As a senior IAM Engineer, contribute during phases of design, configuration, deployments, and operations in area of Identity and Access Management (IAM). This includes Access Management (IAM), Identity Governance (IGA) and Identity Management solutions. This position is expected to have hands-on experience in a fast-paced environment, working with Business and Internal customers to develop and deploy complex solutions in Saviynt. Expectations also include a deep debugging and issue triaging skills to mitigate risks, resolve issues and deliver modern access management solution.

Position Description:

• Will be responsible for following the standards of McKesson for Identity, MFA, Access Management, and related environments

• Performs hands on development for onboarding new applications to Saviynt and provide operational support for implemented solutions.

• Should be able to support deployment activities to production.

• Should have a clear understanding of ITSM framework and usage of ServiceNow

• Deliver modern access management integrations for B2B, B2C and B2E customers

• Evaluates systems and provides solutions to onboard complex applications to the Saviynt environments.

• Continually seeks ways to automate redundant functions to improve quality and efficiencies of tasks.

• Documents standards, architecture, implementation procedures, and troubleshooting.

• Provide expert advice and assistance relating to all aspects of identity to broader IT, BU, and international teams, while communicating concepts of IAM to a broad range of audiences inside and outside of the team

• Provide technical design documents as needed for integration with IDM, Access Manager, Privileged Access Services etc.

• Collaborate closely with the various global Security, Information Technology, BU, and application teams to insure IAM tools, configurations, and industry best practices are implemented uniformly across the enterprise

• Create and maintain technical documentation such as SOPs, design documents, operational drawings, manuals, etc.

• Stays current on latest technologies and trends

• Participate in On-Call rotation

• Enhances information competence by answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members

• Maintains an understanding of key Business Unit initiatives to provide effective Identity services and solutions

• Provide escalation leadership and support when needed for AD, IAM tools, backend servers and databases, etc.

• Keeps management well informed on a timely basis of progress, status, and concerns for each assignment

• Effectively communicates ideas and information to peers, management, and customers

• Responsible for training, mentoring, directing, and validating the work of less experienced/knowledgeable team members

• Perform additional work as requested

Qualifications:

• 7+ years of relative experience

Minimum Requirements:

• Experience in integrating, developing, or administering Identity & access management security solutions in a large organization

• Hands on experience developing/configuring access management solution using Saviynt.

• Experience with identity federation and SSO via SAML, OIDC, and WS-FED

• Experience in the field of Identity and Access Management

• Experience integrating user account management across industry standard OS platforms

• Strong development experience developing solution using modern development language (preferably Java/J2EE, PowerShell, JavaScript etc.)

• Experience in analysis and design work, with potential ability to develop and communicate architectural concepts, end state vision, and technology roadmaps.

• Advanced knowledge of Active Directory, Azure AD, LDAP, or other directory systems

• Experience with IAM technologies, and integrating with third-party applications

• Knowledge of federation and SSO technologies such as SAML, OpenID Connect, OAuth, ADFS, or Multifactor Authentication

• Experience with Web Services, SCIM, ODBC, and other supported connectors

• Should have knowledge on working with multiple active directory domains

• Experience with security compliance, governance, audit, and risk management.

• Working knowledge of cloud-based systems, virtualization, container orchestration, and common application architectures

• Advanced experience integrating and federating different IDM technologies across multiple domains.

Preferred Skills:

• Advanced development skills to integrate applications to Saviynt using both customized and out of the box connectors

• Advanced experience with automating user provisioning and reporting using industry standard platforms and programming languages (Powershell, Python, Ansible, Terraform, etc.)

• Understanding of PKI, encryption schemes, and secure credential storage.

• Understanding of Key Management, secret vaulting, and PAM with products such as CyberArk PAM, Hashicorp Vault, or Thycotic

• Understanding of authentication and authorization tokens (SAML assertions, Oauth claims, grants, and scopes, etc.)

Additional Skills:

• Technical Experience in the following: Okta Classic and Okta Identity Engine, IdP, AD, LDAP, Saviynt, RSA, Single SignOn, oAuth, SAML, DNS, GCP, Azure, ADManager

• Experience with web services using REST/SOAP

• Strong Project and Time Management skills

• Strong customer service and communication skills

• Strong interpersonal and influencing skills

• Able to exercise professional judgment within defined policies and procedures

• Understanding of one or more control frameworks such as NIST, HIPAA-HITECH, SSAE 16, PCI, HITRUST, ISO 27001, etc. Solid understanding of SOX and other regulations related to Identity and Access Management including GDPR.

• Experience with relational Databases such as MySQL, Oracle, Microsoft SQL Server

• Preferred experience with cloud-based Identity services such as Microsoft Azure AD

• Preferred experience with customer identity solutions

• Preferred experience configuring identity providers such as ADFS

• Solid understanding of current web and web application servers.

• Familiar with healthcare, privacy, or financial compliance regulations and IT and security frameworks and standards

• OSCP, SANS/GIAC, CISSP or similar professional certifications is a plus

• Must show progressive advancement in responsibility including deep troubleshooting technical skills

• Ability to mentor junior staff and be a technical leader

• Proactive, Self-motivated, and goal oriented

Education:

• 4-year degree (in computer science or related field) or equivalent experience

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That's why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, please

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to . Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!