As a senior IAM Engineer, contribute during phases of design, configuration, deployments, and operations in area of Identity and Access Management (IAM). This includes Access Management (IAM), Identity Governance (IGA) and Identity Management solutions. This position is expected to have hands-on experience in a fast-paced environment, working with Business and Internal customers to develop and deploy complex solutions in Saviynt. Expectations also include a deep debugging and issue triaging skills to mitigate risks, resolve issues and deliver modern access management solution.
Will be responsible for following the standards of McKesson for Identity, MFA, Access Management, and related environments
Performs hands on development for onboarding new applications to Saviynt and provide operational support for implemented solutions.
Should be able to support deployment activities to production.
Should have a clear understanding of ITSM framework and usage of ServiceNow
Deliver modern access management integrations for B2B, B2C and B2E customers
Evaluates systems and provides solutions to onboard complex applications to the Saviynt environments.
Continually seeks ways to automate redundant functions to improve quality and efficiencies of tasks.
Documents standards, architecture, implementation procedures, and troubleshooting.
Provide expert advice and assistance relating to all aspects of identity to broader IT, BU, and international teams, while communicating concepts of IAM to a broad range of audiences inside and outside of the team
Provide technical design documents as needed for integration with IDM, Access Manager, Privileged Access Services etc.
Collaborate closely with the various global Security, Information Technology, BU, and application teams to insure IAM tools, configurations, and industry best practices are implemented uniformly across the enterprise
Create and maintain technical documentation such as SOPs, design documents, operational drawings, manuals, etc.
Stays current on latest technologies and trends
Participate in On-Call rotation
Enhances information competence by answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
Maintains an understanding of key Business Unit initiatives to provide effective Identity services and solutions
Provide escalation leadership and support when needed for AD, IAM tools, backend servers and databases, etc.
Keeps management well informed on a timely basis of progress, status, and concerns for each assignment
Effectively communicates ideas and information to peers, management, and customers
Responsible for training, mentoring, directing, and validating the work of less experienced/knowledgeable team members
Perform additional work as requested
7+ years of relative experience
Experience in integrating, developing, or administering Identity & access management security solutions in a large organization
Hands on experience developing/configuring access management solution using Saviynt.
Experience with identity federation and SSO via SAML, OIDC, and WS-FED
Experience in the field of Identity and Access Management
Experience integrating user account management across industry standard OS platforms
Experience in analysis and design work, with potential ability to develop and communicate architectural concepts, end state vision, and technology roadmaps.
Advanced knowledge of Active Directory, Azure AD, LDAP, or other directory systems
Experience with IAM technologies, and integrating with third-party applications
Knowledge of federation and SSO technologies such as SAML, OpenID Connect, OAuth, ADFS, or Multifactor Authentication
Experience with Web Services, SCIM, ODBC, and other supported connectors
Should have knowledge on working with multiple active directory domains
Experience with security compliance, governance, audit, and risk management.
Working knowledge of cloud-based systems, virtualization, container orchestration, and common application architectures
Advanced experience integrating and federating different IDM technologies across multiple domains.
Advanced development skills to integrate applications to Saviynt using both customized and out of the box connectors
Advanced experience with automating user provisioning and reporting using industry standard platforms and programming languages (Powershell, Python, Ansible, Terraform, etc.)
Understanding of PKI, encryption schemes, and secure credential storage.
Understanding of Key Management, secret vaulting, and PAM with products such as CyberArk PAM, Hashicorp Vault, or Thycotic
Understanding of authentication and authorization tokens (SAML assertions, Oauth claims, grants, and scopes, etc.)
Technical Experience in the following: Okta Classic and Okta Identity Engine, IdP, AD, LDAP, Saviynt, RSA, Single SignOn, oAuth, SAML, DNS, GCP, Azure, ADManager
Experience with web services using REST/SOAP
Strong Project and Time Management skills
Strong customer service and communication skills
Strong interpersonal and influencing skills
Able to exercise professional judgment within defined policies and procedures
Understanding of one or more control frameworks such as NIST, HIPAA-HITECH, SSAE 16, PCI, HITRUST, ISO 27001, etc. Solid understanding of SOX and other regulations related to Identity and Access Management including GDPR.
Experience with relational Databases such as MySQL, Oracle, Microsoft SQL Server
Preferred experience with cloud-based Identity services such as Microsoft Azure AD
Preferred experience with customer identity solutions
Preferred experience configuring identity providers such as ADFS
Solid understanding of current web and web application servers.
Familiar with healthcare, privacy, or financial compliance regulations and IT and security frameworks and standards
OSCP, SANS/GIAC, CISSP or similar professional certifications is a plus
Must show progressive advancement in responsibility including deep troubleshooting technical skills
Ability to mentor junior staff and be a technical leader
Proactive, Self-motivated, and goal oriented
4-year degree (in computer science or related field) or equivalent experience
At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That's why we have a Total Rewards package that includes comprehensive benefits to supportphysical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, please
As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.Our Base Pay Range for this position$107,600 - $179,300
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to . Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
Join us at McKesson!