OneMain Financial Jobs

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Position Summary

As an Staff Security Engineer – Active Directory on our team, you will serve as a technical authority responsible for the design, security, and long‑term health of a large enterprise, multi‑domain Active Directory environment in a hybrid on‑prem and Azure cloud configuration. This role is primarily focused on Microsoft Entra ID, with Active Directory serving as a foundational dependency within a hybrid identity architecture rather than the center of gravity.

You will lead cloud identity security initiatives, drive Entra ID architecture and governance decisions, and act as a senior escalation point for identity‑related incidents and risks. In addition to hands‑on engineering, you will partner closely with Cybersecurity, IAM, Infrastructure, and Audit teams to ensure Entra ID and hybrid identity services are resilient, compliant, and aligned with Zero Trust with enterprise security objectives.

Key Duties and Responsibilities

• Architect, secure, and oversee enterprise multi‑domain Active Directory environments in hybrid configurations with Azure, including Azure AD Connect and identity synchronization strategies

• Provide senior‑level administration and security engineering for Azure Active Directory (Microsoft Entra ID), including identity protection, authentication methods, and access governance

• Design, implement, and continuously improve Entra ID Conditional Access, privileged access models, and identity security controls

• Lead analysis and response efforts for complex identity‑related security incidents, including root cause analysis and long‑term remediation

• Oversee and harden hybrid identity integrations, including Entra ID Connect / Cloud Sync, ensuring secure synchronization and minimal on‑prem dependency exposure

• Monitor, investigate, and respond to cloud‑based identity threats and anomalous authentication activity using Entra ID logs, risk detections, and SIEM tooling

• Lead root cause analysis and long‑term remediation for identity‑related security incidents spanning Entra ID, SaaS applications, and hybrid authentication flows

• Establish and enforce Entra ID security standards, including tenant configuration, role management, identity lifecycle controls, and service principal governance

• Proactively identify architectural weaknesses and attack paths within cloud and hybrid identity and drive modernization and risk‑reduction initiatives

• Lead and support internal and external audits (SOX, PCI, HIPAA, etc.) related to identity, access management, and authentication controls

• Partner with Cybersecurity, IAM, Application, and Platform teams to ensure secure Entra ID integration with enterprise SaaS, Azure, and on-prem applications

• Develop and maintain enterprise documentation, architecture standards, and operational runbooks for Entra ID and hybrid identity services

• Evaluate new Microsoft Entra capabilities and identity security features, making informed recommendations for adoption

Required Qualifications

• 7+ years of experience engineering enterprise identity solutions, with increasing focus on cloud‑based identity platforms

• 7+ years of advanced experience administering and securing Microsoft Entra ID (Azure AD) in large enterprise environments

• 7+ years of experience administering and securing Azure and Azure Active Directory

• 5+ years of experience using PowerShell and automation to manage, audit, and secure identity platforms

• 5+ years of experience in security hardening, vulnerability remediation, and identity‑related risk reduction

Preferred Qualifications

• Expert level understanding of cloud identity and access management concepts: Tiered administrative models, Privileged access management and credential protection, Group Policy design and hardening, and Secure authentication and authorization architectures

• Experience leading identity‑related security investigations and incident response

• Strong experience with monitoring and security tools such as Splunk and Microsoft Systems Center Operations Manager (SCOM)

• Experience with vulnerability and attack‑path analysis tools such as Microsoft Assessment tools, CrowdStrike, BloodHound, or similar

• Proven experience designing and remediating controls for SOX, PCI, HIPAA, or similar regulatory frameworks

• Ability to translate business and security requirements into scalable, secure technical solutions

• Strong leadership, collaboration, and communication skills, including the ability to influence technical direction

Education

Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience).

Pay Range

The typical pay range for this role is:

$106,605.00 - $284,280.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments (https://learn.bswift.com/cvshealth-mainland) .

We anticipate the application window for this opening will close on: 05/04/2026

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

CVS Health is an equal opportunity/affirmative action employer, including Disability/Protected Veteran — committed to diversity in the workplace.