The Digital Identity Services organization is responsible for the architecture, design, implementation and support of IAM tools and technologies that protect McKesson’s critical IT assets, including customer-facing and workforce applications. The Senior IAM Engineer would architect, design and implement Identity Data Services as well as a focus on identity governance and administration. The candidate should have extensive experience with identity management concepts and tools, implementation, and integration with various data sources and application stacks. Responsibilities will include interacting with client technical and functional staff and preferably have software development skills.
Key areas of responsibility include:
- User Access Review (UAR)
- Architect, design, and support technologies that implement the UAR functions, such as Saviynt, CA compliance manager, and Oracle compliance manager
- Expert understanding of databases and data modeling including SQL
- User Access Governance
- Architect, design, and support the user access entitlement structure and provide feedback to the application team to help align the application with the appropriate recommended technical practices
- Provide consulting on the suite of available IAM solutions supported by the organization
- Provided IAM feedback to the organization to help model recommended practices through the product selection and deployment processes
- Support the overall cyber security program by validation of existing controls related to access review and governance
- Design the tools and configuration related to the implementation of Identity Data Services.
- Expertise with identity management concepts, implementation, and integration with various data sources.
- Interaction with client technical and functional staff, bridging the gap between business and technical disciplines.
- Manage customer support cases: promptly reply to customers, collect customer technical information, perform data analysis and cleanup
- Provide technical consulting to customers via telephone/email/on-line meetings. Be able to explain complex technical concepts, both at high and low levels
- Develop in-depth knowledge of Virtual Directory, Meta Directory and other IAM technologies that interact with them such as directory servers, databases and networking tools
- Document and report issues to vendor solutions support portal; ensure issues resolved
- Provide 3rd level production support to identity management systems developed
- Very proficient running various IAM tools with experience with Windows and Linux O/S
6+ years of experience in administering security controls in an organization
- Experience as a Sr member of an IAM team
- Experience in analysis and design work, with potential ability to develop and communicate architectural concepts, end state vision, and technology roadmaps.
- Experience with one or more of the following systems and tools from design thru implementation:
- LDAP V3 directories: Microsoft Active Directory, OpenDJ, OpenLDAP
- Virtual Directory technologies: Radiant Logic VDS
- IAM Governance products such as Saviynt, Sailpoint, or Oracle Identity Governance
- PingFederate Federated Single Sign on (SSO)
- Experience with IAM technologies, and integrating with third-party applications
- Solid understanding of current web and web application servers.
- Experience with relational Databases such as MySQL, Oracle, Microsoft SQL Server
- Administrative experience in Windows and Linux operating systems
- Understanding of architecture concepts, large system development (particularly web-based .Net and/or Java/J2EE).
- Knowledge of system, network, and architecture security best practices
Additional Knowledge & Skills
- Understanding of information security and risk management challenges, issues mitigations and remediation.
- Familiar with healthcare, privacy, or financial compliance regulations and IT and security frameworks and standards
- Programming experience in SQL, tuning and optimization.
- Scripting experience (i.e. batch, shell)
- Able to exercise professional judgment within defined policies and procedures
- Understanding of one or more control frameworks such as NIST, HIPAA-HITECH, SSAE 16, PCI, HITRUST, ISO 27001, etc.
- Understanding of SOX and other regulations related to Identity and Access Management including GDPR.
- OSCP, SANS/GIAC, CISSP or similar professional certifications is a plus
- Preferred experience with web services using REST/SOAP
- Preferred experience on ETL (extract, transformation, loading) tools
- Preferred experience in application security, e.g. OAuth, multi-factor authentication, and PKI
- Preferred experience with cloud-based Identity services such as Microsoft Azure AD
- Preferred experience with customer identity solutions
- Preferred experience configuring identity providers such as ADFS
- Strong Project and Time Management skills
- Strong customer service and communication skills
- Strong interpersonal and influencing skills
- Must show progressive advancement in responsibility including deep troubleshooting technical skills
- Ability to mentor junior staff and be a technical leader
- Proactive, Self-motivated, and goal oriented
4-year degree in computer science or related field or equivalent experience