Senior Information Security Analyst (Okta/Authentication)

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.
Job Description:
As a senior Information Security Analyst, you will be part of McKesson's Centralized Authentication Services team. You will contribute during phases of design, configuration, deployments, and operations in areas of Identity and Access Management (IAM). This includes Access Management (IAM), Identity Governance (IGA) and other Identity Management solutions. This position is expected to have hands-on experience in a fast-paced environment, working with Business and Internal customers to deliver complex access management solutions. Expectations also include strong debugging and issue triaging skills to mitigate risks, resolve issues and deliver modern access management solutions.
This role will focus on engineering execution with engineering responsibilities to sustain support, governance and oversight for McKesson's authentication infrastructure and patient impacting applications. The individual will also support the engineering, building, and scaling of our authentication infrastructure to deliver authentication services and solutions.
Essential Functions:

• Deliver modern access management integrations flawlessly for B2B, B2C and B2E customers using Okta, Ping, Azure AD.
• Good knowledge and understanding of IAM tools such as Okta and Okta Access Gateway (OAG)
• Good experience in Okta versions, Okta Classic and Okta Identity Engine (OIE).
• Strong experience in configuring and enabling Single-Sign On (SSO) and Multi-factor authentication (MFA) for internal external facing application systems.
• Good experience in adaptive authentication configuration solutions.
• Good experience in impersonation technology solutions such as Strata.IO
• Experience in mitigating java and spring boot framework related vulnerabilities.
• Strong troubleshooting skills and understanding of CI/CD deployment pipelines.
• Lead on large projects for Business Units to provide IAM solutions as needed in a team environment.
• Set roadmaps, develop, and implement plans for IAM across on-premises and cloud environments.
• Define and drive risk reduction practices in a scalable manner, working with all levels on access related items, problem escalation/resolution, people development and more.
• Evaluate and test IAM products and platforms, make recommendations, develop plans, and implementation.
• Continually seek ways to automate repetitive functions to improve quality and efficiency of tasks.
• Document standards, architecture, implementation procedures, and troubleshooting.
• Manage customer expectations. Keep the customer aware of the project status, critical issues, and risks. Obtain stakeholder buy in at appropriate toll gates.
• Act as contact point for vendors during evaluation, implementation, and decommissioning of identity platforms.
• Keeps management well informed of progress, status, and concerns for each assignment.
• Effectively communicate ideas and information to peers, management, and customers
• Responsible for training, mentoring, directing, and validating the work of less experienced/knowledgeable team members.
• Consistently demonstrate regular, dependable attendance, and punctuality
• Perform all duties while working remotely or on-site.
• Lead on large projects for Business Units to provide IAM solutions as needed in a team environment.
• Set roadmaps, develop, and implement plans for IAM across on-premises and cloud environments.
• Define and drive risk reduction practices in a scalable manner, working with all levels on access related items, problem escalation/resolution, people development and more.
• Evaluate and test IAM products and platforms, make recommendations, develop plans, and implementation.
• Continually seek ways to automate repetitive functions to improve quality and efficiency of tasks.
• Document standards, architecture, implementation procedures, and troubleshooting.
• Manage customer expectations. Keep the customer aware of the project status, critical issues, and risks. Obtain stakeholder buy in at appropriate toll gates.
• Act as contact point for vendors during evaluation, implementation, and decommissioning of identity platforms.
• Keeps management well informed of progress, status, and concerns for each assignment.
• Effectively communicate ideas and information to peers, management, and customers
• Responsible for training, mentoring, directing, and validating the work of less experienced/knowledgeable team members.
• Consistently demonstrate regular, dependable attendance, and punctuality
• Perform all duties while working remotely or on-site.

Required Skills

• 5+ years' hands on experience developing/configuring access management solution using Okta or other Access Management products (E.G; Auth0, Azure, ADFS etc.)
• 5+ years of integration experience with SSO leveraging industry protocols such as SAML, OpenID Connect, OAuth and WS-FED
• 5+ years' experience in the field of Identity and Access Management
• 4+ years of strong development experience developing solutions using modern development languages (java, python, JavaScript, .net etc.)
• 3+ years' experience implementing infrastructure services authentication and authorization (AD, Kerberos, LDAP(S) etc.)
• 5+ years' experience with security compliance, governance, audit, and risk management.
• Working knowledge of cloud-based systems, virtualization, container orchestration, and common application architectures.
• Advanced experience integrating and federating different IDM technologies across multiple domains.
• Strong analytical and problem-solving skills, pride in ownership and ability to troubleshoot complex IAM issues.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical stakeholders.
• Strong technical experience in the following technologies: Okta Classic and Okta Identity Engine, ADFS, Azure, IdP, AD, LDAP

Preferred Skills:

• Advanced experience with automating user access and reporting using industry standard platforms and programming languages (PowerShell, Python, Ansible, Terraform, etc.)
• Good understanding of PKI, encryption schemes, and secure credential storage.
• Advanced understanding of Key Management, secret vaulting, and PAM with products such as CyberArk PAM, Hashicorp Vault
• Advanced manipulation of authentication and authorization tokens (SAML assertions, OAuth claims, grants, and scopes, etc.)
• Certifications such as CISSP, CISM, Okta, or Azure are a plus.

Education:

• 4-year degree in Computer Science or related field or equivalent experience

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That's why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves. For more information regarding benefits at McKesson, please click here.
As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.
Our Base Pay Range for this position
$110,000 - $183,300
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability_Accommodation@McKesson.com. Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
Join us at McKesson!