Software Engineer - Identity & Access Management

We are seeking aSoftware Engineer with deep interest and experience in Identity & Access Management (IAM)to help design, build, and secure authentication and authorization capabilities across CoverMyMeds' platforms. This role sits on acore IAM platform teamthat owns end-user identity, federated authentication, and authentication infrastructure for web applications, partnering closely with Security, Product, and other engineering teams., * Design, build, and maintain authentication and authorization solutions usingOIDC, OAuth 2.0, and SAML.

• Integrate applications and APIs with identity platforms such asOkta, Auth0, Ping, or Microsoft Entra ID.
• ImplementSSO, MFA, federated authentication, session management, and secure token handling.
• Contribute to identity services such as login gateways, authorization middleware, claims transformation, and access policy enforcement.
• SupportSMART on FHIR (OAuth 2.0)use cases and unified authentication initiatives.

Security & Standards

• Apply industry-standard security practices includingleast privilege, secure defaults, defense in depth, and secure secret handling.
• Partner with Security onthreat modeling, risk reviews, and secure SDLC practices.
• Implement identity solutions aligned withNIST-based identity and access control principles.

Software Development & Delivery

• Build production-quality systems using one or more ofJavaScript/TypeScript, Ruby, Python, or C#.
• Write clean, testable, maintainable code with strong engineering discipline (CI/CD, code reviews, automated testing).
• Create clear technical documentation for APIs, integrations, and operational support.
• Participate in on-call or operational support for critical identity services as needed.

Ways of Working

• Work within aKanban delivery model, managing flow and continuously improving quality and throughput.
• Collaborate with Product, Security, and stakeholders to define outcomes and manage tradeoffs.
• Bring anenterprise-first mindset, constructively challenging designs and contributing new ideas.

Degree or equivalent and typically requires 4+ years of relevant experience, * 4+ years' experience building and shipping production software as an individual contributor.

• Deep experience (4+ years) withOkta and/or Auth0(policies, apps, federation, claims).
• Hands-on experience (4+ years)implementing or integratingauthentication and authorizationusing OIDC, OAuth 2.0, and/or SAML.
• Strong understanding ofsecure engineering practicesand common identity threats.
• Experience working in at least one of the following:JavaScript/TypeScript, Ruby, Python, C#.
• Ability to collaborate across engineering, product, and security teams and communicate technical decisions clearly., * Experience withSMART on FHIR, SCIM, directory integrations, or identity lifecycle management.
• Familiarity withRBAC/ABAC, claims-based authorization, or policy engines.
• Experience inregulated environmentsand audit support.
• Experience improving reliability of critical auth systems (SLIs/SLOs, graceful degradation).

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

$100,100 - $166,900

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson's (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: careers.mckesson.com.

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.