Yes, definitely possible. I'm using the package VPN Policy Routing for this.
Set up a default policy for ExpressVPN to route all your network traffic through the VPN tunnel. Set up another policy to capture your DDNS update requests and SSH traffic, and route them through your WAN interface. That way you can approach your WAN IP by your DDNS hostname, and open up SSH and all other services you want to access remotely.
Should be pretty straight forward to set up. Note that the order of the policies matters: if a ruleset matches, all policies below will be skipped. You also need to set up port forwarding from WAN > LAN.