Sr. IAM Engineer - Privileged Access (PAM/PASM)

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

We are seeking a Senior Identity and Access Management Engineer to join our Privileged Access and Secrets Management (PAM/PASM) team. This role requires deep technical expertise and hands-on engineering experience to design, build, and support enterprise-class PAM/PASM solutions.

Key Responsibilities:  

• Design and implement end-to-end privileged access solutions for enterprise identity platforms with a focus on security, scalability, and automation.
• Engineer, deploy, and support the CyberArk Privileged Access Management Suite, including but not limited to:
  • Enterprise Password Vault (OS, DB privileged accounts)
  • Secrets Manager Credential Provider / Central Credential Provider (App2App secrets, encryption keys, Dynamic Access Providers)
  • Privileged Session Manager (Windows and Linux)
  • Password Vault Web Access (PVWA) and Disaster Recovery Vault
• Troubleshoot and resolve complex issues in production environments with minimal supervision.
• Work collaboratively with global teams to perform system and application configuration, integration, upgrades, and lifecycle management.
• Lead and coordinate integration services, product updates, and change management.
• Identify, design, and implement opportunities for process automation to reduce manual engineering effort.
• Drive improvements in operational processes, procedures, and documentation.
• Conduct vendor/product research to recommend solutions aligned with business priorities.
• Monitor and maintain system health, performance, and 24/7 uptime requirements, including participation in on-call support rotations.
• Support privileged access reviews and respond to audit/compliance requests.
• Stay current on IAM security trends, emerging technologies, and best practices.

Basic / Required Skills  

• Equivalent of 7+ years of industry experience (with 3+ years hands-on CyberArk engineering).
• Deep, hands-on CyberArk engineering experience (minimum 3+ years) with proven ability to design, deploy, and support CyberArk components in production.
• In-depth knowledge of Vault architecture, configuration, and recovery processes—ability to troubleshoot and remediate issues independently.
• Expertise with CyberArk Core Vault is mandatory; experience with broader CyberArk suite strongly preferred.

Preferred skills

• Strong experience managing Windows and Linux server infrastructure (virtual and/or physical) at the OS level.
• Solid understanding of Windows Active Directory, Group Policies, and identity security controls.
• Experience working with multiple platforms: Windows, Linux, Unix, AS400, Oracle, AIX.
• Preferably with advanced scripting skills (PowerShell, PACLI, REST API) for automation and integration.
• Proven experience designing and delivering automated solutions for infrastructure deployment, configuration, and maintenance.
• Strong problem-solving and analytical skills, with the ability to resolve complex technical issues under pressure.
• Self-directed, highly organized, and detail-oriented with excellent time management skills.
• Ability to work effectively with teams across time zones, with work hours aligned to US Eastern time zone.

Education  

Degree or equivalent experience

Physical Requirements  

General Office Demands

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.  In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. 

Our Base Pay Range for this position