supporting SSO and authentication integrations.

• Working knowledge of conditional access and modern authentication controls.

• Strong troubleshooting skills across identity, access, and authentication workflows.

• Experience operating or supporting identity systems classified as Tier Zero.

• Exposure to hybrid identity architectures (on-premises and cloud).

• Familiarity with access certifications, audits, or identity governance processes.

• Experience collaborating with application, infrastructure, and cloud engineering teams on identity integrations.

• Certifications such as CISSP, CISM, or SANS GIAC.

We Offer:

• Inclusive culture with associate-led Business Resource Groups

• 22 days of PTO and Holiday Schedule (7 observed paid holidays + 1 floating holiday)

• Online and Retail Discounts, Company Match 401(k), Physical and Mental Health Wellness programs, and more!

The salary range represents the expected compensation for this role at the time of posting. The specific base pay may be influenced by a variety of factors to include the candidate's experience, skill set, education, geography, business considerations, and internal equity. In addition to base pay, this role may be eligible for bonuses, or other forms of variable compensation.

#LI-DN1

Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, age, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.