We are looking for an Identity and Access Management (IAM) Software Engineer to join our Security Operations and Services organization in our Woodlands location.
The IAM group within the Security Operations and Services organization is responsible for the implementation and support of IAM tools and technologies that protect McKesson’s critical IT assets, including customer-facing and workforce applications.
The IAM Software Engineer’s role is responsible for developing, designing, implementing, and supporting technologies such as enterprise directories, access management and single sign-on (SSO), identity lifecycle management and provisioning, as well as user access governance.
This role will assume ownership and responsibility for software development of the IAM platform, which includes commercial open-source and other open source security framework design, development, deployment and maintenance. Expert-level development experience combined with IAM domain experience is required in order to successfully develop software and mentor other developers in complex implementation projects.
Other duties include the following:
- Develop the IAM Technical Architecture and related deployment plans.
- Provide project (expert level) development, advisory and consulting services for various constituents on technical related information security matters.
- Support and maintain the IAM platform and associated IAM services that are consumed by McKesson’s business applications
- Lead and manage other IAM engineers and developers implementing and supporting IAM solutions
-Participate in on-call support for mission critical IAM functions during non-business hours
- Ongoing maintenance and support of developed IAM software stack as well as leading / coordinating other IAM resources.
- taking ownership in resolving complex production issues using the appropriate resources (on shore and offshore) to report, troubleshoot, diagnose and escalate support calls as needed, which will include after-hours on call and weekend support for critical issues
- participate in deployment and configuration activities which may include work off business hours (evenings, weekends).
- work with application technical teams to integrate applications into the IAM infrastructure. - conduct IAM security assessments for enterprise applications.
Qualifications Minimum Requirements 6+ years experience in administering security controls in an organization
- 5+ years hands-on administration, customization, and design experience with ForgeRock IAM Suite (OpenAM, OpenDJ, OpenIDM, OpenIG) as well as other IAM vendor solutions
- 10+ years Java development experience - Experience with Spring security and other open source security frameworks
– Fluency in scripting and interpreted languages (ex: NodeJS, Java and Powershell)
- Experience writing/configuration/testing of software using RESTful and SOAP APIs
- Hands-on administration experience in at least one of the most common UNIX platforms (Linux, Solaris, AIX, HPUX) and Windows Server platforms, proficiency in UNIX shell scripting
- Hands-on administration experience in at least one of the most common Database platforms (MySQL, Oracle, SQL Server)
- Hands-on experience with at least one of the common hardware load balancers (F5 BigIP, Citrix NetScaler, Cisco ACE)
- Strong knowledge of Microsoft Active Directory, Kerberos, LDAP and directory technologies
- Knowledge of Java application servers such as Weblogic, WebSphere and Tomcat
- Java Application Server hands on experience
- How to check Java process, memory consumption, stack trace analysis (ability to determine dead lock), management Java service as an administrator
- Solid understanding and experience with PKI and X.509 certificate management
- Solid understanding of common network protocols (TCP/IP, HTTP, SSH, SSL, LDAP, RMI, JMX)
- Hands-on experience with network analysis tools such as nc (netcat), openssl, curl, wireshark
- Experience with virtualization and private cloud environments
- Experience with Atlassian suite (JIRA,Confluence, Bamboo), Ant, Maven, Jenkins, Ansible, Chef or similar automation tools
- Knowledge of product and development security practices
- Knowledge of system, network, and architecture security best practices
- Strong interpersonal skills to foster good business relationships
- Able to handle complex resolution without escalation and with minimal supervision
- Able to exercise professional judgment within defined policies and procedures
- Familiar with healthcare, privacy, or financial compliance regulations and IT and security frameworks and standards
- Experience with monitoring tools: Zabbix, HP SiteScope, or equivalent Additional Knowledge & Skills
- Experience with a wide set of SaaS products such as: Office 365, Google Apps, Atlassian, SalesForce, Gliffy, LiveOps, Taleo, Concur, Workday, WebEx, GoToMeeting and ZenDesk
- CISSP professional designation is preferred
- Java development certification and Microsoft .NET certification is preferred
4-year degree in computer science or related field or equivalent experience.