IAM Engineer (Privileged Access)
Company: McKesson
Location: Irving
Posted on: November 28, 2025
|
|
|
Job Description:
Job Description McKesson is an impact-driven, Fortune 10 company
that touches virtually every aspect of healthcare. We are known for
delivering insights, products, and services that make quality care
more accessible and affordable. Here, we focus on the health,
happiness, and well-being of you and those we serve – we care. What
you do at McKesson matters. We foster a culture where you can grow,
make an impact, and are empowered to bring new ideas. Together, we
thrive as we shape the future of health for patients, our
communities, and our people. If you want to be part of tomorrow’s
health today, we want to hear from you. Position Description : The
IAM Engineer will be a specialist in Privileged Access Management
(PAM) / Privileged Access & Secrets Management (PASM) with strong
expertise in CyberArk. The engineer, working with stakeholders,
will play a critical role in onboarding and offboarding privileged
accounts, secrets, and digital certificates to ensure adoption of
the IAM enterprise solutions to meet policies and standards,
especially during M&A integrations and divestitures. While the
primary focus is on PAM/PASM, the role will also involve exposure
to Public Key Infrastructure (PKI) to support enterprise
certificate lifecycle management. Responsibilities : Support
technical efforts to onboard or decommission privileged accounts,
secrets, and credentials for acquired or divested entities.
Coordinate with infrastructure, application, and security teams to
integrate M&A environments into CyberArk and Secrets Management
solutions. Assist in migrating PKI certificates as part of M&A
transitions (training provided for PKI components). Ensure that
PAM/PASM integrations during M&A meet enterprise security
policies, standards, and regulatory requirements. Administer and
configure the CyberArk Privileged Access Suite, including
Enterprise Password Vault (EPV), Privileged Session Manager (PSM),
Secrets Manager Credential Provider / Central Credential Provider
(App2App), Dynamic Access Provider (DAP), and Password Vault Web
Access (PVWA) and DR Vault. Perform account and certificate
discovery, onboarding, and periodic reviews. Support enterprise PKI
onboarding/offboarding under guidance from senior PKI engineers.
Learn to operate certificate lifecycle tools and processes to
support integration and compliance needs. Develop and maintain
automation scripts (PowerShell, PACLI, REST API) for onboarding,
rotation, and reporting. As needed, provide Tier 3 support for
PAM-related incidents and requests and participate in on-call
rotation for PAM-related critical events. Support audit and
compliance reviews by gathering evidence and providing technical
input. Minimum Requirements : Degree or equivalent and typically
requires 4 years of relevant experience. Critical Experience/Skills
: 2 years of hands-on CyberArk engineering experience in enterprise
environments. Strong understanding of PAM concepts, RBAC, least
privilege, and session monitoring. Strong understanding of the
Privileged Access Management (PAM) or Privileged Access & Secrets
Management (PASM) domain (foundational knowledge), tools and
technologies such CyberArk, BeyondTrust, or Thycotic. Scripting
experience (PowerShell, PACLI, REST API). Experience in Windows and
Linux server administration. Familiarity with integrating PAM tools
with Windows, Linux, Unix, AS400, Oracle, or AIX platforms.
Exposure to secrets management, cloud authentication methods, or
DevOps integration. Excellent communication with both technical and
non-technical stakeholders. Ability to work under pressure during
time-sensitive M&A transitions. Strong analytical and
troubleshooting abilities. Proactive mindset for process
improvement and automation. Preferred Experience/Skills : CyberArk
Defender or Sentry certificate (or in progress) Familiarity with
PKI concepts (certificate lifecycle, CAs, CRLs). Understanding of
cloud IAM foundations (Azure AD). Experience in M&A IT
integrations. We are proud to offer a competitive compensation
package at McKesson as part of our Total Rewards. This is
determined by several factors, including performance, experience
and skills, equity, regular job market evaluations, and
geographical markets. The pay range shown below is aligned with
McKesson's pay philosophy, and pay will always be compliant with
any applicable regulations. In addition to base pay, other
compensation, such as an annual bonus or long-term incentive
opportunities may be offered. For more information regarding
benefits at McKesson, please click here. Our Base Pay Range for
this position $97,700 - $162,800 McKesson is an Equal Opportunity
Employer McKesson provides equal employment opportunities to
applicants and employees and is committed to a diverse and
inclusive environment without regard to race, color, religion, sex,
sexual orientation, gender identity, national origin, protected
veteran status, disability, age or genetic information. For
additional information on McKesson’s full Equal Employment
Opportunity policies, visit our Equal Employment Opportunity page.
Join us at McKesson!
Keywords: McKesson, Buffalo , IAM Engineer (Privileged Access), IT / Software / Systems , Irving, New York
