MTA - Lead IAM Engineer

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Job Description:

The Lead Information Security Analyst will provide subject matter expertise and lead the analysis, design, and implementation for hybrid on-prem and cloud Active Directory environments and Azure Active Directory/Entra ID tenants. This role includes leading the engagement and collaboration with business and technical partners to integrate systems and applications with centralized authentication such as Active Directory or Azure Active Directory/Entra ID.

Responsibilities:

• Provide subject matter expertise and lead the analysis, design, and implementation for hybrid on-prem and cloud Active Directory environments and Azure Active Directory/Entra ID tenants.
• Lead the engagement and collaboration with business and technical partners to integrate systems and applications with centralized authentication such as Active Directory or Azure Active Directory/Entra ID.
• Provide subject matter knowledge and expertise on Active Directory, Azure Active Directory/Entra ID, and Okta Active Directory synchronization.
• Lead new product comparison, vetting, and selection process to ensure technology is relevant and meets business requirements.
• Lead Active Directory and Entra ID disaster recovery drills.
• Continually enhance authentication platforms, ensuring systems are protected from new and evolving Cyber threats and systems are operationally stable.
• Collaborate closely with global cross-functional teams to ensure the stability, scalability, and security of the Active Directory and Azure Active Directory/Entra ID environments and Okta. Lead discussions on all aspects of identity and access management.
• Lead response and resolution of complex, high-severity incidents.
• Lead regular reviews of deployed infrastructure, develop detailed architecture, and create and update new technical documentation and Standard Operating Procedures (SOP).
• Analyze the current authentication services platforms to identify both technical and operational opportunities for enhancements and develop continuous improvement action plans.
• -Lead regular assessment of systems and process hygiene and identify and implement automation.
• Actively seek to research innovations in IT security as well as IAM technologies and services, striving to ensure McKesson continues to deliver best practices and standards.
• Provide on-call support as needed for operational continuity of Identity platforms.

Minimum Requirements:

• Proven experience as a Lead Active Directory/Entra ID Engineer or similar role with a minimum of 10 years of experience.
• Proven ability to effectively prioritize and execute tasks with competing priorities; strong influencing skills to work with various service owners.
• Demonstrated experience effectively leading and managing collaborative, service management solutions across disparate functional teams.

Critical Skills:

• Expert-level understanding of Active Directory, Azure Active Directory/Entra ID, Lightweight Directory Access Protocol, Active Directory Federation Services, and other centralized identity stores.
• Expert-level understanding of Microsoft Azure and familiarity with IAM permissions on Management Groups, subscriptions, and resources.
• Provide expert knowledge of Azure Active Directory/Entra ID capabilities such as Conditional Access Policies, Privileged Identity Manager, and Application Registrations.
• Expert-level understanding of Active Directory attributes, LDAP Queries, PowerShell Scripting, Active Directory Federation Services (ADFS), Group Policy Object (GPO) analysis, configuration, and item-level targeting, active directory replication, Active Directory backup and restore, as well as certificate installation.
• Expert-level understanding of implementing security on Active Directory and Entra ID and hardening those platforms.
• Expert-level understanding of Active Directory and Entra ID backup and restore processes and experience of performing Disaster Recovery exercises.
• Expert-level understanding of Windows Server operating systems and Active Directory/Azure Active Directory/Entra ID services.
• Expert-level understanding of PowerShell scripting with proven experience implementing automation, including experience utilizing APIs such as Microsoft Graph.
• Expert-level understanding of Single-Sign On and authentication protocols such as SAML & OIDC.
• Expert knowledge of security best practices for Active Directory and Azure Active Directory/Entra ID.
• Expert knowledge with directory synchronization tools, such as Azure Active Directory/Entra ID Connect and Okta Active Directory integration.
• Excellent problem-solving skills and ability to work well under pressure.
• High-energy, detail-oriented, proactive, and able to handle multiple high-priority demands while driving consistent results.
• Self-Starter that requires minimal supervision, multi-tasks effectively, and can provide oversight and coaching to others for any assigned projects or tasks.
• Strong communication and collaboration skills to work effectively with cross-functional teams.

Additional Skills:

• Actively seeks to research innovations in IT security as well as IAM technologies and services, striving to ensure McKesson continues to deliver best practices and standards.
• Provide on-call support as needed for operational continuity of Identity platforms.

Education:

Degree or equivalent and typically requires 10+ years of relevant experience. Less years required if has relevant Master’s or Doctorate qualifications

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please  click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!