Distinguished Engineer, Identity and Access Management (IAM)

At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

We are seeking a highly experienced and technically skilled Distinguished Engineer specializing in Identity and Access Management (IAM) to drive our organization’s IAM strategy, design, and implementation. This role will require a deep understanding of IAM systems, including authentication, authorization, privilege access management, session management, and the overall access management landscape. The successful candidate will be responsible for architecting, designing, and delivering innovative IAM solutions that meet the needs of the business, ensuring robust security and scalability while providing a seamless user experience. The Distinguished Engineer will play a critical role in shaping our IAM roadmap and helping to reduce the risk of unauthorized access while optimizing the IAM experience for end-users. This is an excellent opportunity for an experienced and passionate IAM professional to drive impactful change and build cutting-edge solutions in an ever-evolving security landscape. The candidate must be able to effectively multitask in a dynamic environment.

Key Responsibilities:

• IAM Strategy: Partner with IAM Engineering to define and drive the long-term IAM strategy, ensuring alignment with organizational goals and security standards.

• Architecture & Design: Architect and design scalable, secure, and user-friendly IAM solutions that address access challenges, enable business operations, and reduce risk.

• Authentication & Authorization: Oversee and guide the development and implementation of strong authentication and authorization protocols, such as SSO (Single Sign-On), MFA (Multi-Factor Authentication), OAuth, SAML, and OpenID Connect.

• Privilege Access Management (PAM): Design and implement PAM strategies and solutions to manage, monitor, and audit privileged accounts.

• Session & Password Management: Develop and maintain session management policies and password management strategies to mitigate risks and improve user experience.

• IAM Best Practices: Establish and promote industry best practices for IAM, ensuring that the organization is compliant with relevant regulations and standards such as NIST, PCI, SOX, and others.

• Active Directory (AD) Design: Oversee Active Directory architecture, guide strategy to consolidate domains, fortify the AD environment, and provide technical guidance for engineering and operational teams.

• Identity Stores & Provider Platforms: Design and integrate identity stores, directory services, and identity provider platforms (e.g., PING, Azure AD, etc.).

• Entitlement Management: AD Security group structure, cloud entitlement structure and management for AWS, GCP, and Azure.

• Cross-functional Collaboration: Work closely with security teams, infrastructure, application teams, and business units to ensure IAM solutions meet business needs while maintaining security and compliance.

• Risk Management & Incident Response: Identify and mitigate security risks related to access management, ensuring rapid response and resolution of IAM-related incidents.

• Continuous Improvement: Stay updated on industry trends, emerging IAM technologies, and security threats to continuously improve and evolve IAM strategy and solutions.

• Design Review: Conduct comprehensive risk assessments to identify vulnerabilities and threats to access management designs and solutions, identify gaps in design approaches and provide effective remediation solutions.

Required Work Experience

• Minimum of 15+ years of experience in Identity and Access Management, with at least 5 years in a leadership or distinguished technical role.

• Proven experience in designing, architecting, and implementing IAM solutions for complex, large-scale environments.

• Experience designing and operating corporate and customer facing identity and access management platforms.

• Extensive experience with IAM protocols such as SAML, OAuth, OpenID Connect, LDAP, and SCIM.

• Deep understanding of authentication and authorization mechanisms, including MFA, SSO, PAM, and session management.

• Hands-on experience with IAM platforms and technologies such as Active Directory, Azure AD, Okta, ForgeRock, Ping Identity, etc.

• Strong background in security frameworks and compliance requirements (e.g., NIST, ISO 27001, SOC 2, GDPR, HIPAA).

• Demonstrated experience in leading cross-functional teams, managing IAM projects, and driving strategic initiatives.

Preferred Work Experience

• Experience working in cloud-native environments (e.g., AWS, Azure, Google Cloud) and integrating IAM solutions with cloud services.

• Experience with identity governance and administration (IGA) platforms and solutions.

• Experience with designing and implementing federated identity solutions.

Professional Certifications:

• Certified Information Systems Security Professional (CISSP) – preferred.

• Certified Identity and Access Manager (CIAM) – preferred.

• Certified Information Security Manager (CISM) – preferred.

• Certified Cloud Security Professional (CCSP) – preferred.

Educational Credentials:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; Master’s degree preferred.

• Ongoing education in cybersecurity, identity management, or related domains is a plus.

Skills and Attributes:

• In-depth technical expertise in IAM concepts and technologies.

• Strong communication skills, with the ability to articulate complex IAM concepts to both technical and non-technical stakeholders.

• Proven ability to collaborate and influence across the organization to deliver targeted business and security outcomes.

• Excellent problem-solving skills, with a focus on innovative and secure solutions to meet business needs.

• Leadership capabilities, with experience in mentoring teams and leading initiatives.

• Strong understanding of the user experience and balancing security with usability in IAM solutions.

Pay Range

The typical pay range for this role is:

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.

• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.