Software Engineer – Identity & Access Management

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people.

Software Engineer with deep interest and experience in Identity & Access Management (IAM) to design, build, and secure authentication and authorization capabilities across Cover My Meds ’ platforms. This role sits on the core IAM platform team that owns end‑user identity, federated authentication, and authentication infrastructure for web applications, partnering closely with Security, Product, and other engineering teams.

This is a hands‑on individual contributor role in a product‑oriented, Kanban-driven environment, where impact is achieved through technical depth, secure engineering practices, and collaboration.

• Design, build, and maintain authentication and authorization solutions using OIDC, OAuth 2.0, and SAML.
• Integrate applications and APIs with identity platforms such as Okta, Auth0, Ping, or Microsoft Entra .
• Implement SSO, MFA, federated authentication, session management, and secure token handling.
• Contribute to identity services such as login gateways, authorization middleware, claims transformation, and access policy enforcement.
• Support SMART on FHIR (OAuth 2.0) use cases and unified authentication initiatives.

• Apply industry-standard security practices including least privilege, secure defaults, defense in depth, and secure secret handling.
• Partner with Security on threat modeling, risk reviews, and secure SDLC practices.
• Implement identity solutions aligned with NIST-based identity and access control principles.

• Build production-quality systems using one or more of JavaScript/Type Script, Ruby, Python, or C#.
• Write clean, testable, maintainable code with strong engineering discipline (CI/CD, code reviews, automated testing).
• Create clear technical documentation for APIs, integrations, and operational support.
• Participate in on-call or operational support for critical identity services as needed.

• Work within a Kanban delivery model, managing flow and continuously improving quality and throughput.
• Collaborate with Product, Security, and stakeholders to define outcomes and manage tradeoffs.
• Bring an enterprise-first mindset, constructively challenging designs and contributing new ideas.

Priority will be given to candidates who reside in the Columbus, OH metropolitan area.

We are unable to provide sponsorship for this role now or in the future.

Degree or equivalent and typically requires 4+ years of relevant experience.

Degree not required.

• 4+ years' experience building and shipping production software as an individual contributor.
• Deep experience (4+ years) with Okta and/or Auth0 (policies, apps, federation, claims).
• Hands‑on experience (4+ years) implementing or integrating authentication and authorization using OIDC, OAuth 2.0, and/or SAML.
• Strong understanding of secure engineering practices and common identity threats.
• Experience working in at least one of the following:
  JavaScript/Type Script, Ruby, Python, C#.
• Ability to collaborate across engineering, product, and security teams and communicate technical decisions clearly.

• Experience with SMART on FHIR, SCIM, directory integrations, or identity lifecycle management.
• Familiarity with RBAC/ABAC, claims-based authorization, or policy engines.
• Experience in regulated environments and audit support.
• Experience improving reliability of critical auth systems (SLIs/SLOs, graceful degradation).

Our Base Pay Range for this position: $100,100 - $166,900. Additional compensation such as an annual bonus or long‑term incentive opportunities may be offered. For more information regarding benefits, please visit our website.

McKesson provides equal employment opportunities to applicants and employees, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, genetic information, or any other legally protected category. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page. McKesson welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

If you require accommodation please contact us by sending an email to Disabili

We look forward to your application.