Sr. IGA Engineer - SailPoint

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Job Description:

As a Senior IAM Engineer, contribute during phases of design, configuration, deployments, and operations in area of Identity and Access Management (IAM). This includes Access Management (IAM), Identity Governance (IGA) and Identity Management solutions. This position is expected to have hands-on experience in a fast-paced environment, working with Business and Internal customers to develop and deploy complex solutions in Saviynt. Expectations also include a deep debugging and issue triaging skills to mitigate risks, automation, resolve issues and deliver of modern access management solution.

Position Description:

• Will be responsible for following the standards of McKesson for Identity, Access Management, and related environments.

• Performs hands on development for onboarding new applications to Sailpoint and provide operational support for implemented solutions.

• Ownership of custom developed applications

• Deliver modern access management integrations for B2B, B2C and B2E customers.

• Provide expert advice and assistance relating to all aspects of identity to broader IT, BU, and international teams, while communicating concepts of IAM to a broad range of audiences inside and outside of the team

• Develop technical design documents as needed for integration with IGA platform and other IAM services.

• Collaborate closely with the various global Security teams, Information Technology teams, BU stakeholders, and application teams to insure IAM tools, configurations, and industry best practices are implemented uniformly across the enterprise.

• Create and maintain technical documentation such as SOPs, design documents, operational drawings, manuals, etc.

• Maintains an understanding of key Business Unit initiatives to provide effective Identity services, solutions, and guidance.

Qualifications:

• 7+ years of relative experience

• 4-year degree (in computer science or related field) or equivalent experience

Minimum Requirements:

• Hands on experience developing/configuring access management solution using Sailpoint.

• Experience in integrating, developing, or administering Identity & Access Management (IAM) security solutions in a large organization

• Experience integrating user account management across industry standard OS platforms

• Strong development experience developing solution using modern development language (preferably Java/J2EE, PowerShell, JavaScript etc.)

• Experience in analysis and design work, with potential ability to develop and communicate architectural concepts, end state vision, and technology roadmaps.

• Advanced knowledge of Active Directory, Azure AD, LDAP, or other directory systems

• Knowledge of federation and SSO technologies such as SAML, OpenID Connect, OAuth, ADFS, or Multifactor Authentication

• Experience with Web Services, SCIM, ODBC, and other supported connectors

• Experience with:

• Flask 3.0.3

• Werkzeug 3.0.4

• Jinja2 3.1.4

• Python

• PyJWT

• Pymssql

• Azure-Keyvault

Preferred Skills:

• Advanced experience with automating user provisioning and reporting using industry standard platforms and programming languages (PowerShell, Python, Ansible, Terraform, etc.).

• Advanced experience/knowledge of IAM principals and best practices.

• Understanding of authentication and authorization tokens (SAML assertions, OAuth claims, grants, and scopes, etc.)

• Technical Experience in the following: Okta Classic and Okta Identity Engine, IdP, AD, LDAP, Saviynt, RSA, Single Sign-On, OAuth, SAML, DNS, GCP, and Azure.                                              

• Understanding of one or more control frameworks such as NIST, HIPAA-HITECH, SSAE 16, PCI, HITRUST, ISO 27001, etc.  Solid understanding of SOX, SOC, and other regulations related to Identity and Access Management including GDPR.

• Experience with relational Databases such as MySQL, Oracle, Microsoft SQL Server

• Familiar with healthcare, privacy, or financial compliance regulations and IT and security frameworks and standards.

• OSCP, SANS/GIAC, CISSP or similar professional certifications is a plus.

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.  In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. 

Our Base Pay Range for this position

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson’s (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: careers.mckesson.com.